16-31 January 2019 Cyber Attacks Timeline

It’s time to publish the second timeline of January (first one here), covering the main cyber attacks occurred in the second half of this month, plus several additional events that, despite occurred before, were published in the same period.

I really don’t know where to start from: this timeline contains 79+2 events: this 2019 could not start any worse, even because January will be probably remembered as the month of the collections: the five archives of nearly 3 billion credentials scraped from multiple breaches. Not exactly the kind of collections we would like to keep.

Cryptojacking and ransomware continue to characterize the cybercrime landscape: Rocke, Razy, and CookieMiner, are just a few examples of campaigns aimed to install crypotminers, whereas GandCrab continues to be very active in the ransomware space, but there are also new kids on the block such as Anatova and LockerGoga.

Looking at Cyber Espionage, this fortnight has seen the appearance of APT39, an original campaign by Dark Hydrus, using Google Drive as the Command Control Channel, and an interesting operation in the Middle East called Project Raven.

However this timeline is particularly long: there are many other high-profile targets and incidents, Feel free to browse and share it and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 09/01/2018 ? Salisbury Police Department The Salisbury Police Department is hit by a ransomware attack. Malware O Public administration and defence, compulsory social security CC US Salisbury Police Department, Crypto
2 2 14/01/2019 ? Faben Obstetrics and Gynecology Faben Obstetrics and Gynecology notifies more than 6,000 patients after a GandCrab ransomware attack occurred in November 2018. Malware Q Human health and social work activities CC US Faben Obstetrics and Gynecology, ransomware
3 3 16/01/2019 Silence Russian Financial Institutions Attackers from the threat group Silence start a massive campaign (80 thousands emails) on behalf of "Forum iFin-2019", distributing the Silence.Downloader aka TrueBot. Malware K Financial and insurance activities CC RU Silence, Forum iFin-2019, Silence.Downloader, TrueBot
4 4 16/01/2019 Nigerian Scammers Swiss woman living in the United States A Swiss woman living in the United States loses almost $150,000 after a law firm (KF Solicitors) is victim of online Nigerian scammers. Account Hijacking L Real estate activities CC AU KF Solicitors, Nigeria
5 5 17/01/2019 Sanixer Single Individuals Researcher Troy Hunt discovers Collection #1, a giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords. Unknown X Individual CC >1 Troy Hunt, Collection #1, Sanixer
6 6 17/01/2019 ? Adverline Researchers from Trend Micro reveal that Adverline, a French online advertising company, is compromised via MageCart, and consequently the infection is spread in 277 websites worldwide. Malicious Script Injection M Professional scientific and technical activities CC FR Adverline, MageCart, Trend Micro
7 7 17/01/2019 ? Android Users Researchers from Trend Micro discover two malicious apps downloaded thousands of times from the Google Play Store, based on the Anubis code (ANDROIDOS_ANUBISDROPPER) and characterized by the fact of using motion-based evasion tactics. Malware X Individual CC >1 Trend Micro, Google Play Store, Anubis, ANDROIDOS_ANUBISDROPPER, Android
8 8 17/01/2019 ? Android Users Researcher Lukas Stefanko discovers 19 malicious Android apps with over 50 million installs, pretending to be GPS apps, but instead showing adware. Malware X Individual CC >1 Lukas Stefanko, Android
9 9 17/01/2019 Rocke Group Vulnerable Linux Servers Researchers from Palo Alto Networks' Unit 42 reveal a new version of the cryptojacking malware samples used by the Rocke group for cryptojacking, able to disable cloud security and monitoring tools developed by Tencent Cloud and Alibaba Cloud. Malware Y Multiple Industries CC >1 Palo Alto Networks, Unit 42, Rocke, Tencent Cloud, Alibaba Cloud, Linux, Crypto
10 10 17/01/2019 ? Financial targets in Ivory Coast, Cameroon, Congo (DR), Ghana, and Equatorial Guinea. Researchers from Symantec reveal four campaigns active since 2017, using commodity malware (NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT) against financial targets in Ivory Coast, Cameroon, Congo, Ghana, and Equatorial Guinea. Malware K Financial and insurance activities CC >1 Symantec, NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT, Ivory Coast, Cameroon, Congo (DR), Ghana, Equatorial Guinea
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: