It’s time to publish the second timeline of April, covering the main cyber attacks occurred between April 16 and April 30 (including three events occurred in the first half of the same month. Due to the COVID-19 crisis, the level of activity continues to be quite high. In this timeline I have collected 92 events, less than the 104 events collected in the first timeline of April, but equally an important number.
So the pandemic continues to characterize the threat landscape, nearly one quarter of the events is somehow related to COVID-19: we have seen opportunistic phishing campaigns exploiting the fear, but also targeted cyber espionage operations against institutions involved in the fight against the virus.
Other interesting events include two mega breaches against an Android app store, and an online children game, a partially failed attack against two cryptocurrency exchanges (the attackers were probably unmasked and returned part of the stolen funds, and the discovery of Florentine Banker, a cybercriminal group able to steal $1.3 million dollars in a sophisticated Business Email Compromise operation.
The list of cyber espionage is equally quite rich, and includes operations from well-known actors such as Winnti (AKA APT41) and Ocean Lotus (AKA APT32), long lasting campaigns like PerSwaysion, targeting high-ranking executives at more than 150 companies since 2019, and a couple of campaigns exploiting iOS vulnerabilities.
But now it’s tim to browse the timeline, and read the details of each event. Of course you can share the timeline to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
04/03/2020
?
Vulnerable ZyXEL routers
Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.
Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts.
Vulnerable Wordpress Plugins
Y Multiple Industries
CC
>1
Sucuri, WordPress, OneTone
3
01/01/1970
?
Vulnerable IoT devices
Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices.
Malware
Y Multiple Industries
CC
>1
NetLab 360, Moobot, Mirai
4
01/01/1970
Foreign government hackers
Companies conducting research into treatments for COVID-19
The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, COVID-19
5
01/01/1970
?
Azerbaijan government and utility companies
Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AZ
Cisco Talos, PoetRAT, COVID-19
6
01/01/1970
?
Ruby Users
Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards.
Malware
Y Multiple Industries
CC
>1
ReversingLabs, RubyGems, Ruby
7
01/01/1970
?
Single Individuals
Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer.
Malvertising
X Individual
CC
>1
Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0
8
01/01/1970
?
Aptoide
A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications.
SQL Injection
J Information and communication
CC
PT
Aptoide, Android
9
01/01/1970
Trickbot
Multiple targets
Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message.
Malware
Y Multiple Industries
CC
>1
Microsoft, Trickbot, COVID-19, Coronavirus
10
01/01/1970
Clop
ExecuPharm
U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom.
Malware
Q Human health and social work activities
CC
US
ExecuPharm, Clop
11
01/01/1970
?
Organizations in Italy
Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy.
Malware
Y Multiple Industries
CC
IT
Cybaze-Yoroi ZLab, Ursnif
12
01/01/1970
?
PrimoHoagies
PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.
Malicious Script Injection
I Accommodation and food service activities
CC
US
PrimoHoagies
13
01/01/1970
?
Banking users
Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan.
Malware
K Financial and insurance activities
CC
>1
Trustwave, Excel, COVID-19, Gozi
14
01/01/1970
?
Aurora Medical Center Bay Area
Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Aurora Medical Center Bay Area
15
01/01/1970
?
Olean City
Olean City is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Olean City. Ransomware
16
01/01/1970
?
Cognizant
Information technologies services giant Cognizant is hit by the Maze Ransomware.
Malware
M Professional scientific and technical activities
CC
US
Cognizant, Maze
17
01/01/1970
?
Webkinz World,
A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz.
SQL Injection
R Arts entertainment and recreation
CC
CA
Webkinz World, Ganz
18
01/01/1970
?
Uniswap
Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful.
Vulnerability
V Fintech
CC
US
Uniswap, Crypto
19
01/01/1970
?
Lendf.me
The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught.
Vulnerability
V Fintech
CC
N/A
Lendf.me, crypto
20
01/01/1970
?
Facebook users
Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums.
Misconfiguration
X Individual
CC
>1
Cyble, Facebook
21
01/01/1970
?
UniCredit
Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack.
SQL Injection
K Financial and insurance activities
CC
IT
UniCredit
22
01/01/1970
?
Energy, manufacturing, and business services in the United States
Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account.
Account Hijacking
Y Multiple Industries
CC
US
Proofpoint, Zoom, COVID-19
23
01/01/1970
TA4562
Manufacturing industrial, marketing/advertising, technology, IT and construction companies
Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Zoom, COVID-19, TA4562
24
01/01/1970
?
Danish Agro
Danish Agro is hit with a ransomware attack.
Malware
S Other service activities
CC
DK
Danish Agro, ransomware
25
01/01/1970
Winnti (aka APT41, BARIUM, Blackfly).
Gravity
Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game.
Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr.
Zoom Bombing
S Other service activities
CC
US
Zoom, Believr
27
01/01/1970
?
Chartered Institute for Securities and Investments (CISI)
The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website.
Malicious Script Injection
S Other service activities
CC
UK
Chartered Institute for Securities and Investments, CISI
28
01/01/1970
?
Brandywine Counseling and Community Services
Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020.
