Last Updated on August 14, 2019

Welcome to this new timeline covering the main cyber attacks occurred in the first fortnight of July, where I have collected a total of 64 events.

Once again a reach timeline unfortunately, and I really do not know where to start from… Maybe from ransomware, where the list of the victims continues to grow.

In fact ransomware is the real plague of this 2019: just the time to celebrate the shutdown of the GandCrab operations, and here we are with new attacks against US municipalities. In this fortnight it has happened to Georgia Court System, La Porte County, Gila County, Onondaga County Library, and also some school like Syracuse City School, Northwest Indian College. But the US Municipalities were not the only victims, even the Chilean Ministry of Agricolture had the same destiny.

Of course the list of the events related to Cyber Crime, is quite long as usual, but should I mention some events in particular, I would undoubtedly quote the attack against the Bitpoint cryptocurrency exchange, about 3.5 billion yen ($32 million) worth stolen in cryptocurrency, and the attack against

And obviously the campaign of the Silence group against Banks in India, Sri Lanka, and Kyrgyzstan. There are also some interesting events in terms of Cyber Espionage (APT32, APT33 and Turla), but I would say at this point that the summary ends here, so you have no choice than to browse the timeline. Of course, feel free to share it and spread the verb of security awareness throughout the community.

Most importantly, do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1101/07/2019?Single IndividualsSecurity researchers from Netlab discover Godlua, the first ever malware abusing the DNS over HTTPS (DoH) protocol.MalwareX IndividualCC>1Godlua, Netlab, DoH
2201/07/2019?Targets in LibyaFacebook shuts down more than 30 accounts associated with 'Operation Tripoli' an ongoing campaign discovered by Check Point researchers, found to be spreading Remote Access Trojans (RATs) through malicious links.Targeted AttackX IndividualCELYFacebook, Operation Tripoli, Check Point
3301/07/2019?Georgia Court SystemThe Georgia Court System is hit by a ransomware attack. The attackers demand around $2 million in Bitcoin to restore access.MalwareO Public administration and defence, compulsory social securityCCUSGeorgia Court System, System
4401/07/2019?US Virgin Islands Water and Power AuthorityThe Water and Power Authority of the US Virgin Islands is the victim of a Business Email Compromise scam, costing $2.3 million.Account HijackingE Water supply, sewerage waste management, and remediation activitiesCCUSUS Virgin Islands Water and Power Authority
5501/07/2019?Linux ServersA new form of malware, called Golang, is spotted in the wild by cybersecurity companies which say the code's main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.MalwareY Multiple IndustriesCC>1Golang, Monero, Crypto
6601/07/2019?Chilean Ministry of AgricultureThe Chilean Ministry of Agriculture is hit by the DoppelPaymer ransomware.MalwareO Public administration and defence, compulsory social securityCCCLChilean Ministry of Agriculture, DoppelPaymer, Ransomware
7701/07/2019?Single IndividualsAn extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on the victim's computer via EternalBlue.SpamX IndividualCC>1Remote Access Trojan, RAT, EternalBlue
8801/07/2019?Android UsersResearchers from AVAST discover WannaHydra, a new version of WannaLocker, enhanced with spyware, remote access trojan and banking trojan capabilities.MalwareX IndividualCC>1AVAST, WannaHydra, WannaLocker
9901/07/2019OceanLotus (aka APT32, CobaltKitty)Multiple TargetsResearchers from Cylance detect a new wave of attacks carried out by the OceanLotus APT group, involving the new Ratsnif Trojan.Targeted AttackY Multiple IndustriesCE>1OceanLotus, APT32, CobaltKitty, Cylance, Ratsnif
101002/07/2019TA505Bank and financial services employees in the US, the United Arab Emirates and SingaporeResearchers from ProofPoint discover a new campaign carried out by TA505 targeting bank and financial services employees in the US, the United Arab Emirates and Singapore.Targeted AttackK Financial and insurance activitiesCC>1ProofPoint, TA505, US, United Arab Emirates, Singapore
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

This Post Has 2 Comments

  1. Carl

    Looks like the table is from back end of June

    1. Paolo Passeri

      Looks like you are right and I posted the wrong article. I fixed it. Apologies for any inconvenience.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.