The second timeline of March is here! Unsurprisingly in this fortnight I have collected the highest number of events so far (107), and one third of them is somehow related to the COVID-19 pandemic.
Unfortunately cyber criminals are not showing any mercy in such complicated moments. Not only ransomware attacks continue to occur with a regular basis (with new high-profile victims), but the world has literally been bombarded with malicious spam, phishing campaigns, and malware in theme with the current COVID-19 outbreak.
This wave of attacks has overshadowed some mega breaches unearthed in the same period, such as the discovery of 538 million users of the Chinese social network Weibo available for sale online. And they were in good company given that even the details of 49 million Iranian citizens (users of two local messaging services), and 4.9 million Georgian citizens were equally leaked online. And just to complete the picture we should also consider a second breach to a primary hotel chain and to an Indian real estate service.
The cyber espionage front is quite crowded with multiple operations and apparently unaffected by the current situation: usual suspects such as APT28, APT36, APT41, and the Gaza CyberGang continue to populate the timeline….
And with this our summary is over. The timeline is all yours, and contains the details that you can browse and share to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
| ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 02/03/2020 | ? | Vijay Sales | A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020. | AWS misconfiguration | G Wholesale and retail trade | CC | IN | Vijay Sales, AWS | |
| 2 | 02/03/2020 | ? | GeoCloud | A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information. | AWS misconfiguration | S Other service activities | CC | IL | GeoCloud, AWS | |
| 3 | 13/03/2020 | ? | Norwegian Cruise Line | Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records | Unknown | R Arts entertainment and recreation | CC | US | Dynarisk, Norwegian Cruise Line | |
| 4 | 14/03/2020 | Maze | Hammersmith Medicines Research (HMR) | Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | UK | Hammersmith Medicines Research, HMR, Maze, Coronavirus | |
| 5 | 14/03/2020 | ? | Energy, construction, and telecoms in the United States | Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool. | Malware | Y Multiple Industries | CC | US | Proofpoint, Coronavirus, COVID-19, Remcos | |
| 6 | 14/03/2020 | ? | Jamaica National Group | Jamaica National Group is hit with a ransomware attack. | Malware | K Financial and insurance activities | CC | JM | Jamaica National Group, ransomware | |
| 7 | 15/03/2020 | ? | Bluffton Township Fire District | Bluffton Township Fire District is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Bluffton Township Fire District, ransomware | |
| 8 | 16/03/2020 | APT36 | Indian government | Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN | APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes | |
| 9 | 16/03/2020 | ? | Single Individuals | Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails. | Malicious Spam | X Individual | CC | >1 | ESET, COVID-19, Coronavirus | |
| 10 | 16/03/2020 | TA505 | U.S. healthcare, manufacturing, and pharmaceuticals industries. | Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries. | Malware | Y Multiple Industries | CC | US | Proofpoint, TA505 | |
| 11 | 16/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19, CDC, WHO | |
| 12 | 16/03/2020 | ? | Multiple targets in the UK | The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. | >1 | Y Multiple Industries | CC | UK | National Cyber Security Centre, NCSC, Coronavirus, COVID-19 | |
| 13 | 16/03/2020 | ? | College of DuPage | College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach. | Unknown | P Education | CC | US | College of DuPage | |
| 14 | 16/03/2020 | ? | Android users | Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app. | Malware | X Individual | CC | >1 | Kaspersky, MonitorMinor, Android | |
| 15 | 17/03/2020 | ? | Multiple targets in the US | Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.” | Malware | Y Multiple Industries | CC | US | Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus | |
| 16 | 17/03/2020 | ? | Manufacturing and industrial targets in Spain and Portugal | Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader. | Malware | Y Multiple Industries | CC | ES PT | Proofpoint, COVID-19, Coronavirus, GuLoader | |
| 17 | 17/03/2020 | ? | Manufacturing, technology, and industrial companies in the Netherlands | Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials. | Account Hijacking | Y Multiple Industries | CC | NL | Proofpoint, COVID-19, Coronavirus | |
| 18 | 17/03/2020 | ? | Italian users | Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users. | Malware | X Individual | CC | IT | Cybaze-Yoroi Zlab, Ursnif | |
| 19 | 17/03/2020 | ? | Vimeo users | Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft. | Malware | X Individual | CC | >1 | Vimeo | |
| 20 | 17/03/2020 | ? | Town of Houlton Police | The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019. | Malware | O Public administration and defence, compulsory social security | CC | US | Town of Houlton Police | |
| 21 | 17/03/2020 | ? | Tandem Diabetes Care | Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020 | Account Hijacking | Q Human health and social work activities | CC | US | Tandem Diabetes Care | |
