1-15 March 2019 Cyber Attacks Timeline

Here I am with the first timeline of March covering the main cyber events of the first fortnight of this month, plus some event occurred in the previous month, which were published later.

State-sponsored actors are the real protagonist of this timeline, which also features other interesting operations carried out by APT40 (targeting various organizations with links to the maritime sector), MUDCARP (targeting various organizations with links to Woods Hole Oceanographic Institute – WHOI), and the Winnti Group (yet unneeded example of a successful supply-chain attack against two popular games and a gaming platform developed by Asian companies).

Threat Actors who were also ready to immediately exploit newly discovered vulnerabilities like Chrome CVE-2019-5786 , and Windows CVE-2019-0797 (in this latter case two well-known actors like FruityArmor and SandCat).

Password-spray attacks play also an important role in this timeline. The most important is the one that hit Citrix, allegedly carried out by Iranian actors, but also another massive campaign targeting Microsoft Office 365 and G Suite accounts was unearthed.

And while the list of the victims of Magecart attacks continue to grow (Topps and Fila UK for instance), I strongly encourage you to browse the whole timeline, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 27/02/2019 ? Zillow Zillow is sued for $60 million after a hacker manages to gain access to a property’s Zillow listing page, and updated its information. Account Hijacking L Real estate activities CC US Zillow
2 2 27/02/2019 ? Topps Sports trading card and collectible company Topps issues a data breach notification stating that it was affected by a Magecart attack, which possibly exposed the payment and address information of its customers. Malicious Script Injection G Wholesale and retail trade CC US Topps
3 3 27/02/2019 ? Pasquotank-Camden Emergency Medical Service Pasquotank-Camden Emergency Medical Service notifies 40,000 individuals after an unauthorized intrusion from outside the U.S. occurred in late December 2018. Unknown Q Human health and social work activities CC US Pasquotank-Camden Emergency Medical Service
4 4 01/03/2019 ? Chrome Users Google confirms that the reported 0-day Chrome RCE vulnerability CVE-2019-5786 is actively being exploited in the wild by threat actors. CVE-2019-5786 Vulnerability X Individual CC >1 Google, Chrome, CVE-2019-5786
5 5 01/03/2019 ? Bon Secours St. Francis Health System Patients of a Bon Secours St. Francis Health System medical practice are being that their personal information may be at risk after a data breach at the practice. Unknown Q Human health and social work activities CC US Bon Secours St. Francis Health System
6 6 02/03/2019 ? Multiple Targets in Israel Hundreds of popular Israeli sites, in name of #OpJerusalem, are hit by the JCry ransomware. However a mistake in the attacker's code causes the page to show a defacement rather than causing the ransomware to be distributed. Malware Y Multiple Industries H IL Jcry, #OpJerusalem, ransomware, Nagich
7 7 03/03/2019 ? BambooHR BambooHR discloses a breach involving tax payroll. Unknown N Administrative and support service activities CC US BambooHR
8 8 03/03/2019 ? Vulnerable Cisco RV110, RV130, and RV215 routers Two days after Cisco patches a severe vulnerability in its RV SOHO routers, and one day after the publication of proof-of-concept code, attackers start scans and attacks aimed to take over unpatched devices. CVE-2019-1663 Vulnerability Y Multiple Industries CC >1 CVE-2019-1663, Cisco, RV110, RV130, and RV215
9 9 03/03/2019 ? Chinese rail control system Researchers at Sixgill‘s threat intelligence team discover an “experienced threat actor” selling access to the admin panel of a Chinese rail control system on the Dark Web. Unknown H Transportation and storage CC CN Sixgill
10 10 04/03/2019 APT40 High-profile organizations in engineering, transportation and defence Researchers from FireEye uncover a campaign targeting high-profile organizations in engineering, transportation and defence, with links to the maritime sector. The campaign is carried out by a Chinese state-sponsored actor dubbed APT40. Targeted Attack H Transportation and storage CE >1 FireEye, APT40
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

One thought on “1-15 March 2019 Cyber Attacks Timeline

  • April 11, 2019 at 4:21 pm
    Permalink

    hey buddy, you’re doin a good job. keep up the good work on these timelines :3

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: