It’s time to publish the first timeline of April, covering the main cyber attacks occurred in the first fortnight of this month. The COVID-19 emergency continues to characterize the threat landscape, and in this timeline I have collected 104 event included 8 that slipped from the previous one, and one third of them is somehow related to the pandemic.
And once again the gangs behind ransomware attacks did not show any mercy: even in this timeline we have some high-profile victims in the energy, finance, and healthcare sectors.
Apparently the COVID-19 pandemic is also overshadowing the cyber espionage campaign. This first half of April was unusually quiet, despite some well know threat actors made the headlines, such as DarkHotel, Energetic Bear, and the Syrian Electronic Army.
It’s all for the summary. Feel free to browse the timeline, and read the details about the main events (and the impact of the COVID-19 on the threat landscape). Also feel free to share the timeline to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/1970
?
Avalon Health Care Management
Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Avalon Health Care Management
2
01/01/1970
Bassterlord
Indian State Tax Office
A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum,
Unknown
O Public administration and defence, compulsory social security
CC
IN
Bassterlord
3
01/01/1970
?
Meadville Medical Center
Meadville Medical Center is hit with a malware attack.
Malware
Q Human health and social work activities
CC
US
Meadville Medical Center
4
01/01/1970
?
SBTech
SBTech is hit with a ransomware infection
Malware
R Arts entertainment and recreation
CC
MA
SBTech, ransomware
5
01/01/1970
?
Brandywine Urology Consultants
Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27.
Malware
Q Human health and social work activities
CC
US
Brandywine Urology Consultants, ransomware
6
01/01/1970
Maze
BetUS
Online gambling operator BetUS is the latest target of the Maze ransomware gang.
Malware
R Arts entertainment and recreation
CC
CW
BetUS, Maze, ransomware
7
01/01/1970
Nefilim
Cosan
The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy.
Malware
C Manufacturing
CC
BR
Nefilim, Cosan, ransomware
8
01/01/1970
?
Android users
Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware.
Malware
X Individual
CC
>1
Bitdefender, Android, Zoom
9
04/01/2020
?
Several dozens hospitals
Microsoft issues a targeted warning to several dozen hospitals, alerting them to vulnerabilities in their VPN appliances after spotting a ransomware gang targeting them.
Malware
Q Human health and social work activities
CC
US
Microsoft, Coronavirus, COVID-19, VPN
10
04/01/2020
?
Multiple MS-SQL servers
Researchers from Guardicore lab reveal the details of Vollgar, a long-running attack campaign aiming to infect Windows machines running MS-SQL servers, and bruteforcing them to install cryptominers and RATs.
Brute-Force
Y Multiple Industries
CC
>1
Vollgar, MS-SQL servers, Crypto, Guardicore
11
04/01/2020
?
U.S. healthcare and higher education organizations
Researchers from Proofpoint discover a phishing campaign claiming that the Trump administration is considering sending most American adults a check to help stimulate the economy.
Account Hijacking
Q Human health and social work activities
CC
US
Proofpoint, Trump, COVID-19, Coronavirus
12
04/01/2020
?
Single Individuals in Australia
Researchers from Proofpoint discover a new phishing campaign claiming to be sent by a major Australian newspaper and promoting tax benefits.
Account Hijacking
X Individual
CC
AU
Proofpoint, COVID-19, Coronavirus
13
04/01/2020
?
Technology and IT organizations
Researchers from Proofpoint discover a new phishing campaign claiming to come from the World Health Organization (WHO) and the International Monetary Fund (IMF).
Account Hijacking
M Professional scientific and technical activities
CC
>1
Proofpoint, COVID-19, Coronavirus, IMF, WHO
14
04/01/2020
?
Information security and technology organizations
Researchers from Proofpoint discover a new campaign attempting to steal user IDs, passwords, and credit card numbers via a fake COVID-19 cash claim.
Account Hijacking
M Professional scientific and technical activities
CC
US
Proofpoint, COVID-19, Coronavirus
15
04/01/2020
?
Multiple organizations
Another campaign discovered by Proofpoint, claims to provide "COVID-19 reliefs measures" from a major UK bank,
Account Hijacking
Y Multiple Industries
CC
SG
Proofpoint, COVID-19, Coronavirus
16
04/01/2020
Maze
Berkine
The Maze ransomware group posts data from Berkine, a joint venture between Sonatrach, the state-owned oil company of Algeria, and the US firm formerly known as Anadarko Petroleum Corporation.
Malware
D Electricity gas steam and air conditioning supply
10x Genomics notifies about a Sodinokibi ransomware attack.
