The second timeline of March is here! Unsurprisingly in this fortnight I have collected the highest number of events so far (107), and one third of them is somehow related to the COVID-19 pandemic.
Unfortunately cyber criminals are not showing any mercy in such complicated moments. Not only ransomware attacks continue to occur with a regular basis (with new high-profile victims), but the world has literally been bombarded with malicious spam, phishing campaigns, and malware in theme with the current COVID-19 outbreak.
This wave of attacks has overshadowed some mega breaches unearthed in the same period, such as the discovery of 538 million users of the Chinese social network Weibo available for sale online. And they were in good company given that even the details of 49 million Iranian citizens (users of two local messaging services), and 4.9 million Georgian citizens were equally leaked online. And just to complete the picture we should also consider a second breach to a primary hotel chain and to an Indian real estate service.
The cyber espionage front is quite crowded with multiple operations and apparently unaffected by the current situation: usual suspects such as APT28, APT36, APT41, and the Gaza CyberGang continue to populate the timeline….
And with this our summary is over. The timeline is all yours, and contains the details that you can browse and share to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
03/02/2020
?
Vijay Sales
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020.
AWS misconfiguration
G Wholesale and retail trade
CC
IN
Vijay Sales, AWS
2
03/02/2020
?
GeoCloud
A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information.
AWS misconfiguration
S Other service activities
CC
IL
GeoCloud, AWS
3
01/01/1970
?
Norwegian Cruise Line
Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records
Unknown
R Arts entertainment and recreation
CC
US
Dynarisk, Norwegian Cruise Line
4
01/01/1970
Maze
Hammersmith Medicines Research (HMR)
Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack.
Energy, construction, and telecoms in the United States
Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool.
Malware
Y Multiple Industries
CC
US
Proofpoint, Coronavirus, COVID-19, Remcos
6
01/01/1970
?
Jamaica National Group
Jamaica National Group is hit with a ransomware attack.
Malware
K Financial and insurance activities
CC
JM
Jamaica National Group, ransomware
7
01/01/1970
?
Bluffton Township Fire District
Bluffton Township Fire District is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Bluffton Township Fire District, ransomware
8
01/01/1970
APT36
Indian government
Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes
9
01/01/1970
?
Single Individuals
Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails.
Malicious Spam
X Individual
CC
>1
ESET, COVID-19, Coronavirus
10
01/01/1970
TA505
U.S. healthcare, manufacturing, and pharmaceuticals industries.
Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries.
Malware
Y Multiple Industries
CC
US
Proofpoint, TA505
11
01/01/1970
?
Single Individuals
Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19, CDC, WHO
12
01/01/1970
?
Multiple targets in the UK
The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.
>1
Y Multiple Industries
CC
UK
National Cyber Security Centre, NCSC, Coronavirus, COVID-19
13
01/01/1970
?
College of DuPage
College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach.
Unknown
P Education
CC
US
College of DuPage
14
01/01/1970
?
Android users
Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app.
Malware
X Individual
CC
>1
Kaspersky, MonitorMinor, Android
15
01/01/1970
?
Multiple targets in the US
Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.”
Malware
Y Multiple Industries
CC
US
Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus
16
01/01/1970
?
Manufacturing and industrial targets in Spain and Portugal
Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader.
Malware
Y Multiple Industries
CC
ES
PT
Proofpoint, COVID-19, Coronavirus, GuLoader
17
01/01/1970
?
Manufacturing, technology, and industrial companies in the Netherlands
Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials.
Account Hijacking
Y Multiple Industries
CC
NL
Proofpoint, COVID-19, Coronavirus
18
01/01/1970
?
Italian users
Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users.
Malware
X Individual
CC
IT
Cybaze-Yoroi Zlab, Ursnif
19
01/01/1970
?
Vimeo users
Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft.
Malware
X Individual
CC
>1
Vimeo
20
01/01/1970
?
Town of Houlton Police
The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019.
Malware
O Public administration and defence, compulsory social security
CC
US
Town of Houlton Police
21
01/01/1970
?