Malware
Q Human health and social work activities
CC
US
Brandywine Counseling and Community Services, ransomware
29
01/01/1970
?
Nintendo users
Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system.
Account Hijacking
R Arts entertainment and recreation
CC
JP
Nintendo, Nintendo Network ID, NNID
30
01/01/1970
?
China's Uyghur minority
Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority.
Targeted Attack
X Individual
CE
CN
Volexity, Insomnia, iOS, Uyghur
31
01/01/1970
?
Zoom users in corporate environments
Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, COVID-19
32
01/01/1970
DoppelPaymer
City of Torrance
The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
The City of Torrance, DoppelPaymer
33
01/01/1970
?
US healthcare providers
The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.
Malware
Q Human health and social work activities
CC
US
FBI, COVID-19
34
01/01/1970
?
Single Individuals
A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds.
Malware
X Individual
CC
>1
CoronaLocker, COVID-19
35
01/01/1970
?
Oil and gas industries in multiple countries
Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
>1
Bitdefender, Agent Tesla
36
01/01/1970
?
Parkview Medical Center
Parkview Medical Center is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Parkview Medical Center, ransomware
37
01/01/1970
?
Single Individuals
Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp.
Account Hijacking
X Individual
CC
>1
ZeroFOX, WhatsApp, COVID-19
38
01/01/1970
?
Whisky Auctioneer
An online auction of rare whiskies is postponed indefinitely following a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Whisky Auctioneer
39
01/01/1970
?
Banking users in Spain, Portugal, Brazil and other parts of Latin America
Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America.
Malware
K Financial and insurance activities
CC
>1
BM X-Force, Banking.BR
40
01/01/1970
State-sponsored actor
Multiple targets
Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018.
Targeted Attack
Y Multiple Industries
CE
>1
ZecOps, iPhone, iPad
41
01/01/1970
?
Valve
The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked
Unknown
R Arts entertainment and recreation
CC
US
Valve
42
01/01/1970
Government-backed attackers
US government workers
Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials.
Account Hijacking
O Public administration and defence, compulsory social security
CE
US
Google's Threat Analysis Group, TAG, Gmail
43
01/01/1970
Tag Barnakle
Vulnerable AD servers
Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware.
Malvertising
Y Multiple Industries
CC
>1
Confiant, Tag Barnakle, Revive
44
01/01/1970
?
Multiple targets
A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network.
Account Hijacking
Y Multiple Industries
CC
>1
Phishing
45
01/01/1970
?
SIngle Individuals
Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months.
Malicious Spam
X Individual
CC
>1
Sophos
46
01/01/1970
Jerusalem Electronic Army (J.E.Army)
Water supply and treatment facilities in Israel
The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.
Unknown
E Water supply, sewerage waste management, and remediation activities
CE
IL
Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD
47
01/01/1970
Ocean Lotus AKA APT32
Wuhan government and Chinese Ministry of Emergency Management
Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic.
GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.
Account Hijacking
J Information and communication
CC
US
GoDaddy
49
01/01/1970
?
US Universities
Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT.
Malware
P Education
CC
US
Hupigon RAT
50
01/01/1970
Sodinokibi
SeaChange
SeaChange is hit with the Sodinokibi ransomware.
Malware
J Information and communication
CC
US
SeaChange, Sodinokibi, ransomware
51
01/01/1970
?
Multiple targets
The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells.
Web Shells
Y Multiple Industries
CC
US
AU
National Security Agency, NSA, Australian Signals Directorate, ASD
52
01/01/1970
?
Multiple targets
Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Skype, COVID-19
53
01/01/1970
?
Organizations in both public and private sectors, including financial institutions.
Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency.
Malware
Y Multiple Industries
CC
PE
ESET, VictoryGate, Crypto, Monero
54
01/01/1970
Florentine Banker
Israeli and UK financial firms
Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions.
Business Email Compromise
K Financial and insurance activities
CC
IL
UK
Florentine Banker, Check Point
55
01/01/1970
?
Small business owners
Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses.
Account Hijacking
Y Multiple Industries
CC
US
Abnormal Security, US Payroll Protection
56
01/01/1970
?
Multiple targets
A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
Account Hijacking
Y Multiple Industries
CC
>1
BazarBackdoor, TrickBot
57
01/01/1970
?
US and South Korean financial organizations and banks
Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash.
Unknown
K Financial and insurance activities
CC
US
KR
Group-IB, Joker's Stash
58
01/01/1970
?
Single Individuals
Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
Account Hijacking
X Individual
CC
US
Inky, U.S. Federal Reserve, COVID-19
59
01/01/1970
?
Single Individuals
Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware.
Malware
X Individual
CC
US
NHS, COVID-19
60
01/01/1970
?
Illinois Valley Community College
Illinois Valley Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Illinois Valley Community College, ransomware
61
01/01/1970
Asnarök
Vulnerable Sophos XG Firewalls
Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök.
SQL Injection
Y Multiple Industries
CC
>1
Sophos, XG, Asnarök
62
01/01/1970
THE0TIME
Huiying Medical Technology
Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data.
