I haven’t updated the blog for a while, and now it’s finally time to catch up. Let’s start with the second timeline of June (first one here) covering the main cyber attacks occurred between June 16 and June 30 (plus a couple of exceptions).
Without any doubts, ransomware is back and the list of its victims (and the ones that decide to pay) grows every fortnight: Riviera Beach and Key Biscaine are the latest examples.
Even the Cyber Espionage front is particularly hot (and not only for the Summer): APT10 continues to be on a roll: the real extent of Operation Soft Cell (a massive campaign against at least ten telco providers) and Operation Cloud Hopper has been revealed and it’s really huge. But also entire governments are involved since it turned out that apparently some Western Intelligence Agencies attacked Yandex with a Regin variant. Additionally Iran claimed to have exposed a cyber espionage network allegedly run by the CIA.
Iran that was also allegedly hit by a cyber-attack against its weapons that apparently disables the computer systems controlling rocket and missile launchers.
The amount of events is constantly high in the latest months, so it’s really impossible to summarize everything in a few lines. Grab a cup of coffee (or whatever you want) and browse the timeline. Also feel free to share it and spread the verb of security awareness throughout the community.
Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
14/06/2019
?
Olean Medical Group
Olean Medical Group is hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Olean Medical Group, ransomware
2
2
14/06/2019
?
Seneca Nation Health System
Seneca Nation Health System is hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Seneca Nation Health System
3
3
17/06/2019
USA
Iran
Iran says it had exposed a large cyber espionage network allegedly run by the U.S. Central Intelligence Agency (CIA).
Unknown
O Public administration and defence, compulsory social security
CE
IR
USA, Iran, CIA
4
4
17/06/2019
?
A. Duie Pyle
Pennsylvania trucking firm A. Duie Pyle reports to have been hit with a ransomware attack.
Malware
H Transportation and storage
CC
US
A. Duie Pyle, ransomware
5
5
17/06/2019
?
Australian Catholic University (ACU)
Australian Catholic University (ACU) reveals that a data breach occurred on its systems as a result of a phishing attack discovered on May 22.
Account Hijacking
P Education
CC
AU
Australian Catholic University, ACU
6
6
18/06/2019
?
NASA's Jet Propulsion Laboratory (JPL)
A report from NASA reveals an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers.
Unauthorized Raspberry Pi
O Public administration and defence, compulsory social security
Researchers from Trend Micro discover 'Bouncing Golf', a cyberespionage campaign targeting Android users in Middle Eastern countries.
Targeted Attack
Y Multiple Industries
CE
>1
Trend Micro, Bouncing Golf
8
8
18/06/2019
?
Turkish Cryptocurrency Users
Researcher Lukas Stefanko discover some malicious apps that can steal one-time passwords (OTP) from the notification system in disguise of two fake BtcTurk apps.
Malware
X Individual
CC
TR
Lukas Stefanko, Android, OTP, BtcTurk
9
9
18/06/2019
?
EatStreet
Online food ordering service EatStreet discloses a security incident between May 3 and May 17, which led to a data breach involving customer payment card information and sensitive info of delivery and restaurant partners.
Unknown
I Accommodation and food service activities
CC
US
EatStreet
10
10
18/06/2019
?
Multiple Targets
Researchers from Kaspersky discover Plurox, a new modular backdoor malware capable of mining cryptocurrencies and spreading to other machines on the local network with the help of SMB and UPnP plugins.
Malware
Y Multiple Industries
CC
>1
Kaspersky, Plurox, SMB, UPnP
11
11
18/06/2019
?
Single Individuals
The US CERT warns about a new phishing scam appearing to be from the Department of Homeland Security (DHS), and luring users into downloading malware through a malicious attachment.
Malware
X Individual
CC
US
US CERT, Department of Homeland Security, DHS
12
12
18/06/2019
?
Tenx Systems
Tenx Systems reveals to have been hit by a ransomware attack discovered on April 9.
Malware
M Professional scientific and technical activities
CC
US
Tenx Systems, ransomware
13
13
18/06/2019
?
Chrome Users
Google removes YouTube Queue, a Chrome extension that secretly hijacks search engine queries and redirecting users to ad-infested search results. It had been installed by nearly 7,000 users.
Malicious Browser Extension
X Individual
CC
>1
Google, YouTube Queue, Chrome
14
14
19/06/2019
?
Three Undisclosed MSPs
Three undisclosed large MSPs are hacked via respectively the Webroot Management console, the Kaseya VSA console, and the ConnectWise console to distribute the Sodinokibi ransomware.
Account Hijacking
M Professional scientific and technical activities
CC
US
Webroot, Sodinokibi, ransomware
15
15
19/06/2019
?
SIngle Individuals
Researchers from Doctor Web discover a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers.
Malware
X Individual
CC
RU
Doctor Web, JavaScript
16
16
19/06/2019
?
Multiple Targets
Researchers from Sucuri discover a cryptomining dropper malware able to gain persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed.
Malware
Y Multiple Industries
CC
>1
Sucuri, Linux, Crypto
17
17
19/06/2019
?
Coinbase and other cryptocurrency firms
The employees of Coinbase and other cryptocurrency firms are the target of an attack utilizing a recent Firefox zero-day (CVE-2019-11707).
Targeted Attack
V Fintech
CC
>1
Coinbase, Firefox, CVE-2019-11707
18
18
19/06/2019
?
Vulnerable Oracle WebLogic Servers
Oracle releases an out-of-band fix for CVE-2019-2729, a critical vulnerability in a number of versions of Oracle WebLogic Server, currently exploited in the wild.
CVE-2019-2729 Vulnerability
Y Multiple Industries
CC
>1
Oracle, CVE-2019-2729, WebLogic
19
19
19/06/2019
?
Geraldton Catholic School
Geraldton Catholic School confirms it was the victim of a cyber attack, saying bank account and credit card information may have been stolen, including signatures scanned when parents paid school fees.
Unknown
P Education
CC
AU
Geraldton Catholic School
20
20
20/06/2019
USA
Iran computer systems controlling rocket and missile launchers
The US launch a cyber-attack on Iranian weapons systems. The cyber-attack disables computer systems controlling rocket and missile launchers.
Unknown
O Public administration and defence, compulsory social security
CW
IR
USA, Iran
21
21
20/06/2019
Turla
Several targets
Researchers from Symantec reveal three new campaigns carried out by the Turla Cyber Espionage Group. In one of these campaigns the Turla group hijacked the infrastructure of OilRig to compromise a target both actors were interested in.
Targeted Attack
Y Multiple Industries
CE
>1
Symantec, Turla, OilRig, APT34
22
22
20/06/2019
?
Single Individuals
A new Booking.com-themed spam campaign is discovered, distributing the Sodinokibi ransomware.
Malware
X Individual
CC
>1
Booking.com, Sodinokibi, ransomware
23
23
20/06/2019
?
Winrar.it
Winrar.it, the italian distributor of the famous compression software, is hacked to distribute the Sodinokibi ransomware.
Malware
X Individual
CC
IT
winrar.it, Sodinokibi, ransomware
24
24
20/06/2019
?
Riviera Beach
Riviera Beach agrees to pay $600,000 in ransom to hackers who took over its computer system in a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Riviera Beach, ransomware
25
25
20/06/2019
?
SocialEngineered.net
SocialEngineered.net, a forum dedicated to social engineering announces to have been breached and data from tens of thousands of members leaked online.