| 22 | 17/03/2020 | ? | Multiple targets | A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data. | Malware | Y Multiple Industries | CC | >1 | Ransomware, Nefilim, Nemty | |
| 23 | 18/03/2020 | ? | Multiple targets | Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products. | Trend Micro Vulnerabilities | Y Multiple Industries | CC | >1 | Trend Micro, CVE-2020-8467, CVE-2020-8468 | |
| 24 | 18/03/2020 | Molerats group (AKA Gaza CyberGang) | Arabic speakers interested in Palestine’s potential acceptance of the peace plan | Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan. | Targeted Attack | X Individual | CE | PS | IBM X-Force, EnigmaSpark, Middle East | |
| 25 | 18/03/2020 | ? | Telecommunications providers, universities and financial service | Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data. | Malware | Y Multiple Industries | CE | >1 | Bitdefender, Trickbot | |
| 26 | 18/03/2020 | ? | NutriBullet | Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks. | Malicious Script Injection | G Wholesale and retail trade | CC | US | RiskIQ, NutriBullet, Magecart | |
| 27 | 18/03/2020 | ? | Android users in Libya | Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals. | Targeted Attack | X Individual | CE | LY | Lookout, Android, COVID-19, Libya | |
| 28 | 18/03/2020 | ? | US retail companies | Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click. | Account Hijacking | G Wholesale and retail trade | CC | US | Proofpoint, COVID-19, Coronavirus | |
| 29 | 18/03/2020 | ? | Blizzard | Blizzard is hit with a DDoS attack. | DDoS | R Arts entertainment and recreation | CC | US | Blizzard | |
| 30 | 19/03/2020 | ? | Keen | Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis. | Malicious Bot | G Wholesale and retail trade | CC | US | Keen, COVID-19, Coronavirus | |
| 31 | 19/03/2020 | ? | Brooks International | The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom. | Malware | M Professional scientific and technical activities | CC | PK | Sodinokibi, ransomware, Brooks International | |
| 32 | 19/03/2020 | ? | Single Individuals | Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets". | Malicious Spam | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 33 | 19/03/2020 | ? | Single Individuals | The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington. | Malicious Spam | X Individual | CC | US | FBI, coronavirus, COVID-19, California, New York, Washington | |
| 34 | 19/03/2020 | ? | Android users | Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask. | Malware | X Individual | CC | >1 | Zscaler, Android, Coronavirus, Covid-19, Corona Safety Mask | |
| 35 | 19/03/2020 | ? | US Mobile users | According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil. | Malicious Spam | X Individual | CC | US | AdaptiveMobile, COVID-19, CBD oil | |
| 36 | 19/03/2020 | ? | Single Individuals | Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. | Malware | X Individual | CC | >1 | IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye | |
| 37 | 19/03/2020 | APT28, AKA Fancy Bear, Sednit, and Pawn Storm | Multiple targets | Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019. | Targeted Attack | Y Multiple Industries | CE | >1 | Trend Micro, APT28, Fancy Bear, Sednit, Pawn Storm | |
| 38 | 19/03/2020 | ? | Single Individuals | A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake [email protected] app that installs Redline, an information-stealing malware. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus, [email protected], Redline | |
| 39 | 19/03/2020 | ? | Takeaway | The German food delivery service Takeaway is hit with a DDoS attack. | DDoS | I Accommodation and food service activities | CC | DE | Takeaway | |
| 40 | 19/03/2020 | Mespinoza/Pysa | Local government authorities in France | The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities. | Malware | O Public administration and defence, compulsory social security | CC | FR | Mespinoza, Pysa, ransomware | |
| 41 | 19/03/2020 | TA505 AKA Evil Corp | Businesses in Germany | Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives. | Malware | Y Multiple Industries | CC | DE | Prevailion, TA505, Evil Corp | |
| 42 | 20/03/2020 | ? | General Electric (GE) via Canon Business Process Services | General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February. | Account Hijacking | C Manufacturing | CC | US | General Electric, GE, Canon Business Process Services | |
| 43 | 20/03/2020 | Digital Revolution | InformInvestGroup CJSC | Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices. | Unknown | M Professional scientific and technical activities | CC | RU | Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT | |
| 44 | 20/03/2020 | ? | Finastra | Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack. | Malware | V Fintech | CC | UK | Finastra, ransomware | |
| 45 | 20/03/2020 | ? | Single Individuals in the US | FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. | Account Hijacking | X Individual | CC | US | FBI, Internet Crime Complaint Center, IC3 | |
| 46 | 20/03/2020 | ? | Zyxel devices | Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet. | CVE-2020-9054 vulnerability | Y Multiple Industries | CC | >1 | Mukashi, Mirai, Zyxel, CVE-2020-9054 | |
| 47 | 20/03/2020 | ? | University of Utah Health | The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah Health | |
| 48 | 20/03/2020 | ? | Rotherham Council | Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field. | Account Hijacking | O Public administration and defence, compulsory social security | CC | UK | Rotherham Council | |
