Last Updated on December 22, 2022

The first timeline of 2020 is finally here! In the first half of January I have collected 68 events, a number that shows how the new year has started with an apparent decrease.

In this fortnight malicious actors have continued to target vulnerable VPN systems from Pulse Secure (CVE-2019-11510), and the unpatched vulnerability on Citrix systems (CVE-2019-19781) to distribute malware, predominantly ransomware. Effectively ransomware has characterized the end of 2019, and according to the first timeline, the beginning of 2020 doesn’t seem that different.

Another important event that has characterized this timeline is the cyber activity of Iran: the tension between USA and Iran, following the murder of Qasem Soleimani, has contributed to worsen a scenario (Iranian attackers have immediately defaced some US entities), which was already quite complicated. On December 29, 2019, Iranian attackers are suspected to have hit Bapco, the Bahrain’s national oil company, with a new data-wiping malware dubbed Dustman; additionally researchers have revealed that multiple state-sponsored groups affiliated to Iran, have been probing the American electric utilities during 2019.

The cyber espionage front has seen multiple operations: the Austrian foreign ministry has been targeted targeted by a cyber-attack allegedly carried out by a foreign country, APT28 has launched a malicious campaign against Burisma, the Ukrainian gas company with whom Hunter Biden worked, and researchers have also discovered a new operation by the SideWinder APT Group, targeting military entities, via malicious Android apps.

As always, browse the timeline for all the details, and feel free to share it with your peers to support my work and spread the risk awareness across the community. Last but not least, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

This Post Has One Comment

  1. Eric

    I’m afraid no data available.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.