Malware
Q Human health and social work activities
CC
US
10x Genomics, ransomware, Sodinokibi, REvil
18
04/02/2020
?
Twitter Users
Twitter deletes 20,000 fake accounts linked to the governments of Serbia, Saudi Arabia, Egypt, Honduras and Indonesia, saying they violated company policy and were a “targeted attempt to undermine the public conversation”.
Fake Social Network Groups/Pages
X Individual
CW
>1
Twitter, Serbia, Saudi Arabia, Egypt, Honduras, Indonesia
19
04/02/2020
?
Individuals in the US
The Internal Revenue Service (IRS) issues a warning about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information.
Microsoft says that an Emotet infection was able to take down an organization's entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to after one employee was tricked to open a phishing email attachment.
Malware
Z Unknown
CC
N/A
Emotet, Microsoft
21
04/02/2020
?
Single Individuals
Researchers from Inky discover a phishing campaign using reversed text to avoid detection.
Account Hijacking
Y Multiple Industries
CC
>1
Inky, Account Hijacking
22
04/02/2020
?
Android Australian users
Researchers from Bitdefender uncover Mandrake, a new Android spying operation specifically targeting Australian users, active for at least four years.
Targeted Attack
X Individual
CE
AU
Mandrake, Bitdefender
23
04/02/2020
?
Single Individuals
Researchers from Fortinet discover a new Coronavirus-themed campaign using alleged messages from the World Health Organization (WHO) to deliver the LokiBot trojan.
Malicious Spam
X Individual
CC
>1
Fortinet, Coronavirus, COVID-19, World Health Organization, WHO, LokiBot
24
04/02/2020
Magecart Group 7
19 e-commerce websites
Researchers from RiskIQ discover a new Magecart campaign able to compromise 19 e-commerce websites via a new MakeFrame skimmer.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Magecart Group 7, RiskIQ, MakeFrame
25
04/02/2020
?
Targets in China and Japan
Researchers at the JPCERT discover a campaign against targets in China and Japan exploiting CVE-2019-17026.
Targeted Attack
Y Multiple Industries
CE
CN
JP
JPCERT, CVE-2019-17026.
26
04/02/2020
?
Facebook users
Facebook removes more than 300 fake accounts, pages and groups tied to France and Egypt, including some that posed as news outlets and shared content about various topics including the novel coronavirus.
Fake Social Network Groups/Pages
X Individual
CW
>1
Facebook
27
04/03/2020
?
Vulnerable Docker servers
Researchers from Aqua Security reveal that for the past few months, a malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password, to install a new crypto-mining malware strain named Kinsing.
Misconfiguration
Y Multiple Industries
CC
>1
Aqua Security, Docker, Kinsing, Crypto
28
04/03/2020
?
Elasticsearch servers
For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content.
Misconfiguration
Y Multiple Industries
CC
>1
Elasticsearch
29
04/03/2020
?
Single Individuals
Researchers from Trend Micro discover a Zoom installer bundled with a cryptominer (Trojan.Win32.MOOZ.THCCABO).
Mozilla patches two Firefox vulnerabilities (CVE-2020-6819 and CVE-2020-6820) exploited in the wild for targeted attacks.
Targeted Attack
Y Multiple Industries
CC
>1
Firefox, CVE-2020-6819 , CVE-2020-6820, Mozilla
31
04/03/2020
?
Discord users
Researchers from MalwareHunterTeam discover a new version of the AnarchyGrabber embedded with the Discord chat client.
Malware
X Individual
CC
>1
MalwareHunterTeam, AnarchyGrabber , Discord
32
04/03/2020
?
US Government
Criminals disrupt a Zoom meeting held at the highest levels of the US government, despite warnings against using the software.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Zoom, US Government, COVID-19, Coronavirus
33
04/03/2020
?
OGUsers
OGUsers, one of the most popular hacking forums on the internet, discloses a security breach, the second such incident in the past year.
Unknown
U Activities of extraterritorial organizations and bodies
CC
N/A
OGUsers
34
04/03/2020
?
Wolfe & Associates
Wolfe & Associates, Property Services discloses that an online database was compromised by cyber-criminals in a data breach that may have occurred as many as six months ago.
Unknown
L Real estate activities
CC
US
Wolfe & Associates, Property Services
35
04/04/2020
?
Hospitals engaged in the COVID-19 response
INTERPOL cautions that it has detected a significant increase in ransomware cyber-attacks against hospitals around the world engaged in the COVID-19 response.
Malware
Q Human health and social work activities
CC
>1
INTERPOL, COVID-19, Coronavirus
36
04/04/2020
?
Android users
A team of researchers exposes a secret group of at least 27 app developers, with 101 malicious apps in total for a combined 69 million installs.