Tandem Diabetes Care
Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020
Account Hijacking
Q Human health and social work activities
CC
US
Tandem Diabetes Care
22
01/01/1970
?
Multiple targets
A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data.
Malware
Y Multiple Industries
CC
>1
Ransomware, Nefilim, Nemty
23
01/01/1970
?
Multiple targets
Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products.
Trend Micro Vulnerabilities
Y Multiple Industries
CC
>1
Trend Micro, CVE-2020-8467, CVE-2020-8468
24
01/01/1970
Molerats group (AKA Gaza CyberGang)
Arabic speakers interested in Palestine’s potential acceptance of the peace plan
Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan.
Targeted Attack
X Individual
CE
PS
IBM X-Force, EnigmaSpark, Middle East
25
01/01/1970
?
Telecommunications providers, universities and financial service
Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data.
Malware
Y Multiple Industries
CE
>1
Bitdefender, Trickbot
26
01/01/1970
?
NutriBullet
Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks.
Malicious Script Injection
G Wholesale and retail trade
CC
US
RiskIQ, NutriBullet, Magecart
27
01/01/1970
?
Android users in Libya
Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals.
Targeted Attack
X Individual
CE
LY
Lookout, Android, COVID-19, Libya
28
01/01/1970
?
US retail companies
Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click.
Account Hijacking
G Wholesale and retail trade
CC
US
Proofpoint, COVID-19, Coronavirus
29
01/01/1970
?
Blizzard
Blizzard is hit with a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Blizzard
30
01/01/1970
?
Keen
Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis.
Malicious Bot
G Wholesale and retail trade
CC
US
Keen, COVID-19, Coronavirus
31
01/01/1970
?
Brooks International
The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom.
Malware
M Professional scientific and technical activities
CC
PK
Sodinokibi, ransomware, Brooks International
32
01/01/1970
?
Single Individuals
Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets".
Malicious Spam
X Individual
CC
>1
COVID-19, Coronavirus
33
01/01/1970
?
Single Individuals
The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington.
Malicious Spam
X Individual
CC
US
FBI, coronavirus, COVID-19, California, New York, Washington
34
01/01/1970
?
Android users
Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask.
According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil.
Malicious Spam
X Individual
CC
US
AdaptiveMobile, COVID-19, CBD oil
36
01/01/1970
?
Single Individuals
Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
Malware
X Individual
CC
>1
IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye
37
01/01/1970
APT28, AKA Fancy Bear, Sednit, and Pawn Storm
Multiple targets
Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019.
A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs Redline, an information-stealing malware.
Malware
X Individual
CC
>1
COVID-19, Coronavirus, Folding@Home, Redline
39
01/01/1970
?
Takeaway
The German food delivery service Takeaway is hit with a DDoS attack.
DDoS
I Accommodation and food service activities
CC
DE
Takeaway
40
01/01/1970
Mespinoza/Pysa
Local government authorities in France
The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities.
Malware
O Public administration and defence, compulsory social security
CC
FR
Mespinoza, Pysa, ransomware
41
01/01/1970
TA505 AKA Evil Corp
Businesses in Germany
Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives.
Malware
Y Multiple Industries
CC
DE
Prevailion, TA505, Evil Corp
42
01/01/1970
?
General Electric (GE) via Canon Business Process Services
General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February.
Account Hijacking
C Manufacturing
CC
US
General Electric, GE, Canon Business Process Services
43
01/01/1970
Digital Revolution
InformInvestGroup CJSC
Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices.
Unknown
M Professional scientific and technical activities
CC
RU
Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT
44
01/01/1970
?
Finastra
Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack.
Malware
V Fintech
CC
UK
Finastra, ransomware
45
01/01/1970
?
Single Individuals in the US
FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.
Account Hijacking
X Individual
CC
US
FBI, Internet Crime Complaint Center, IC3
46
01/01/1970
?
Zyxel devices
Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet.
CVE-2020-9054 vulnerability
Y Multiple Industries
CC
>1
Mukashi, Mirai, Zyxel, CVE-2020-9054
47
01/01/1970
?