| 49 | 20/03/2020 | ? | Oregon Department of Human Services | The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Oregon Department of Human Services | |
| 50 | 20/03/2020 | ? | Golden Valley Health Centers | Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3. | Account Hijacking | Q Human health and social work activities | CC | US | Golden Valley Health Centers | |
| 51 | 21/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware. | Malware | Y Multiple Industries | >1 | MalwareHunterTeam, Coronavirus, NetWalker, COVID-19 | ||
| 52 | 21/03/2020 | ? | Lilin devices | Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks. | Lilin Vulnerabilities | Y Multiple Industries | CC | >1 | Lilin | |
| 53 | 21/03/2020 | ? | Bitcoin users | It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks. | Account Hijacking via malicious QR-code generators | V Fintech | CC | >1 | Bitcoin, Crypto, QR-Code gernerator | |
| 54 | 23/03/2020 | ? | World Health Organization | Reuters reveal that hackers tried to break into the World Health Organization earlier this month | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | INT | Reuters, World Health Organization, WHO | |
| 55 | 23/03/2020 | ? | Multiple targets | Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix. | Targeted Attack | Y Multiple Industries | CC | >1 | Microsoft, ADV200006 | |
| 56 | 23/03/2020 | ? | 538 million users of Chinese social network Weibo | The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online. | Unknown | X Individual | CC | CN | ||
| 57 | 23/03/2020 | ? | SIngle Individuals | Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 58 | 23/03/2020 | ? | Single Individuals | Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme. | Malware | X Individual | CC | >1 | MalwareHunterTeam, MBRLocker, Coronavirus, COVID-19 | |
| 59 | 23/03/2020 | ? | Single Individuals | Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet. | Malware | X Individual | CC | >1 | Malwarebytes, Coronavirus, COVID-19 | |
| 60 | 23/03/2020 | ? | Single Individuals | An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails. | Malware | X Individual | CC | US | HHS, COVID-19, Coronavirus | |
| 61 | 23/03/2020 | ? | 118 118 Money | 118 118 Money writes to personal loans and credit card customers to notify an intrusion. | Unknown | K Financial and insurance activities | CC | UK | 118 118 Money | |
| 62 | 23/03/2020 | ? | LTI Power System | LTI Power System is hit with a ransomware attack. | Malware | C Manufacturing | CC | US | LTI Power System, ransomware | |
| 63 | 24/03/2020 | ? | Industrial-related entities in the Middle East | Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan. | Targeted Attack | Y Multiple Industries | CC | >1 | Kaspersky, WildPressure, Milum | |
| 64 | 24/03/2020 | ? | Android users | Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net. | Malware | X Individual | CC | >1 | Check Point, Tekya, Haken | |
| 65 | 24/03/2020 | ? | Banking users in Spain | Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app. | Malware | K Financial and insurance activities | CC | ES | Kaspersky, Ginp, Coronavirus Finder | |
| 66 | 24/03/2020 | TwoSail Junk | iOS Users in Hong Kong | Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy. | Targeted Attack | X Individual | CE | HK | Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk | |
| 67 | 24/03/2020 | ? | Netflix users | Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Netflix, Coronavirus, COVID-19 | |
| 68 | 24/03/2020 | ? | Bank customers in Germany | Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction. | Malware | K Financial and insurance activities | CC | DE | IBM X-Force, TrickMo, Android, TrickBot | |
| 69 | 24/03/2020 | ? | Twitter users | Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Twitter, coronavirus, COVID-19 | |
| 70 | 24/03/2020 | ? | PropTiger | Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018. | Unknown | L Real estate activities | CC | IN | PropTiger | |
| 71 | 25/03/2020 | APT41 | Multiple targets | Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe. | Targeted Attack | Y Multiple Industries | CE | >1 | FireEye, APT41 | |
| 72 | 25/03/2020 | ? | Tupperware | Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Tupperware, Magecart, Malwarebytes | |
| 73 | 25/03/2020 | ? | Daniel's Hosting | The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases. | Unknown | S Other service activities | CC | DE | Daniel's Hosting | |
| 74 | 25/03/2020 | Palesa | AMD | AMD admits that a hacker has stolen files related to some of its graphics products. | Unknown | C Manufacturing | CC | US | AMD, Palesa | |
| 75 | 25/03/2020 | ? | Linksys Routers | Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer. | Malware | Y Multiple Industries | CC | >1 | Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19 | |
| 76 | 25/03/2020 | ? | Single Individuals | Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome. | Malware | X Individual | CC | >1 | Doctor Web, Google Chrome | |
| 77 | 25/03/2020 | ? | Websites using Wordpress | The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site. | Malicious Wordpress Plugin | Y Multiple Industries | CC | >1 | WordPress, WP-VCD, Coronavirus, COVID-19 | |
| 78 | 25/03/2020 | ? | Town of Jupiter | The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Jupiter, REvil, Sodinokibi, ransomware | |
| 79 | 26/03/2020 | China | North Korea | Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | China, North Korea, Google | |