Malware
X Individual
CC
>1
Android
37
04/05/2020
?
More than 200 of the world's largest CDNs
Traffic for more than 200 of the world's largest CDNs and cloud hosting providers is suspiciously redirected through Rostelecom, Russia's state-owned telecommunications provider. The incident affects more than 8,800 internet traffic routes from 200+ networks. Impacted companies include names such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode.
The data of more than 600,000 Email.it users is currently being sold on the dark web. The breach allegedly occurred two years ago.
Unknown
J Information and communication
CC
IT
NN Hacking Group, Email.it
39
04/05/2020
?
MNP
MNP, an accounting firm in Canada is hit by a ransomware attack.
Malware
K Financial and insurance activities
CC
CA
MNP, ransomware
40
04/06/2020
?
NASA
NASA reveal to have seen "significantly increasing" malicious activity from both nation-state hackers and cybercriminals targeting the US space agency's systems and personnel working from home during the COVID-19 pandemic.
>1
O Public administration and defence, compulsory social security
CE
US
NASA, COVID-19, Coronavirus
41
04/06/2020
?
Multiple targets
FBI's Internet Crime Complaint Center (IC3) issues a public service announcement warning of cybercriminals abusing popular cloud-based email services as part of Business Email Compromise (BEC) attacks.
Business Email Compromise
Y Multiple Industries
CC
US
FBI, Internet Crime Complaint Center, IC3, Business Email Compromise, BEC
42
04/06/2020
DarkHotel
Chinese government agencies
Researchers from Qihoo 360 reveal that Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees, exploiting a zero-day vulnerability in Sangfor SSL VPN servers.
Targeted Attack
O Public administration and defence, compulsory social security
CE
CN
Qihoo 360, Sangfor, DarkHotel
43
04/06/2020
?
Brazilian WhatsApp users
Researchers from Kaspersky reveal a 124% increase in phishing attacks as a result of WhatsApp messages with content relating to the pandemic.
Governments of Australia, India, Pakistan, Thailand, and Zimbabwe
Hackers from Ghost Squad deface some official sites belonging to the governments of Australia, India, Pakistan, Thailand, and Zimbabwe.
Defacement
O Public administration and defence, compulsory social security
H
>1
Ghost Squad, Governments of Australia, India, Pakistan, Thailand, and Zimbabwe
45
04/07/2020
?
Five APT groups
Researchers from BlackBerry discover that advanced hackers working in the interests of China have been attacking Linux targets with a lot of success and little to no detection in the past decade.
Targeted Attack
Y Multiple Industries
CE
>1
BlackBerry, China, Linux
46
04/07/2020
Energetic Bear (aka DragonFly, Crouching Yeti).
San Francisco International Airport
San Francisco International Airport (SFO) discloses a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020.
Malicious Script Injection
H Transportation and storage
CE
US
San Francisco International Airport, SFO, SFOConnect.com, SFOConstruction.com, Energetic Bear, DragonFly, Crouching Yeti
47
04/07/2020
?
Individuals in the US
Researchers from Abnormal Security discover a malicious campaign where fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government.
Researchers from Malwarebytes discover that malicious actors created a fake webpage that impersonates cybersecurity company and were using it as a gateway in a malvertising campaign designed to infect victims with the Raccoon information stealer.
Malvertising
X Individual
CC
>1
Malwarebytes, Raccoon
49
04/07/2020
FIN6 and the operators of the TrickBot
Multiple targets
Researchers from IBM X-Force reveal that two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.”
Malware
Y Multiple Industries
CC
>1
IBM X-Force, FIN6, TrickBot, Anchor
50
04/07/2020
Maze
Stockdale Radiology
Stockdale Radiology confirms to have been hit by the Maze ransomware.
Malware
Q Human health and social work activities
CC
US
Stockdale Radiology, Maze, ransomware
51
04/07/2020
?
EVERSANA
EVERSANA, a global commercial services provider to healthcare entities, discloses a phishing attack that occurred between April 1 and July 3, 2019.
Account Hijacking
M Professional scientific and technical activities
CC
US
EVERSANA
52
04/08/2020
?
Multiple targets
A joint alert by the U.K. National Cyber Security Centre (NCSC) and the Department of Homeland Security (DHS) U.K. warns about COVID-19 scams, revealing a list of 2,500 coronavirus-themed threats.
>1
Y Multiple Industries
CC
>1
U.K. National Cyber Security Centre, NCSC, Department of Homeland Security, DHS, COVID-19, Coronavirus
53
04/08/2020
?
