16-30 April 2019 Cyber Attacks Timeline

The second timeline of April is finally here (first one at this link), confirming the sustained level of activity that we have seen in the last months. In this fortnight I have collected 73 events.

Undoubtedly, ransomware, in its new targeted shape, is the attack vector that is characterizing this period. The list of the victim is quite long and includes Aebi Schmidt, A2 Hosting, Cleveland Hopkins International Airport, Verint, The Weather Channel, and many more.

New organizations have joined the list of the victims of mega breaches, such as Bodybuilding.com, potentially impacting several million users, and new e-commerce sites, including the online shops of the Atlanta Hawks, and Puma Australia, have joined the list of the Magecart victims.

Similarly the Cyber Espionage landscape is always crowded, one of the most well known actors, the infamous Iran-linked OilRig APT has been exposed, and this has allowed security researchers to understand that the group has been able to steal 13,000 passwords from 98,000 organizations worldwide.

Other unearthed operations include Sea Turtle (targeting organizations in the Middle East and North Africa), new campaigns against Ukraine, a comeback of the DNSpionage gang (with a possible link to OilRig), and much more…

Another long timeline, and another opportunity to spend some time to browse it, share it, and spread the verb of security awareness throughout the community (and do not forget to follow @paulsparrows on Twitter for the latest updates

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 12/04/2019 ? Flashpoint A 0-day vulnerability in the Yuzo WordPress plugin causes the Flashpoint website to briefly redirect the users to an external website with a pop-up leading to malware. O-day Wordpress Vulnerability M Professional scientific and technical activities CC US Flashpoint, Yuzo
2 2 16/04/2019 ? iOS users from the U.S. and multiple European Union Researchers from Confiant discover eGobbler, a massive malvertising campaign targeting iOS users from the U.S. and multiple European Union. Roughly 500 million users sessions were exposed. Malvertising X Individual CC >1 Confiant, eGobbler, iOS
3 3 16/04/2019 ? Multiple Ukrainian military departments Researchers from FireEye reveal that multiple Ukrainian military departments were targeted by a spear phishing campaign which attempted to drop a RATVERMIN backdoor as part of a second-stage payload delivered with the help of a Powershell script. Targeted Attack O Public administration and defence, compulsory social security CE UA FireEye, RATVERMIN, Powershell
4 4 16/04/2019 ? Single Individuals Researchers from ESET reveal the details of Scranos, a rootkit-enabled operation spyware operation. Malware X Individual CC >1 Scranos, ESET
5 5 16/04/2019 ? Remotely Accessible Samba Servers A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims, running locally on a victim's computer, and remotely encrypt accessible Samba servers. Malware Y Multiple Industries CC >1 NamPoHyu, MegaLocker, Samba, Ransomware
6 6 16/04/2019 ? Users of the popular Electrum Bitcoin wallet Researchers from Malwarebytes reveal that since at least late December 2018, users of the popular Electrum Bitcoin wallet have fallen victim to phishing attacks, estimated to net crooks over 771 Bitcoins, approximately $4 million at current exchange rate. Account Hijacking V Fintech CC >1 Bitcoin, Electrum, Malwarebytes, Crypto
7 7 16/04/2019 ? Single Individuals Researchers from ZeroFOX discover multiple campaigns exploiting the tragic fire of Notre Dame for fake donation pages and new phishing campaigns. Account Hijacking X Individual CC >1 ZeroFOX, Notre Dame
8 8 16/04/2019 ? Centrelake Medical Group Centrelake Medical Group notifies almost 198,000 patients after a virus investigation reveals earlier intrusion and suspicious activity. Malware Q Human health and social work activities CC US Centrelake Medical Group
9 9 17/04/2019 ? Organizations in the Middle East and North Africa (ministries, military organizations, intelligence agencies, energy companies). Researchers from Cisco Talos reveal the details of Sea Turtle, a state-sponsored attack manipulating DNS systems, targeting primarily national security organizations in the Middle East and North Africa. DNS Hijacking O Public administration and defence, compulsory social security CE >1 Cisco Talos, Sea Turtle
10 10 17/04/2019 ? Verint The Israel offices of US cyber-security firm Verint are hit by ransomware. Malware M Professional scientific and technical activities CC IL Verint, Ransomware
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

One thought on “16-30 April 2019 Cyber Attacks Timeline

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: