Last Updated on August 14, 2019

Welcome to this new timeline covering the main cyber attacks occurred in the first fortnight of July, where I have collected a total of 64 events.

Once again a reach timeline unfortunately, and I really do not know where to start from… Maybe from ransomware, where the list of the victims continues to grow.

In fact ransomware is the real plague of this 2019: just the time to celebrate the shutdown of the GandCrab operations, and here we are with new attacks against US municipalities. In this fortnight it has happened to Georgia Court System, La Porte County, Gila County, Onondaga County Library, and also some school like Syracuse City School, Northwest Indian College. But the US Municipalities were not the only victims, even the Chilean Ministry of Agricolture had the same destiny.

Of course the list of the events related to Cyber Crime, is quite long as usual, but should I mention some events in particular, I would undoubtedly quote the attack against the Bitpoint cryptocurrency exchange, about 3.5 billion yen ($32 million) worth stolen in cryptocurrency, and the attack against MyDashWallet.org.

And obviously the campaign of the Silence group against Banks in India, Sri Lanka, and Kyrgyzstan. There are also some interesting events in terms of Cyber Espionage (APT32, APT33 and Turla), but I would say at this point that the summary ends here, so you have no choice than to browse the timeline. Of course, feel free to share it and spread the verb of security awareness throughout the community.

Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1101/07/2019?Single IndividualsSecurity researchers from Netlab discover Godlua, the first ever malware abusing the DNS over HTTPS (DoH) protocol.MalwareX IndividualCC>1Godlua, Netlab, DoH
2201/07/2019?Targets in LibyaFacebook shuts down more than 30 accounts associated with 'Operation Tripoli' an ongoing campaign discovered by Check Point researchers, found to be spreading Remote Access Trojans (RATs) through malicious links.Targeted AttackX IndividualCELYFacebook, Operation Tripoli, Check Point
3301/07/2019?Georgia Court SystemThe Georgia Court System is hit by a ransomware attack. The attackers demand around $2 million in Bitcoin to restore access.MalwareO Public administration and defence, compulsory social securityCCUSGeorgia Court System, System
4401/07/2019?US Virgin Islands Water and Power AuthorityThe Water and Power Authority of the US Virgin Islands is the victim of a Business Email Compromise scam, costing $2.3 million.Account HijackingE Water supply, sewerage waste management, and remediation activitiesCCUSUS Virgin Islands Water and Power Authority
5501/07/2019?Linux ServersA new form of malware, called Golang, is spotted in the wild by cybersecurity companies which say the code's main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.MalwareY Multiple IndustriesCC>1Golang, Monero, Crypto
6601/07/2019?Chilean Ministry of AgricultureThe Chilean Ministry of Agriculture is hit by the DoppelPaymer ransomware.MalwareO Public administration and defence, compulsory social securityCCCLChilean Ministry of Agriculture, DoppelPaymer, Ransomware
7701/07/2019?Single IndividualsAn extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on the victim's computer via EternalBlue.SpamX IndividualCC>1Remote Access Trojan, RAT, EternalBlue
8801/07/2019?Android UsersResearchers from AVAST discover WannaHydra, a new version of WannaLocker, enhanced with spyware, remote access trojan and banking trojan capabilities.MalwareX IndividualCC>1AVAST, WannaHydra, WannaLocker
9901/07/2019OceanLotus (aka APT32, CobaltKitty)Multiple TargetsResearchers from Cylance detect a new wave of attacks carried out by the OceanLotus APT group, involving the new Ratsnif Trojan.Targeted AttackY Multiple IndustriesCE>1OceanLotus, APT32, CobaltKitty, Cylance, Ratsnif
101002/07/2019TA505Bank and financial services employees in the US, the United Arab Emirates and SingaporeResearchers from ProofPoint discover a new campaign carried out by TA505 targeting bank and financial services employees in the US, the United Arab Emirates and Singapore.Targeted AttackK Financial and insurance activitiesCC>1ProofPoint, TA505, US, United Arab Emirates, Singapore
111102/07/2019?Canonical Ltd.The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, is hacked.Account HijackingM Professional scientific and technical activitiesCCUKGitHub, Canonical Ltd., Ubuntu
121202/07/2019?7-Eleven JapanApproximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.App VulnerabilityG Wholesale and retail tradeCCJP7-Eleven
131302/07/2019?St John AmbulanceA ransomware attack temporarily blocks St John Ambulance staff from accessing its systems. The attack was detected and was resolved within half an hour.MalwareQ Human health and social work activitiesCCUKSt John Ambulance, ransomware
141402/07/2019Iran-linked APT33US Government NetworksThe US Cyber Command issues an alert about threat actors abusing the CVE-2017-11774 Outlook vulnerability to plant malware on government networks.Targeted AttackO Public administration and defence, compulsory social securityCCUSCVE-2017-11774, Iran, APT33
151503/07/2019?Android UsersResearchers at Fortinet uncover a new version of the BianLian Android Malware, suggesting that the actors behind it are still providing regular updates to the malware in order to make it more potent and provide even better returns.MalwareX IndividualCC>1Fortinet, BianLian, Android
161603/07/2019?PGP UsersA new wave of spamming attacks on a core component of PGP’s ecosystem has highlighted a fundamental weakness in the whole ecosystem.SpamX IndividualCC>1PGP
171703/07/2019SilenceBanks in India, Sri Lanka, and KyrgyzstanGroup-IB reveals that the Silence group has hit banks in India, Sri Lanka, and Kyrgyzstan.Targeted AttackK Financial and insurance activitiesCC>1Group-IB, Silence, India, Sri Lanka, Kyrgyzstan.
181803/07/2019?American Land Title Association (ALTA)American Land Title Association (ALTA) publishes a warning about hundreds of title company records having been supposedly stolen as part of a phishing campaign targeting ALTA members.Account HijackingK Financial and insurance activitiesCCUSAmerican Land Title Association, ALTA
191903/07/2019?City of GriffinOver $800,000 are stolen from the City of Griffin, Georgia, by scammers in a BEC (Business Email Compromise) attack by redirecting two transactions to their own bank accounts.Account HijackingO Public administration and defence, compulsory social securityCCUSCity of Griffin
202003/07/2019?US TeenagersThe Federal Bureau of Investigation (FBI) issues a warning regarding a sextortion campaign targeting teenagers in the United States.SpamX IndividualCCUSFBI, sextortion
212104/07/2019?Android UsersOver ten million users are duped in installing a fake Samsung app named "Updates for Samsung" that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads.MalwareX IndividualCC>1Samsung, Updates for Samsung, Android
222205/07/2019?Maryland Department of LaborThe Maryland Department of Labor (Maryland DoL) publishes a press release explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party.UnknownO Public administration and defence, compulsory social securityCCUSMaryland Department of Labor
232305/07/2019?Croatian GovernmentA new report reveals that Croatian government employees have been targeted by a state-sponsored actor between February and April this year, via the Empire and SilentTrinity backdoors.Targeted AttackO Public administration and defence, compulsory social securityCEHREmpire, SilentTrinity
242405/07/2019?962 e-commerce storesResearchers from Sanguine Security discover a large-scale Magecart payment card skimming campaign that successfully breached 962 e-commerce stores.Malicious Script InjectionG Wholesale and retail tradeCC>1Magecart, Sanguine Security
252506/07/2019?La Porte CountyLa Porte County is hit by a ransomware attack and pays $130,000 to recover data.MalwareO Public administration and defence, compulsory social securityCCUSLa Porte County, Ransomware
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

This Post Has 2 Comments

  1. Carl

    Looks like the table is from back end of June

    1. Paolo Passeri

      Looks like you are right and I posted the wrong article. I fixed it. Apologies for any inconvenience.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.