Multiple servers
Researchers from Netlab 360 reveal the details of the last version of DDG, a Monero-mining botnet P2P-based.
Malware
Y Multiple Industries
CC
>1
Netlab 360, DDG, Monero, Crypto
54
04/08/2020
?
Vianet
Hackers manage to access the database of Vianet and steal the details of more than 160,000 current and former users
Unknown
J Information and communication
CC
NP
Vianet
55
04/08/2020
?
Vulnerable IoT devices
Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks.
Multiple Vulnerabilities
Y Multiple Industries
CC
>1
Bitdefender, Dark_Nexus
56
04/08/2020
?
Bisq
Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users.
Vulnerability
V Fintech
CC
N/A
Bisq, Crypto
57
04/08/2020
?
Cisco Webex users
Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials.
Account Hijacking
X Individual
CC
>1
Cofense, Cisco Webex, COVID-19, Coronavirus
58
04/08/2020
?
Multiple targets
Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Coronavirus, COVID-19
59
04/09/2020
?
Government of North Rhine-Westphalia
The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid.
Account Hijacking
O Public administration and defence, compulsory social security
CC
DE
North Rhine-Westphalia, COVID-19
60
04/09/2020
?
Android users
Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues.
Malware
X Individual
CC
>1
Check Point, coronavirus, COVID-19, Android
61
04/09/2020
?
E-Commerce sites powered by WordPress
Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce.
Malicious Script Injection
Y Multiple Industries
CC
>1
Sucuri, Javascript, WooCommerce
62
04/09/2020
?
Single Individuals
A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam.
Malicious Spam
X Individual
CC
>1
Extortion
63
04/09/2020
?
Single Individuals
Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump.
Account Hijacking
X Individual
CC
US
Inky, White House, Mike Pence, Coronavirus, COVID-19
64
04/09/2020
?
DESMI
DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack.
Malware
C Manufacturing
CC
DK
DESMI, ransomware
65
04/09/2020
?
Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com
Someone is selling personal details of 45,000 Iranians on the dark web.
Unknown
X Individual
CC
IR
Niazpardaz[.]ir, Arzi24[.]com
66
04/10/2020
?
Mediterranean Shipping Co (MSC)
Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack.
Malware
H Transportation and storage
CC
CH
Mediterranean Shipping Co, (MSC)
67
04/10/2020
Protag
Quidd
Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.
Unknown
R Arts entertainment and recreation
CC
US
Quidd
68
04/10/2020
Nefilim
MAS Holdings
The Nefilim ransomware group operators leak the data of MAS Holdings.
Malware
C Manufacturing
CC
LK
Nefilim, Mas Holdings, ransomware
69
04/10/2020
?
Single Individuals
Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials.
Credential Stuffing
X Individual
CC
>1
IntSights, Zoom
70
04/10/2020
?
Saint Francis Ministries
An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019.
Account Hijacking
S Other service activities
CC
US
Saint Francis Ministries
71
04/10/2020
?
Single Individuals
Researchers from Sophos reveal a surge in sextortion emails.
Malicious Spam
X Individual
CC
>1
Sophos, Sextortion
72
04/10/2020
?
115 million Pakistani mobile users
Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data.
Unknown
X Individual
CC
PK
Rewterz, Pakistan
73
04/11/2020
?
Monte dei Paschi
Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30.
Account Hijacking
K Financial and insurance activities
CC
IT
Monte dei Paschi
74
04/11/2020
?
Lafayette Regional Rehabilitation Hospital
Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months.
Account Hijacking
Q Human health and social work activities
CC
US
Lafayette Regional Rehabilitation Hospital
75
04/12/2020
?
Single Individuals
A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers.
Malware
X Individual
CC
>1
Ransomware
76
04/12/2020
?
New York State
New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States.
Citrix Vulnerability
O Public administration and defence, compulsory social security
CE
US
New York State
77
04/12/2020
?
Doctors based in the US
A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States.
Unknown
Q Human health and social work activities
CC
US
78
01/01/1970
?
Single Individuals
Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums.
Credential Stuffing
X Individual
CC
>1
Cyble, 500,000, Zoom
79
01/01/1970
?
Hartford HealthCare
Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year.
Account Hijacking
Q Human health and social work activities
CC
US
Hartford HealthCare
80
01/01/1970
?
Government agencies involved in the procurement of personal protective equipment and other supplies
The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
US
FBI, COVID-19, Coronavirus
81
01/01/1970
?
Accounts of banking customers in Spain
Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Grandoreiro, Chrome
82
01/01/1970
?
Doctors Community Medical Center
Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January.
Account Hijacking
Q Human health and social work activities
CC
US
Doctors Community Medical Center
83
01/01/1970
Ragnar Locker
Energias de Portugal (EDP)
Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).
