Last Updated on September 19, 2019

Here’s the first timeline of August, covering the main cyber attacks occurred in the first half of the eighth month of this troubled 2019. Even if we haven’t achieved the same level of July, the temperature of the infosec thermometer continues to be quite high, since in this timeline I have collected 77 events.

So, where do we start from? Probably from the mega breaches that have characterized this timeline, for example CafePress (a staggering number of 23 million accounts compromised), or StockX (6.8 million records stolen), or even the discovery of one million card details put on sale online in South Korea.

And if the mega breaches are the unwelcome novelty of this fortnight, ransomware continues to be on a roll, as a matter of fact it’s really impossible to enumerate the list of the victims in the public administration and healthcare space, and if that’s not enough, a new variant of the MegaCortex ransomware has been discovered with ransom demands as high as $5.8 million.

And while an attempt was detected to implant malware inside the AT&T network, social media continue to be the playground for misinformation campaigns, and this fortnight is no exception as two campaigns engaging in coordinated inauthentic behavior have been taken down by Facebook.

Last but not least this timeline also sports some remarkable cyber espionage events: maybe the most remarkable is the one targeting three US utilities in the US, but also APT28 is always on the spot with an original campaign abusing IoT devices. Other noticeable entries include Hexane (focused in the oil and gas industry in the Middle East), Machete (targeting the Venezuelan Army), and a new wave of attacks from Cloud Atlas.

As usual the list is too long to summarize in few lines, and I don’t want to take too much of your time that you could better spend in reading the timeline, so you have no choice but browse it all, and also share it to spread the concept of risk awareness across the community. Of course feel free to contribute, suggesting noticeable cyber events, and do not forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1101/08/2019?Three US companies in the utilities industryResearchers from Proofpoint discover a new campaign, possibly developed by a nation, targeting three US utilities via a malware called LookBack, The emails purporting came from the National Council of Examiners for Engineering and Surveying (NCEES).Targeted AttackD Electricity gas steam and air conditioning supplyCEUSProofpoint, LookBack, National Council of Examiners for Engineering and Surveying, NCEES
2201/08/2019Hexane GroupCompanies in the Middle East (especially in Kuwait)Researchers from Dragos discover a threat group dubbed Hexane focused on organizations in the oil and gas industry and targeting telco companies to hit its final targets.Targeted AttackD Electricity gas steam and air conditioning supplyCE>1Dragos, Hexane, Middle East, Kuwait
3301/08/2019?Individuals in South KoreaOne million card details are put up for sale online in South Korea.UnknownK Financial and insurance activitiesCCKRSouth Korea
4401/08/2019UAE EgyptCountries, primarily in the Middle East and in North and East Africa, including Libya, Sudan, Comoros, Qatar, Turkey, Lebanon, Syria, Jordan and MoroccoFacebook removes 259 Facebook accounts, 102 Pages, 5 Groups, 4 Events and 17 Instagram accounts for engaging in coordinated inauthentic behavior that originated in the UAE and Egypt and focused on a number of countries in Middle East and Africa.Fake Social Network Groups/PagesO Public administration and defence, compulsory social securityCW>1Facebook, Libya, Sudan, Comoros, Qatar, Turkey, Lebanon, Syria, Jordan, Morocco
5501/08/2019Saudi ArabiaCountries in Middle East and Northern Africa, including Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon and JordanFacebook removes 217 Facebook accounts, 144 Pages, 5 Groups and 31 Instagram accounts involved in coordinated inauthentic behavior originating from Saudi Arabia that focused primarily on the Middle East and Northern Africa.Fake Social Network Groups/PagesO Public administration and defence, compulsory social securityCW>1Facebook, Middle East, Northern Africa, Qatar, Saudi Arabia, UAE, Bahrain, Egypt, Morocco, Palestine, Lebanon, Jordan
6601/08/2019?StockXStockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen.UnknownG Wholesale and retail tradeCCUSStockX
7701/08/2019?PoshmarkPoshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information.UnknownG Wholesale and retail tradeCCUSPoshmark
8801/08/2019?Single IndividualsResearchers from enSilo reveal the details of DealPly, an adware able to abuse the Microsoft and McAfee reputation services to avoid detection.MalwareX IndividualCC>1enSilo, DealPly, Microsoft, McAfee
9901/08/2019?Single IndividualsResearchers from Proofpoint reveal the details of SystemBC, a malware able to install a proxy on infected computers.MalwareX IndividualCC>1Proofpoint, SystemBC,
101001/08/2019?Single IndividualsA new Exploit Kit dubbed Lord emerges, able to push the njRAT and ERIS Ransomware.MalwareX IndividualCC>1Lord, njRAT, ERIS, Ransomware
IDDateAttackTarget ClassAttack ClassCountryTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.