University of Utah Health
The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah Health
48
01/01/1970
?
Rotherham Council
Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field.
Account Hijacking
O Public administration and defence, compulsory social security
CC
UK
Rotherham Council
49
01/01/1970
?
Oregon Department of Human Services
The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Oregon Department of Human Services
50
01/01/1970
?
Golden Valley Health Centers
Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3.
Account Hijacking
Q Human health and social work activities
CC
US
Golden Valley Health Centers
51
01/01/1970
?
Multiple targets
Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware.
Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks.
Lilin Vulnerabilities
Y Multiple Industries
CC
>1
Lilin
53
01/01/1970
?
Bitcoin users
It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks.
Account Hijacking via malicious QR-code generators
V Fintech
CC
>1
Bitcoin, Crypto, QR-Code gernerator
54
01/01/1970
?
World Health Organization
Reuters reveal that hackers tried to break into the World Health Organization earlier this month
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
INT
Reuters, World Health Organization, WHO
55
01/01/1970
?
Multiple targets
Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix.
Targeted Attack
Y Multiple Industries
CC
>1
Microsoft, ADV200006
56
01/01/1970
?
538 million users of Chinese social network Weibo
The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online.
Unknown
X Individual
CC
CN
Weibo
57
01/01/1970
?
SIngle Individuals
Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
58
01/01/1970
?
Single Individuals
Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme.
Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet.
Malware
X Individual
CC
>1
Malwarebytes, Coronavirus, COVID-19
60
01/01/1970
?
Single Individuals
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails.
Malware
X Individual
CC
US
HHS, COVID-19, Coronavirus
61
01/01/1970
?
118 118 Money
118 118 Money writes to personal loans and credit card customers to notify an intrusion.
Unknown
K Financial and insurance activities
CC
UK
118 118 Money
62
01/01/1970
?
LTI Power System
LTI Power System is hit with a ransomware attack.
Malware
C Manufacturing
CC
US
LTI Power System, ransomware
63
01/01/1970
?
Industrial-related entities in the Middle East
Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan.
Targeted Attack
Y Multiple Industries
CC
>1
Kaspersky, WildPressure, Milum
64
01/01/1970
?
Android users
Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net.
Malware
X Individual
CC
>1
Check Point, Tekya, Haken
65
01/01/1970
?
Banking users in Spain
Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Ginp, Coronavirus Finder
66
01/01/1970
TwoSail Junk
iOS Users in Hong Kong
Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy.
Targeted Attack
X Individual
CE
HK
Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk
67
01/01/1970
?
Netflix users
Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Netflix, Coronavirus, COVID-19
68
01/01/1970
?
Bank customers in Germany
Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction.
Malware
K Financial and insurance activities
CC
DE
IBM X-Force, TrickMo, Android, TrickBot
69
01/01/1970
?
Twitter users
Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Twitter, coronavirus, COVID-19
70
01/01/1970
?
PropTiger
Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018.
Unknown
L Real estate activities
CC
IN
PropTiger
71
01/01/1970
APT41
Multiple targets
Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
Targeted Attack
Y Multiple Industries
CE
>1
FireEye, APT41
72
01/01/1970
?
Tupperware
Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Tupperware, Magecart, Malwarebytes
73
01/01/1970
?
Daniel's Hosting
The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases.
Unknown
S Other service activities
CC
DE
Daniel's Hosting
74
01/01/1970
Palesa
AMD
AMD admits that a hacker has stolen files related to some of its graphics products.
Unknown
C Manufacturing
CC
US
AMD, Palesa
75
01/01/1970
?
Linksys Routers
Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer.
Malware
Y Multiple Industries
CC
>1
Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19
76
01/01/1970
?
Single Individuals
Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.
Malware
X Individual
CC
>1
Doctor Web, Google Chrome
77
01/01/1970
?
Websites using Wordpress
The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
Malicious Wordpress Plugin
Y Multiple Industries
CC
>1
WordPress, WP-VCD, Coronavirus, COVID-19
78
01/01/1970
?
