Last Updated on August 7, 2019

I haven’t updated the blog for a while, and now it’s finally time to catch up. Let’s start with the second timeline of June (first one here) covering the main cyber attacks occurred between June 16 and June 30 (plus a couple of exceptions).

Without any doubts, ransomware is back and the list of its victims (and the ones that decide to pay) grows every fortnight: Riviera Beach and Key Biscaine are the latest examples.

Even the Cyber Espionage front is particularly hot (and not only for the Summer): APT10 continues to be on a roll: the real extent of Operation Soft Cell (a massive campaign against at least ten telco providers) and Operation Cloud Hopper has been revealed and it’s really huge. But also entire governments are involved since it turned out that apparently some Western Intelligence Agencies attacked Yandex with a Regin variant. Additionally Iran claimed to have exposed a cyber espionage network allegedly run by the CIA.

Iran that was also allegedly hit by a cyber-attack against its weapons that apparently disables the computer systems controlling rocket and missile launchers.

The amount of events is constantly high in the latest months, so it’s really impossible to summarize everything in a few lines. Grab a cup of coffee (or whatever you want) and browse the timeline. Also feel free to share it and spread the verb of security awareness throughout the community.

Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 14/06/2019 ? Olean Medical Group Olean Medical Group is hit by a ransomware attack. Malware Q Human health and social work activities CC US Olean Medical Group, ransomware
2 2 14/06/2019 ? Seneca Nation Health System Seneca Nation Health System is hit by a ransomware attack. Malware Q Human health and social work activities CC US Seneca Nation Health System
3 3 17/06/2019 USA Iran Iran says it had exposed a large cyber espionage network allegedly run by the U.S. Central Intelligence Agency (CIA). Unknown O Public administration and defence, compulsory social security CE IR USA, Iran, CIA
4 4 17/06/2019 ? A. Duie Pyle Pennsylvania trucking firm A. Duie Pyle reports to have been hit with a ransomware attack. Malware H Transportation and storage CC US A. Duie Pyle, ransomware
5 5 17/06/2019 ? Australian Catholic University (ACU) Australian Catholic University (ACU) reveals that a data breach occurred on its systems as a result of a phishing attack discovered on May 22. Account Hijacking P Education CC AU Australian Catholic University, ACU
6 6 18/06/2019 ? NASA's Jet Propulsion Laboratory (JPL) A report from NASA reveals an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. Unauthorized Raspberry Pi O Public administration and defence, compulsory social security CC US NASA, Raspberry Pi, Jet Propulsion Laboratory, JPL
7 7 18/06/2019 ? Some Middle Eastern Countries Researchers from Trend Micro discover 'Bouncing Golf', a cyberespionage campaign targeting Android users in Middle Eastern countries. Targeted Attack Y Multiple Industries CE >1 Trend Micro, Bouncing Golf
8 8 18/06/2019 ? Turkish Cryptocurrency Users Researcher Lukas Stefanko discover some malicious apps that can steal one-time passwords (OTP) from the notification system in disguise of two fake BtcTurk apps. Malware X Individual CC TR Lukas Stefanko, Android, OTP, BtcTurk
9 9 18/06/2019 ? EatStreet Online food ordering service EatStreet discloses a security incident between May 3 and May 17, which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners. Unknown I Accommodation and food service activities CC US EatStreet
10 10 18/06/2019 ? Multiple Targets Researchers from Kaspersky discover Plurox, a new modular backdoor malware capable of mining cryptocurrencies and spreading to other machines on the local network with the help of SMB and UPnP plugins. Malware Y Multiple Industries CC >1 Kaspersky, Plurox, SMB, UPnP
11 11 18/06/2019 ? Single Individuals The US CERT warns about a new phishing scam appearing to be from the Department of Homeland Security (DHS), and luring users into downloading malware through a malicious attachment. Malware X Individual CC US US CERT, Department of Homeland Security, DHS
12 12 18/06/2019 ? Tenx Systems Tenx Systems reveals to have been hit by a ransomware attack discovered on April 9. Malware M Professional scientific and technical activities CC US Tenx Systems, ransomware
13 13 18/06/2019 ? Chrome Users Google removes YouTube Queue, a Chrome extension that secretly hijacks search engine queries and redirecting users to ad-infested search results. It had been installed by nearly 7,000 users. Malicious Browser Extension X Individual CC >1 Google, YouTube Queue, Chrome
14 14 19/06/2019 ? Three Undisclosed MSPs Three undisclosed large MSPs are hacked via respectively the Webroot Management console, the Kaseya VSA console, and the ConnectWise console to distribute the Sodinokibi ransomware. Account Hijacking M Professional scientific and technical activities CC US Webroot, Sodinokibi, ransomware
15 15 19/06/2019 ? SIngle Individuals Researchers from Doctor Web discover a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers. Malware X Individual CC RU Doctor Web, JavaScript
16 16 19/06/2019 ? Multiple Targets Researchers from Sucuri discover a cryptomining dropper malware able to gain persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed. Malware Y Multiple Industries CC >1 Sucuri, Linux, Crypto
17 17 19/06/2019 ? Coinbase and other cryptocurrency firms The employees of Coinbase and other cryptocurrency firms are the target of an attack utilizing a recent Firefox zero-day (CVE-2019-11707). Targeted Attack V Fintech CC >1 Coinbase, Firefox, CVE-2019-11707
18 18 19/06/2019 ? Vulnerable Oracle WebLogic Servers Oracle releases an out-of-band fix for CVE-2019-2729, a critical vulnerability in a number of versions of Oracle WebLogic Server, currently exploited in the wild. CVE-2019-2729 Vulnerability Y Multiple Industries CC >1 Oracle, CVE-2019-2729, WebLogic
19 19 19/06/2019 ? Geraldton Catholic School Geraldton Catholic School confirms it was the victim of a cyber attack, saying bank account and credit card information may have been stolen, including signatures scanned when parents paid school fees. Unknown P Education CC AU Geraldton Catholic School
20 20 20/06/2019 USA Iran computer systems controlling rocket and missile launchers The US launch a cyber-attack on Iranian weapons systems. The cyber-attack disables computer systems controlling rocket and missile launchers. Unknown O Public administration and defence, compulsory social security CW IR USA, Iran
21 21 20/06/2019 Turla Several targets Researchers from Symantec reveal three new campaigns carried out by the Turla Cyber Espionage Group. In one of these campaigns the Turla group hijacked the infrastructure of OilRig to compromise a target both actors were interested in. Targeted Attack Y Multiple Industries CE >1 Symantec, Turla, OilRig, APT34
22 22 20/06/2019 ? Single Individuals A new Booking.com-themed spam campaign is discovered, distributing the Sodinokibi ransomware. Malware X Individual CC >1 Booking.com, Sodinokibi, ransomware
23 23 20/06/2019 ? Winrar.it Winrar.it, the italian distributor of the famous compression software, is hacked to distribute the Sodinokibi ransomware. Malware X Individual CC IT winrar.it, Sodinokibi, ransomware
24 24 20/06/2019 ? Riviera Beach Riviera Beach agrees to pay $600,000 in ransom to hackers who took over its computer system in a ransomware attack. Malware O Public administration and defence, compulsory social security CC US Riviera Beach, ransomware
25 25 20/06/2019 ? SocialEngineered.net SocialEngineered.net, a forum dedicated to social engineering announces to have been breached and data from tens of thousands of members leaked online. MyBB vulnerability J Information and communication CC US SocialEngineered.net, MyBB
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.