Here I am with the first timeline of March covering the main cyber events of the first fortnight of this month, plus some event occurred in the previous month, which were published later.
State-sponsored actors are the real protagonist of this timeline, which also features other interesting operations carried out by APT40 (targeting various organizations with links to the maritime sector), MUDCARP (targeting various organizations with links to Woods Hole Oceanographic Institute – WHOI), and the Winnti Group (yet unneeded example of a successful supply-chain attack against two popular games and a gaming platform developed by Asian companies).
Threat Actors who were also ready to immediately exploit newly discovered vulnerabilities like Chrome CVE-2019-5786 , and Windows CVE-2019-0797 (in this latter case two well-known actors like FruityArmor and SandCat).
Password-spray attacks play also an important role in this timeline. The most important is the one that hit Citrix, allegedly carried out by Iranian actors, but also another massive campaign targeting Microsoft Office 365 and G Suite accounts was unearthed.
And while the list of the victims of Magecart attacks continue to grow (Topps and Fila UK for instance), I strongly encourage you to browse the whole timeline, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.
|wdt_ID||ID||Date||Author||Target||Description||Attack||Target Class||Attack Class||Country||Link||Tags|
|ID||Date||Author||Target||Description||Attack||Target Class||Attack Class||Country||Link||Tags|