Malware
D Electricity gas steam and air conditioning supply
CC
PT
Energias de Portugal (EDP),
84
01/01/1970
?
Chrome Users
Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort.
Malicious Browser Extension
X Individual
CC
>1
Google, Chrome, MyCrypto, PhishFort, crypto
85
01/01/1970
?
Single Individuals
Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads.
Server-Side Ad Insertion (SSAI) Hijacking
X Individual
CC
>1
White Ops, ICEBUCKET, Smart TVs
86
01/01/1970
?
Canadian government healthcare organization
Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic.
Medical organizations and medical research facilities located in Japan and Canada
Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware.
Malware
Q Human health and social work activities
CC
CA
JP
Palo Alto, AgentTesla, COVID-19, Coronavirus
89
01/01/1970
?
GitHub users
GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes.
Account Hijacking
Y Multiple Industries
CC
>1
GitHub, Sawfish
90
01/01/1970
?
Individuals in the US
Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails.
Malware
X Individual
CC
US
Fortinet, NetWire, IRS, COVID-19, Coronavirus
91
01/01/1970
TA505
Multiple targets
Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT.
Malware
Y Multiple Industries
CC
>1
IBM X-Force, TA505, SDBbot
92
01/01/1970
?
Two Manitoba law firms
Two Manitoba law firms are hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Manitoba, ransomware
93
01/01/1970
?
Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.
Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app.
Malware
Y Multiple Industries
CE
>1
Trend Micro, Project Spy, COVID-19
94
01/01/1970
Syrian Electronic Army (SEA)
Single Individuals in Syria
Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens.
Malware
X Individual
CE
SY
Lookout, COVID-19, Coronavirus
95
01/01/1970
International Union of Virtual Media (IUVM) (linked to Iran)
Social Network users
Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter.
Fake Social Network Groups/Pages
X Individual
CW
>1
Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM
96
01/01/1970
Satan
Mercantile Communications Pvt Ltd
A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd.
DNS Hijacking
J Information and communication
CC
NP
Mercantile Communications Pvt Ltd, Satan
97
01/01/1970
?
Valorant players
Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys.
Malware
R Arts entertainment and recreation
CC
>1
Valorant
98
01/01/1970
?
Single Individuals
Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19
Business Email Compromise
X Individual
CC
US
Trustwave, COVID-19, Coromnavirus
99
01/01/1970
?
Wappalyzer
Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20.
Misconfiguration
M Professional scientific and technical activities
CC
AU
Wappalyzer
100
01/01/1970
?
Customers of the main Portuguese banks
A new Android Trojan-Banker targets customers of the main Portuguese banks.
Malware
K Financial and insurance activities
CC
PT
Android, Trojan-Banker
101
01/01/1970
?
Single Individuals
Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak.
Account Hijacking
X Individual
CC
>1
Mimecast, COVID-19, Coronavirus
102
01/01/1970
Hidden Cobra
US and western financial institutions
The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions.
Targeted Attack
K Financial and insurance activities
CC
>1
DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA
103
01/01/1970
?
Applications Software Technologies
Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account.
Account Hijacking
M Professional scientific and technical activities
CC
US
Applications Software Technologies
104
01/01/1970
?
EA Sports
EA Sports is hit by a DDoS attack
DDoS
R Arts entertainment and recreation
CC
US
EA Sports
105
01/01/1970
?
South African Department for Women, Youth, and Persons with Disabilities
The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack.
Zoom bombing
O Public administration and defence, compulsory social security
CC
ZA
South African Department for Women, Youth, and Persons with Disabilities, Zoom
I believe there is also this problem with all of the data for Q1. This appears to be the earliest month this year that the data is accessible in the tables. Can the original tables be made accessible for Jan, Feb and March? Hopefully it is a simple fix!
Also, I’m really interested in the trend following COVID-19 related attacks, can you explain how you classify an attack as being related to COVID-19 please?
Hi Paolo,
I believe there is also this problem with all of the data for Q1. This appears to be the earliest month this year that the data is accessible in the tables. Can the original tables be made accessible for Jan, Feb and March? Hopefully it is a simple fix!
Also, I’m really interested in the trend following COVID-19 related attacks, can you explain how you classify an attack as being related to COVID-19 please?
Really fascinated in your work! Many thanks
John,
thanks for letting me know.
Apparently Google changed the way the spreadsheets are shared. I re-published all the affected files in Excel format and thy should be available now.
Thanks again.
Paolo.
No data available in table…
Thanks I fixed it. I don’t know why but the original table was not accessible anymore
Thank you!