Last Updated on August 7, 2019

I haven’t updated the blog for a while, and now it’s finally time to catch up. Let’s start with the second timeline of June (first one here) covering the main cyber attacks occurred between June 16 and June 30 (plus a couple of exceptions).

Without any doubts, ransomware is back and the list of its victims (and the ones that decide to pay) grows every fortnight: Riviera Beach and Key Biscaine are the latest examples.

Even the Cyber Espionage front is particularly hot (and not only for the Summer): APT10 continues to be on a roll: the real extent of Operation Soft Cell (a massive campaign against at least ten telco providers) and Operation Cloud Hopper has been revealed and it’s really huge. But also entire governments are involved since it turned out that apparently some Western Intelligence Agencies attacked Yandex with a Regin variant. Additionally Iran claimed to have exposed a cyber espionage network allegedly run by the CIA.

Iran that was also allegedly hit by a cyber-attack against its weapons that apparently disables the computer systems controlling rocket and missile launchers.

The amount of events is constantly high in the latest months, so it’s really impossible to summarize everything in a few lines. Grab a cup of coffee (or whatever you want) and browse the timeline. Also feel free to share it and spread the verb of security awareness throughout the community.

Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1114/06/2019?Olean Medical GroupOlean Medical Group is hit by a ransomware attack.MalwareQ Human health and social work activitiesCCUSOlean Medical Group, ransomware
2214/06/2019?Seneca Nation Health SystemSeneca Nation Health System is hit by a ransomware attack.MalwareQ Human health and social work activitiesCCUSSeneca Nation Health System
3317/06/2019USAIranIran says it had exposed a large cyber espionage network allegedly run by the U.S. Central Intelligence Agency (CIA).UnknownO Public administration and defence, compulsory social securityCEIRUSA, Iran, CIA
4417/06/2019?A. Duie PylePennsylvania trucking firm A. Duie Pyle reports to have been hit with a ransomware attack.MalwareH Transportation and storageCCUSA. Duie Pyle, ransomware
5517/06/2019?Australian Catholic University (ACU)Australian Catholic University (ACU) reveals that a data breach occurred on its systems as a result of a phishing attack discovered on May 22.Account HijackingP EducationCCAUAustralian Catholic University, ACU
6618/06/2019?NASA's Jet Propulsion Laboratory (JPL)A report from NASA reveals an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers.Unauthorized Raspberry PiO Public administration and defence, compulsory social securityCCUSNASA, Raspberry Pi, Jet Propulsion Laboratory, JPL
7718/06/2019?Some Middle Eastern CountriesResearchers from Trend Micro discover 'Bouncing Golf', a cyberespionage campaign targeting Android users in Middle Eastern countries.Targeted AttackY Multiple IndustriesCE>1Trend Micro, Bouncing Golf
8818/06/2019?Turkish Cryptocurrency UsersResearcher Lukas Stefanko discover some malicious apps that can steal one-time passwords (OTP) from the notification system in disguise of two fake BtcTurk apps.MalwareX IndividualCCTRLukas Stefanko, Android, OTP, BtcTurk
9918/06/2019?EatStreetOnline food ordering service EatStreet discloses a security incident between May 3 and May 17, which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners.UnknownI Accommodation and food service activitiesCCUSEatStreet
101018/06/2019?Multiple TargetsResearchers from Kaspersky discover Plurox, a new modular backdoor malware capable of mining cryptocurrencies and spreading to other machines on the local network with the help of SMB and UPnP plugins.MalwareY Multiple IndustriesCC>1Kaspersky, Plurox, SMB, UPnP
111118/06/2019?Single IndividualsThe US CERT warns about a new phishing scam appearing to be from the Department of Homeland Security (DHS), and luring users into downloading malware through a malicious attachment.MalwareX IndividualCCUSUS CERT, Department of Homeland Security, DHS
121218/06/2019?Tenx SystemsTenx Systems reveals to have been hit by a ransomware attack discovered on April 9.MalwareM Professional scientific and technical activitiesCCUSTenx Systems, ransomware
131318/06/2019?Chrome UsersGoogle removes YouTube Queue, a Chrome extension that secretly hijacks search engine queries and redirecting users to ad-infested search results. It had been installed by nearly 7,000 users.Malicious Browser ExtensionX IndividualCC>1Google, YouTube Queue, Chrome
141419/06/2019?Three Undisclosed MSPsThree undisclosed large MSPs are hacked via respectively the Webroot Management console, the Kaseya VSA console, and the ConnectWise console to distribute the Sodinokibi ransomware.Account HijackingM Professional scientific and technical activitiesCCUSWebroot, Sodinokibi, ransomware
151519/06/2019?SIngle IndividualsResearchers from Doctor Web discover a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers.MalwareX IndividualCCRUDoctor Web, JavaScript
161619/06/2019?Multiple TargetsResearchers from Sucuri discover a cryptomining dropper malware able to gain persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed.MalwareY Multiple IndustriesCC>1Sucuri, Linux, Crypto
171719/06/2019?Coinbase and other cryptocurrency firmsThe employees of Coinbase and other cryptocurrency firms are the target of an attack utilizing a recent Firefox zero-day (CVE-2019-11707).Targeted AttackV FintechCC>1Coinbase, Firefox, CVE-2019-11707
181819/06/2019?Vulnerable Oracle WebLogic ServersOracle releases an out-of-band fix for CVE-2019-2729, a critical vulnerability in a number of versions of Oracle WebLogic Server, currently exploited in the wild.CVE-2019-2729 VulnerabilityY Multiple IndustriesCC>1Oracle, CVE-2019-2729, WebLogic
191919/06/2019?Geraldton Catholic SchoolGeraldton Catholic School confirms it was the victim of a cyber attack, saying bank account and credit card information may have been stolen, including signatures scanned when parents paid school fees.UnknownP EducationCCAUGeraldton Catholic School
202020/06/2019USAIran computer systems controlling rocket and missile launchersThe US launch a cyber-attack on Iranian weapons systems. The cyber-attack disables computer systems controlling rocket and missile launchers.UnknownO Public administration and defence, compulsory social securityCWIRUSA, Iran
212120/06/2019TurlaSeveral targetsResearchers from Symantec reveal three new campaigns carried out by the Turla Cyber Espionage Group. In one of these campaigns the Turla group hijacked the infrastructure of OilRig to compromise a target both actors were interested in.Targeted AttackY Multiple IndustriesCE>1Symantec, Turla, OilRig, APT34
222220/06/2019?Single IndividualsA new Booking.com-themed spam campaign is discovered, distributing the Sodinokibi ransomware.MalwareX IndividualCC>1Booking.com, Sodinokibi, ransomware
232320/06/2019?Winrar.itWinrar.it, the italian distributor of the famous compression software, is hacked to distribute the Sodinokibi ransomware.MalwareX IndividualCCITwinrar.it, Sodinokibi, ransomware
242420/06/2019?Riviera BeachRiviera Beach agrees to pay $600,000 in ransom to hackers who took over its computer system in a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCUSRiviera Beach, ransomware
252520/06/2019?SocialEngineered.netSocialEngineered.net, a forum dedicated to social engineering announces to have been breached and data from tens of thousands of members leaked online.MyBB vulnerabilityJ Information and communicationCCUSSocialEngineered.net, MyBB
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.