Last Updated on April 9, 2019

Here I am with the first timeline of March covering the main cyber events of the first fortnight of this month, plus some event occurred in the previous month, which were published later.

State-sponsored actors are the real protagonist of this timeline, which also features other interesting operations carried out by APT40 (targeting various organizations with links to the maritime sector), MUDCARP (targeting various organizations with links to Woods Hole Oceanographic Institute – WHOI), and the Winnti Group (yet unneeded example of a successful supply-chain attack against two popular games and a gaming platform developed by Asian companies).

Threat Actors who were also ready to immediately exploit newly discovered vulnerabilities like Chrome CVE-2019-5786 , and Windows CVE-2019-0797 (in this latter case two well-known actors like FruityArmor and SandCat).

Password-spray attacks play also an important role in this timeline. The most important is the one that hit Citrix, allegedly carried out by Iranian actors, but also another massive campaign targeting Microsoft Office 365 and G Suite accounts was unearthed.

And while the list of the victims of Magecart attacks continue to grow (Topps and Fila UK for instance), I strongly encourage you to browse the whole timeline, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1127/02/2019?ZillowZillow is sued for $60 million after a hacker manages to gain access to a property’s Zillow listing page, and updated its information.Account HijackingL Real estate activitiesCCUSZillow
2227/02/2019?ToppsSports trading card and collectible company Topps issues a data breach notification stating that it was affected by a Magecart attack, which possibly exposed the payment and address information of its customers.Malicious Script InjectionG Wholesale and retail tradeCCUSTopps
3327/02/2019?Pasquotank-Camden Emergency Medical ServicePasquotank-Camden Emergency Medical Service notifies 40,000 individuals after an unauthorized intrusion from outside the U.S. occurred in late December 2018.UnknownQ Human health and social work activitiesCCUSPasquotank-Camden Emergency Medical Service
4401/03/2019?Chrome UsersGoogle confirms that the reported 0-day Chrome RCE vulnerability CVE-2019-5786 is actively being exploited in the wild by threat actors.CVE-2019-5786 VulnerabilityX IndividualCC>1Google, Chrome, CVE-2019-5786
5501/03/2019?Bon Secours St. Francis Health SystemPatients of a Bon Secours St. Francis Health System medical practice are being that their personal information may be at risk after a data breach at the practice.UnknownQ Human health and social work activitiesCCUSBon Secours St. Francis Health System
6602/03/2019?Multiple Targets in IsraelHundreds of popular Israeli sites, in name of #OpJerusalem, are hit by the JCry ransomware. However a mistake in the attacker's code causes the page to show a defacement rather than causing the ransomware to be distributed.MalwareY Multiple IndustriesHILJcry, #OpJerusalem, ransomware, Nagich
7703/03/2019?BambooHRBambooHR discloses a breach involving tax payroll.UnknownN Administrative and support service activitiesCCUSBambooHR
8803/03/2019?Vulnerable Cisco RV110, RV130, and RV215 routersTwo days after Cisco patches a severe vulnerability in its RV SOHO routers, and one day after the publication of proof-of-concept code, attackers start scans and attacks aimed to take over unpatched devices.CVE-2019-1663 VulnerabilityY Multiple IndustriesCC>1CVE-2019-1663, Cisco, RV110, RV130, and RV215
9903/03/2019?Chinese rail control systemResearchers at Sixgill‘s threat intelligence team discover an “experienced threat actor” selling access to the admin panel of a Chinese rail control system on the Dark Web.UnknownH Transportation and storageCCCNSixgill
101004/03/2019APT40High-profile organizations in engineering, transportation and defenceResearchers from FireEye uncover a campaign targeting high-profile organizations in engineering, transportation and defence, with links to the maritime sector. The campaign is carried out by a Chinese state-sponsored actor dubbed APT40.Targeted AttackH Transportation and storageCE>1FireEye, APT40
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

This Post Has One Comment

  1. Samantha Paige

    hey buddy, you’re doin a good job. keep up the good work on these timelines :3

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.