Here I am with the first timeline of March covering the main cyber events of the first fortnight of this month, plus some event occurred in the previous month, which were published later.
State-sponsored actors are the real protagonist of this timeline, which also features other interesting operations carried out by APT40 (targeting various organizations with links to the maritime sector), MUDCARP (targeting various organizations with links to Woods Hole Oceanographic Institute – WHOI), and the Winnti Group (yet unneeded example of a successful supply-chain attack against two popular games and a gaming platform developed by Asian companies).
Threat Actors who were also ready to immediately exploit newly discovered vulnerabilities like Chrome CVE-2019-5786 , and Windows CVE-2019-0797 (in this latter case two well-known actors like FruityArmor and SandCat).
Password-spray attacks play also an important role in this timeline. The most important is the one that hit Citrix, allegedly carried out by Iranian actors, but also another massive campaign targeting Microsoft Office 365 and G Suite accounts was unearthed.
And while the list of the victims of Magecart attacks continue to grow (Topps and Fila UK for instance), I strongly encourage you to browse the whole timeline, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
27/02/2019
?
Zillow
Zillow is sued for $60 million after a hacker manages to gain access to a property’s Zillow listing page, and updated its information.
Account Hijacking
L Real estate activities
CC
US
Zillow
2
2
27/02/2019
?
Topps
Sports trading card and collectible company Topps issues a data breach notification stating that it was affected by a Magecart attack, which possibly exposed the payment and address information of its customers.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Topps
3
3
27/02/2019
?
Pasquotank-Camden Emergency Medical Service
Pasquotank-Camden Emergency Medical Service notifies 40,000 individuals after an unauthorized intrusion from outside the U.S. occurred in late December 2018.
Unknown
Q Human health and social work activities
CC
US
Pasquotank-Camden Emergency Medical Service
4
4
01/03/2019
?
Chrome Users
Google confirms that the reported 0-day Chrome RCE vulnerability CVE-2019-5786 is actively being exploited in the wild by threat actors.
CVE-2019-5786 Vulnerability
X Individual
CC
>1
Google, Chrome, CVE-2019-5786
5
5
01/03/2019
?
Bon Secours St. Francis Health System
Patients of a Bon Secours St. Francis Health System medical practice are being that their personal information may be at risk after a data breach at the practice.
Unknown
Q Human health and social work activities
CC
US
Bon Secours St. Francis Health System
6
6
02/03/2019
?
Multiple Targets in Israel
Hundreds of popular Israeli sites, in name of #OpJerusalem, are hit by the JCry ransomware. However a mistake in the attacker's code causes the page to show a defacement rather than causing the ransomware to be distributed.
Malware
Y Multiple Industries
H
IL
Jcry, #OpJerusalem, ransomware, Nagich
7
7
03/03/2019
?
BambooHR
BambooHR discloses a breach involving tax payroll.
Unknown
N Administrative and support service activities
CC
US
BambooHR
8
8
03/03/2019
?
Vulnerable Cisco RV110, RV130, and RV215 routers
Two days after Cisco patches a severe vulnerability in its RV SOHO routers, and one day after the publication of proof-of-concept code, attackers start scans and attacks aimed to take over unpatched devices.
CVE-2019-1663 Vulnerability
Y Multiple Industries
CC
>1
CVE-2019-1663, Cisco, RV110, RV130, and RV215
9
9
03/03/2019
?
Chinese rail control system
Researchers at Sixgill‘s threat intelligence team discover an “experienced threat actor” selling access to the admin panel of a Chinese rail control system on the Dark Web.
Unknown
H Transportation and storage
CC
CN
Sixgill
10
10
04/03/2019
APT40
High-profile organizations in engineering, transportation and defence
Researchers from FireEye uncover a campaign targeting high-profile organizations in engineering, transportation and defence, with links to the maritime sector. The campaign is carried out by a Chinese state-sponsored actor dubbed APT40.
hey buddy, you’re doin a good job. keep up the good work on these timelines :3