| 80 | 26/03/2020 | Maze | Chubb | Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack. | Malware | K Financial and insurance activities | CC | CH | Chubb, Maze, ransomware | |
| 81 | 26/03/2020 | DoppelPaymer | Kimchuk | Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware | Malware | C Manufacturing | CC | US | Kimchuk, DoppelPaymer, ransomware | |
| 82 | 26/03/2020 | FIN7 | Multiple targets | The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor. | Targeted Attack | K Financial and insurance activities | CC | US | FIN7, GRIFFON , FBI | |
| 83 | 26/03/2020 | Ryuk | US health care provider | A US health care provider is hit with the Ryuk ransomware. | Malware | Q Human health and social work activities | CC | US | Ryuk, ransomware | |
| 84 | 26/03/2020 | ? | Undisclosed US hospitality provider | Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack. | Malware | Q Human health and social work activities | CC | US | Trustwave, BadUSB | |
| 85 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update. | Account Hijacking | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 86 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new spam campaign exploiting COVID-19. | Malicious Spam | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 87 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections. | Malware | X Individual | CC | IT | Forcepoint, COVID-19, Coronavirus | |
| 88 | 27/03/2020 | Silence and TA505 | At least two companies operating in pharmaceutical and manufacturing sectors have been affected | Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322 | Targeted Attack | C Manufacturing | CC | EU | Group-IB, TA505, Silence, CVE-2019-1405, CVE-2019-1322 | |
| 89 | 27/03/2020 | ? | Social Bluebook | Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked. | Unknown | J Information and communication | CC | US | Social Bluebook | |
| 90 | 27/03/2020 | ? | U.S. Small Businesses | Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). | Malware | Y Multiple Industries | CC | US | IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA | |
| 91 | 27/03/2020 | ? | Multiple targets in Australia | The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity. | Account Hijacking | Y Multiple Industries | CC | AU | Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus | |
| 92 | 28/03/2020 | ? | 4.9 million Georgian citizens | The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum. | Unknown | O Public administration and defence, compulsory social security | CC | GE | Georgia | |
| 93 | 28/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member. | Malicious Spam | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 94 | 28/03/2020 | Two malicious groups | Multiple targets | Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. | DrayTek Vigor enterprise routers vulnerability | Y Multiple Industries | CC | >1 | Qihoo 360, DrayTek | |
| 95 | 28/03/2020 | ? | Teaching Council | A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared. | Account Hijacking | P Education | CC | IE | Teaching Council | |
| 96 | 29/03/2020 | Saudi Arabia? | Saudi citizens in the US | Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US. | SS7 Vulnerabilities | X Individual | CE | SA | Saudi Arabia | |
| 97 | 29/03/2020 | ? | Single Individuals | A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 98 | 30/03/2020 | ? | Major banks from the US, Canada, and Australia | Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan. | Malware | K Financial and insurance activities | CC | >1 | IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus | |
| 99 | 30/03/2020 | ? | Multiple targets | FBI warns about Zoom bombing as hijackers take over school and business video conferences. | Zoom misconfiguration | Y Multiple Industries | CC | >1 | FBI, Zoom bombing | |
| 100 | 30/03/2020 | ? | Multiple targets in the US | The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign. | Targeted Attack | Y Multiple Industries | CE | US | FBI, Kwampirs | |
| 101 | 30/03/2020 | ? | YouTuber users | A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates. | Account Hijacking | X Individual | CC | >1 | YouTube, Ponzi scam, Bill Gates. | |
| 102 | 30/03/2020 | ? | GoDaddy.com | A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com. | Account Hijacking | J Information and communication | CC | US | GoDaddy.com, escrow.com. | |
| 103 | 30/03/2020 | "Samaneye Shekar” meaning “Hunting system” | 42 million Iranian citizens | The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online. | Unknown | X Individual | CC | IR | HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system | |
| 104 | 31/03/2020 | ? | Marriott | Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February. | Account Hijacking | I Accommodation and food service activities | CC | US | Marriott | |
| 105 | 31/03/2020 | ? | Specific Asian religious and ethnic group | Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group. | Targeted Attack | X Individual | CE | >1 | Kaspersky, Holy Water | |
| 106 | 31/03/2020 | ? | Multiple targets | Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. | Malware | Y Multiple Industries | CC | >1 | Mimecast, LimeRAT, Excel | |
| 107 | 31/03/2020 | ? | Single Individuals | Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear. | Account Hijacking | X Individual | CC | >1 | Cofense, COVID-19, Coronavirus | |
| ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Tags |