Unknown
C Manufacturing
CC
CN
Cyble, Huiying Medical Technology, COVID-19, THE0TIME
63
01/01/1970
?
Robert Dyas
Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.
Malicious Script Injection
G Wholesale and retail trade
CC
UK
Robert Dyas
64
01/01/1970
?
Multiple targets
Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.
Account Hijacking
Y Multiple Industries
CC
>1
Kaspersky, COVID-19, FedEx, UPS, DHL
65
01/01/1970
?
Lumberton Township Public Schools in Burlington County
Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students.
Zoom Bombing
P Education
CC
US
Lumberton Township Public Schools, Burlington County, Zoom
66
01/01/1970
Sodinokibi AKA Revil
CivicSmart
CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Sodinokibi, Revil, CivicSmart, Ransomware
67
01/01/1970
Light
Zaha Hadid Architects
A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand.
Malware
M Professional scientific and technical activities
CC
UK
Zaha Hadid Architects, Light, ransomware
68
01/01/1970
?
Android users
Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action.
Malware
X Individual
CC
>1
Check Point, Lucy, FBI, ransomware, Android
69
01/01/1970
?
Single Individuals
Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency.
Malware
X Individual
CC
>1
Microsoft, torrent
70
01/01/1970
?
Vulnerable Wordpress servers
Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins.
Vulnerable Wordpress Plugins
Y Multiple Industries
CC
>1
Wordfence, Wordpress
71
01/01/1970
Ocean Lotus AKA APT32?
Android devices in countries including India, Vietnam, Bangladesh, and Indonesia.
Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
Malware
X Individual
CE
>1
Kaspersky, PhantomLance, Google Play, Android
72
01/01/1970
Outlaw Hacking Group
Multiple targets in Europe
Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations.
Malware
Y Multiple Industries
CC
>1
Cybaze-Yoroi ZLab, Outlaw
73
01/01/1970
?
Banking users especially in Brazil, Mexico, Spain and Peru
Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru.
Malware
K Financial and insurance activities
CC
>1
ESET, Grandoreiro, COVID-19
74
01/01/1970
?
Organizations in Healthcare
Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare.
Malware
Q Human health and social work activities
CC
>1
Microsoft, ransomware, COVID-19
75
01/01/1970
?
Zoom users
Researchers at IntSights discover multiple Zoom databases on underground forums.
Credential stuffing
Y Multiple Industries
CC
>1
IntSights, Zoom
76
01/01/1970
?
High-profile Estonian individuals
The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee.
Zero-day vulnerability
O Public administration and defence, compulsory social security
CE
EE
KaPo, Mail.ee.
77
01/01/1970
?
Chegg
Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers.
Unknown
M Professional scientific and technical activities
CC
US
Chegg
78
01/01/1970
?
Single Individuals
Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer.
Malware
X Individual
CC
>1
TrendMicro, COVID-19, Coronavirus, RevCode, Zoom
79
01/01/1970
?
Multiple targets
Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic.
Brute-force
Y Multiple Industries
CC
>1
Kaspersky, RDP, COVID-19, Coronavirus
80
01/01/1970
?
UseNeXT and Usenet.nl
UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company."
Unknown
J Information and communication
CC
DE
NL
UseNeXT, Usenet.nl, Usenet
81
01/01/1970
?
Undisclosed Multinational conglomerate
Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server.
Malware
Z Unknown
CC
N/A
Check Point, Android, Cerberus, Ransomware
82
01/01/1970
Aggah
Multiple targets
Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT
83
01/01/1970
?
PaperlessPay Corporation
PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers.
SQL Injection
M Professional scientific and technical activities
CC
US
PaperlessPay Corporation
84
01/01/1970
PerSwaysion
High-ranking executives at more than 150 companies
Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies.
Account Hijacking
Y Multiple Industries
CE
>1
Group-IB, PerSwaysion
85
01/01/1970
?
Vulnerable WebLogic servers
Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883.
CVE-2020-2883 vulnerability
Y Multiple Industries
CC
>1
Oracle, WebLogic, CVE-2020-2883.
86
01/01/1970
?
Banks and financial services across Europe
Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe
Malware
K Financial and insurance activities
CC
>1
Cybereason, EventBot, Android
87
01/01/1970
?
Multiple targets
Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA).
Malware
K Financial and insurance activities
CC
US
Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19
88
01/01/1970
Netwalker
NWT Power Corporation
NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack
Malware
D Electricity gas steam and air conditioning supply
CC
CA
NWT Power Corporation, Northwest Territories Power Corporation
89
01/01/1970
LockBit
Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia.
Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network.
Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Barracuda Networks, reCAPTCHA, Microsoft
91
01/01/1970
?
Warwick University
The Warwick University reveals to have been breached last year (and tried to cover the breach).
Malware
P Education
CC
UK
Warwick University
92
01/01/1970
?
SWPS University of Humanities and Social Sciences (‘SWPS University’)
The Polish University of Humanities and Social Sciences is hit with a ransomware attack.
Malware
P Education
CC
PL
SWPS, University of Humanities and Social Sciences , ransomware