Town of Jupiter
The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Jupiter, REvil, Sodinokibi, ransomware
79
01/01/1970
China
North Korea
Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
China, North Korea, Google
80
01/01/1970
Maze
Chubb
Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack.
Malware
K Financial and insurance activities
CC
CH
Chubb, Maze, ransomware
81
01/01/1970
DoppelPaymer
Kimchuk
Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware
Malware
C Manufacturing
CC
US
Kimchuk, DoppelPaymer, ransomware
82
01/01/1970
FIN7
Multiple targets
The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor.
Targeted Attack
K Financial and insurance activities
CC
US
FIN7, GRIFFON , FBI
83
01/01/1970
Ryuk
US health care provider
A US health care provider is hit with the Ryuk ransomware.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware
84
01/01/1970
?
Undisclosed US hospitality provider
Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack.
Malware
Q Human health and social work activities
CC
US
Trustwave, BadUSB
85
01/01/1970
?
Single Individuals
Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update.
Account Hijacking
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
86
01/01/1970
?
Single Individuals
Researchers from Forcepoint discover a new spam campaign exploiting COVID-19.
Malicious Spam
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
87
01/01/1970
?
Single Individuals
Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections.
Malware
X Individual
CC
IT
Forcepoint, COVID-19, Coronavirus
88
01/01/1970
Silence and TA505
At least two companies operating in pharmaceutical and manufacturing sectors have been affected
Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322
Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked.
Unknown
J Information and communication
CC
US
Social Bluebook
90
01/01/1970
?
U.S. Small Businesses
Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA).
Malware
Y Multiple Industries
CC
US
IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA
91
01/01/1970
?
Multiple targets in Australia
The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity.
Account Hijacking
Y Multiple Industries
CC
AU
Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus
92
01/01/1970
?
4.9 million Georgian citizens
The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum.
Unknown
O Public administration and defence, compulsory social security
CC
GE
Georgia
93
01/01/1970
?
Single Individuals
Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member.
Malicious Spam
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
94
01/01/1970
Two malicious groups
Multiple targets
Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks.
DrayTek Vigor enterprise routers vulnerability
Y Multiple Industries
CC
>1
Qihoo 360, DrayTek
95
01/01/1970
?
Teaching Council
A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared.
Account Hijacking
P Education
CC
IE
Teaching Council
96
01/01/1970
Saudi Arabia?
Saudi citizens in the US
Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US.
SS7 Vulnerabilities
X Individual
CE
SA
Saudi Arabia
97
01/01/1970
?
Single Individuals
A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.
Malware
X Individual
CC
>1
COVID-19, Coronavirus
98
01/01/1970
?
Major banks from the US, Canada, and Australia
Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus
99
01/01/1970
?
Multiple targets
FBI warns about Zoom bombing as hijackers take over school and business video conferences.
Zoom misconfiguration
Y Multiple Industries
CC
>1
FBI, Zoom bombing
100
01/01/1970
?
Multiple targets in the US
The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.
Targeted Attack
Y Multiple Industries
CE
US
FBI, Kwampirs
101
01/01/1970
?
YouTuber users
A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates.
Account Hijacking
X Individual
CC
>1
YouTube, Ponzi scam, Bill Gates.
102
01/01/1970
?
GoDaddy.com
A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com.
Account Hijacking
J Information and communication
CC
US
GoDaddy.com, escrow.com.
103
01/01/1970
"Samaneye Shekar” meaning “Hunting system”
42 million Iranian citizens
The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online.
Unknown
X Individual
CC
IR
HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system
104
01/01/1970
?
Marriott
Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February.
Account Hijacking
I Accommodation and food service activities
CC
US
Marriott
105
01/01/1970
?
Specific Asian religious and ethnic group
Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group.
Targeted Attack
X Individual
CE
>1
Kaspersky, Holy Water
106
01/01/1970
?
Multiple targets
Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files.
Malware
Y Multiple Industries
CC
>1
Mimecast, LimeRAT, Excel
107
01/01/1970
?
Single Individuals
Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear.
