16-28 February 2019 Cyber Attacks Timeline

It’s time to publish the second timeline of February (first one here). Despite this month had only 28 business days, the number of recorded events continues to grow: I have collected 70 events (plus 4 that slipped from the previous period).

So Gnosticplayers is on a roll and he published a third dump containing an additional trove of 92 million accounts. I don’t know why but my sixth sense is telling me that it won’t stop here.

I was also surprised that no cryptocurrency had been targeted so far, and here we go… EOS suffered a $7.7 million worth loss after one of the maintainers of the blacklist failed to update it.

Ransomware also continues to be pretty devastating: Wolverine Solutions Group (WSG) discovered a ransomware infection on September 25 last year (and disclosed it only today) with more than 700 companies and 1.2 million patients are affected.

Advanced actors are still quite active: APT28, Lazarus Group, APT-C-36, Windshift and Bronze Union, are just some examples that you will find in this timeline.

And while Italy remains the last frontier of hacktivism I encourage you to read the entire timeline and share it, to raise awareness and spread the verb of security throughout the community. And obviously don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 10/02/2019 Anonymous Five domains belonging to the Italian Region of Veneto and Trentino In name of Operation Green Rights (#OpGreenRights) the Italian branch of the Anonymous releases a dump of data stolen from several domains belonging to the Italian regions of Veneto and Trentino. SQLi O Public administration and defence, compulsory social security H IT Anonymous, Veneto, #OpGreenRights, Trentino
2 2 12/02/2019 ? LandMark White Up to 100,000 customers have personal information including property valuations, phone numbers and dates of birth leaked as part of the data breach at LandMark White. Unknown L Real estate activities CC AU LandMark White
3 3 13/02/2019 ? British Army's "influence and outreach" Twitter account (@77th_Brigade). An attacker takes control of the British Army's "influence and outreach" Twitter account (@77th_Brigade). Account Hijacking O Public administration and defence, compulsory social security CC UK British Army, @77th_Brigade, Twitter
4 4 13/02/2019 Scarlet Widow Single Individuals Researchers from Agari reveal the details of a criminal group from Nigeria dubbed "Scarlet Widow" targeting their victims with romance scams. Romance Scams X Individual CC >1 Agari, Scarlet Widow, Nigeria
5 5 16/02/2019 ? Multiple Targets Researchers from Avast reveal the details of Rietspoof, a new malware family, spread via Skype spam, which uses a multi-stage delivery system, designed to drop multiple payloads on the systems it infects. Malware X Individual CC >1 Avast, Rietspoof
6 6 16/02/2019 Anonymous 7 agricultural corporations/organizations across Italy In name of Operation Green Rights (#OpGreenRights), the Italian Anonymous release a joint leak from 7 agricultural corporations/organizations across Italy. SQLi Y Multiple Industries H IT Anonymous, #OpGreenRights
7 7 16/02/2019 Team I Crew More than 200 Pakistani websites, including the Ministry of Foreign Affairs Just days after the attack on CRPF convoy in Pulwama, more than 200 Pakistani websites, including the Ministry of Foreign Affairs, are reportedly defaced by an Indian hacker group - 'Team I Crew', as a sign of protest. Defacement O Public administration and defence, compulsory social security CW PK CRPF, Pulwama, Ministry of Foreign Affairs, Team I Crew, India, Pakistan
8 8 17/02/2019 Gnosticplayers Multiple Targets Gnosticplayers releases and puts on sale a new trove of 92 million stolen accounts. Victims include: Pizap, Jobandtalent, Gfycat, Storybird, Legendas.tv, Onebip, Classpass, Streeteasy. Unknown Y Multiple Industries CC >1 Gnosticplayers, Pizap, Jobandtalent, Gfycat, Storybird, Legendas.tv, Onebip, Classpass, Streeteasy
9 9 18/02/2019 Blind Eagle, AKA APT-C-36 Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc. Researchers from 360 Enterprise Security Group reveal the details of Blind Eagle, AKA APT-C-36 a threat actor allegedly coming from South America active against Colombian government institutions and other sectors via the Imminent RAT. Targeted Attack O Public administration and defence, compulsory social security CE CO 360 Enterprise Security Group, Blind Eagle, APT-C-36, Imminent
10 10 18/02/2019 ? Users of the popular Torrent uploader CracksNow The Popular Torrent uploader CracksNow is caught distributing GandCrab ransomware. Malware X Individual CC >1 Torrent, CracksNow, GandCrab, ransomware
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: