After a short break it’s time to catch up with the timelines, so today let’s publish the first timeline of May where I have collected 114 events (including one occurred in April), a number that confirms that the growing trend driven by the COVID-19 pandemic and by the increasing number of ransomware attacks continues. Unfortunately the emotional distress of these hard times makes the potential victims even more vulnerable.
Yes the ransomware… As you are probably aware the criminal groups, led primarily by Maze and Sodinobiki (AKA REvil) are doubling down, leaking the stolen (and encrypted) data if victims refuse to pay the ransom. The number and impact of these attacks is getting wider and wider each month, and in this fortnight multiple organizations have fallen victims, including a prominent entertainment and law firm counting dozens of international stars as their clients.
But this fortnight has also seen multiple megabreaches, thanks primarily to the advent of a new threat actor, dubbed Shiny Hunters, that has put on sale millions of records leaked from several organizations worldwide. But millions are not only the records leaked, but also the dollars stolen from the Norway’s state investment fund, in another remarkable cyber event occurred in the same period.
Old and new friends have characterized the cyber espionage landscape (Turla, the Lazarus Group, Naikon APT), which has also been influenced by the race for the COVID-19 vaccine. In fact this timeline contains several campaigns against organizations involved in the response to the pandemic.
No more words… It’s time to browse the timeline, and read the details of each event. Of course you can share the timeline to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/1970
?
Aeries Student Information System
Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019.
Unknown
M Professional scientific and technical activities
CC
US
Aeries Student Information System
2
05/01/2020
Maze
Avalon Health Care Management
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data.
Malware
K Financial and insurance activities
CC
CR
Maze, Banco BCR
3
05/01/2020
?
Multiple organizations
Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams.
Account Hijacking
O Public administration and defence, compulsory social security
CC
>1
Microsoft Teams, Abnormal Security, COVID-19
4
05/01/2020
?
Single Individuals
A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
Malware
X Individual
CC
>1
LokiBot, Jigsaw, Ransomware
5
05/01/2020
Maze
Nashville Plastic Surgery Institute,
Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware
6
05/01/2020
Maze
Plastic Surgery Center Dr. Kristin Tarbet’s
Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware
7
05/01/2020
Sodinokibi (AKA REvil)
MJ Payne
MJ Payne, a London accountancy firm, suffers a REvil ransomware attack.
Malware
K Financial and insurance activities
CC
UK
MJ Payne, REvil ransomware, Sodinokibi
8
05/02/2020
?
LineageOS
Hackers breach the main infrastructure of the LineageOS Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30.
Salt vulnerability (CVE-2020-11651 and CVE-2020-11652)
M Professional scientific and technical activities
CC
N/A
LineageOS, Salt, CVE-2020-11651, CVE-2020-11652
9
05/02/2020
?
PeroxyChem
PeroxyChem is hit by a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
PeroxyChem, Maze, ransomware
10
05/03/2020
Shiny Hunters
Tokopedia
A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
SQLi
G Wholesale and retail trade
CC
ID
Tokopedia, Shiny Hunters
11
05/03/2020
Shiny Hunters
Unacademy
Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users.
Unknown
P Education
CC
IN
Unacademy, Shiny Hunters
12
05/03/2020
?
Naughty Dog
A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket.
Cloud Misconfiguration
R Arts entertainment and recreation
CC
US
Naughty Dog, The Last of Us, Amazon S3
13
05/03/2020
?
Ghost
The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer.
Salt vulnerability (CVE-2020-11651 and CVE-2020-11652)
J Information and communication
CC
US
Ghost, Salt, CVE-2020-11651, CVE-2020-11652
14
05/03/2020
?
Digicert
Digicert is compromised as a consequence of the Salt vulnerability.
Salt vulnerability (CVE-2020-11651 and CVE-2020-11652)
M Professional scientific and technical activities
CC
US
Digicert, Salt, CVE-2020-11651, CVE-2020-11652
15
05/03/2020
?
Xen Orchestra
Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability.
Salt vulnerability (CVE-2020-11651 and CVE-2020-11652)
M Professional scientific and technical activities
A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack.
DDoS
P Education
CC
US
Florida Gulf Coast University
18
05/03/2020
?
Dakota Carrier Network
Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware.
Malware
M Professional scientific and technical activities
CC
US
Dakota Carrier Network, Maze, Ransomware
19
05/04/2020
?
Single individuals in France
A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.
Malware
X Individual
CC
FR
VCrypt, ransomware
20
05/04/2020
State-sponsored hackers from Russia, Iran, and China
UK universities and scientific facilities
The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research.
Targeted Attack
P Education
CE
UK
National Cyber Security Centre, NCSC, Russia, Iran, China
21
05/04/2020
?
Financial Organizations
The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations.
Account Hijacking
K Financial and insurance activities
CC
US
Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint
22
05/04/2020
?
Companies across different industries
Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure.
Malicious Spam
Y Multiple Industries
CC
>1
REMCOS, COVID-19
23
05/04/2020
?
Tarkett
French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result:
Malware
C Manufacturing
CC
FR
Tarkett
24
05/04/2020
?
Android users in Ukraine, Russia, Kazakhstan, Turkmenistan
Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app
Malware
X Individual
CC
>1
COVID-19, Android, Bitdefender, SLocker
25
05/04/2020
?
Bukapalak
The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach.
Unknown
G Wholesale and retail trade
CC
ID
Bukapalak
26
05/04/2020
?
York University
York University suffers a "serious" cyber attack.
Unknown
P Education
CC
CA
York University
27
05/04/2020
?
CPC Corp.,
Oil refiner Taiwan's CPC Corp., suffers a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
CPC Corp.,
28
05/05/2020
?
Individuals in UK
Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE.
Account Hijacking
X Individual
CC
UK
Cofense, EE
29
05/05/2020
Government-backed hacking group
Organizations involved in international COVID-19 responses, healthcare, and essential services
A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups
Password-spraying
Q Human health and social work activities
CE
>1
CISA, NCSC, COVID-19
30
05/05/2020
?
Single Individuals
Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon.
Malicious Script Injection
X Individual
CC
>1
Malwarebytes, JavaScript, Magecart
31
05/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Cisco Webex
32
05/05/2020
?
Mercedes-Benz Instagram account
Unknown hackers post swastikas on Mercedes-Benz Instagram account.
Account Hijacking
C Manufacturing
CC
DE
Mercedes-Benz, Instagram
33
05/05/2020
?
Algolia
Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure.
Salt vulnerability (CVE-2020-11651 and CVE-2020-11652)
M Professional scientific and technical activities
CC
US
Algolia, CVE-2020-11651, CVE-2020-11652
34
05/05/2020
?
Linux-based servers and smart IoT devices
Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks.
Malware
Y Multiple Industries
CC
>1
Kaiji
35
05/05/2020
?
BJC HealthCare
BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6.
Account Hijacking
Q Human health and social work activities
CC
US
BJC HealthCare
36
05/05/2020
?
Formosa Petrochemical Corp.,
Formosa Petrochemical Corp., is hit by a malware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
Formosa Petrochemical Corp.,
37
05/06/2020
Snake
Fresenius
Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems.
Malware
Q Human health and social work activities
CC
DE
Fresenius, Snake, Ransomware
38
05/06/2020
Shiny Hunters
Microsoft
A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories
Unknown
M Professional scientific and technical activities
CC
US
Shiny Hunters, Microsoft, GitHub
39
05/06/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets.
Vulnerable Wordpress Plugins
Y Multiple Industries
CC
>1
Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor
40
05/06/2020
Lazarus group
Multiple organizations
Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group
41
05/06/2020
?
Multiple E-Commerce servers
The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import).
CVE-2017-7391 vulnerability
G Wholesale and retail trade
CC
>1
FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import
42
05/06/2020
Nefilim
Toll Group
For the second time in three months, Toll Group becomes the victim of a ransomware attack.
Malware
M Professional scientific and technical activities
CC
AU
Toll Group, Nefilim, ransomware
43
05/06/2020
?
44 million Pakistani mobile subscribers
The details of 44 million Pakistani mobile subscribers are leaked online.
Unknown
X Individual
CC
PK
Pakistan
44
05/06/2020
?
Chrome users
11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store.
Malicious browser extension
X Individual
CC
>1
Chrome, Crypto
45
05/06/2020
?
Single Individuals in the US
Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks.
Account Hijacking
X Individual
CC
US
Secureworks Counter Threat Unit, CTU
46
05/06/2020
?
Multiple organizations
Researches from Prevailion discover a new variant of the EVILNUM malware.
Malware
Y Multiple Industries
CC
>1
Researches from Prevailion discover a new variant of the EVILNUM malware.
47
05/07/2020
Silver Terrier
Multiple organizations
Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response.
Business Email Compromise
Y Multiple Industries
CC
>1
Silver Terrier, Palo Alto Networks, COVID-19
48
05/07/2020
Naikon APT
Several national government entities in the Asia Pacific (APAC) region
Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Check Point, Aria-body, Naikon APT
49
05/07/2020
?
Ruhr University Bochum (RUB)
The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7.
Malware
P Education
CC
DE
Ruhr University Bochum, RUB, ransomware
50
05/07/2020
DonJuji
MobiFriends
The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019
Unknown
R Arts entertainment and recreation
CC
ES
MobiFriends, DonJuji
51
05/07/2020
?
Web applications built on the ASP.NET
Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework.
CVE-2019-18935 vulnerability
Y Multiple Industries
CC
>1
Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto
52
05/07/2020
?
Fitness class
A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage.
Zoom bombing
R Arts entertainment and recreation
CC
UK
Zoom
53
05/07/2020
Maze
Sparboe Companies
The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Sparboe Companies, Maze
54
05/07/2020
?
Giannis Antetokounmpo's Twitter account
NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked.
Account Hijacking
X Individual
CC
US
Giannis Antetokounmpo, Twitter, Milwaukee Bucks
55
05/07/2020
?
StorEnvy
The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.
Unknown
G Wholesale and retail trade
CC
US
StorEnvy
56
05/08/2020
Sodinokibi (AKA REvil)
Grubman Shire Meiselas & Sacks (GSMLaw)
The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others.
Malware
N Administrative and support service activities
CC
US
Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross
57
05/08/2020
Attackers linked to Iran
Gilead Sciences
Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus.
Targeted Attack
M Professional scientific and technical activities
CC
>1
Iran, Gilead Sciences Inc, COVID-19
58
05/08/2020
Shiny Hunters
HomeChef
A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web.
Unknown
I Accommodation and food service activities
CC
US
HomeChef, Shiny Hunters
59
05/08/2020
Shiny Hunters
ChatBooks
A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web.
Unknown
M Professional scientific and technical activities
CC
US
ChatBooks, Shiny Hunters
60
05/08/2020
Shiny Hunters
Chronicle.com
Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records).
Unknown
J Information and communication
CC
US
Chronicle.com, Shiny Hunters
61
05/08/2020
?
Texas Office of Court Administration (OCA)
The Texas Office of Court Administration (OCA) is hit by ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Office of Court Administration, Ransomware
62
05/08/2020
?
Multiple organizations
Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, DocuSign
63
05/08/2020
?
City Index
Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14.
Unknown
K Financial and insurance activities
CC
UK
City Index
64
05/09/2020
?
Stadler
International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.
Malware
C Manufacturing
CC
CH
Stadler
65
05/09/2020
Shiny Hunters
Bhinneka
Bhinneka has 1.2 million records dumped by Shiny Hunters.
Unknown
G Wholesale and retail trade
CC
ID
Bhinneka, Shiny Hunters
66
05/09/2020
Shiny Hunters
Minted
Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters.
Unknown
R Arts entertainment and recreation
CC
US
Minted, Shiny Hunters
67
05/09/2020
Shiny Hunters
Styleshare
Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked.
Unknown
J Information and communication
CC
KR
Styleshare, Shiny Hunters
68
05/09/2020
Shiny Hunters
Ggumim
Ggumim suffers 2 million records leaked by Shiny Hunters.
Unknown
Z Unknown
CC
KR
Shiny Hunters, Ggumim
69
05/09/2020
Shiny Hunters
Mindful
2 Million accounts from Mindful are leaked by the Shiny Hunters.
Unknown
Q Human health and social work activities
CC
US
Shiny Hunters, Mindful
70
05/09/2020
Shiny Hunters
Star Tribune
1 Million accounts from the Star Tribune are leaked by the Shiny Hunters.
Unknown
J Information and communication
CC
US
Shiny Hunters, Star Tribune
71
05/09/2020
Shiny Hunters
Zoosk
The Shiny Hunters leak 30 million accounts from Zoosk.
Unknown
S Other service activities
CC
>1
Shiny Hunters, Zoosk
72
05/09/2020
?
U.S. Marshals Service
A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019.
Unknown
O Public administration and defence, compulsory social security
CC
US
U.S. Marshals Service
73
05/10/2020
?
Port of Bandar Abbas
Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz.
Unknown
H Transportation and storage
CW
IR
Bandar Abbas, Strait of Hormuz
74
05/10/2020
?
MyBudget
MyBudget, one of Australia's largest debt-management services is taken down by malware.
Malware
K Financial and insurance activities
CC
AU
MyBudget
75
05/11/2020
Maze
Pitney Bowes
Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files.
Malware
M Professional scientific and technical activities
CC
US
Pitney Bowes, Maze, Ransomware
76
05/11/2020
ProLock
Diebold Nixdorf
Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations.
Malware
C Manufacturing
CC
US
Diebold Nixdorf, ProLock, ransomware
77
05/11/2020
?
WeLeakData.com
The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site.
Unknown
S Other service activities
CC
N/A
WeLeakData.com
78
05/11/2020
?
Banking users in Brazil
Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure.
Malware
K Financial and insurance activities
CC
BR
Cisco Talos, Astaroth
79
05/11/2020
?
Banking users
Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, Zeus Sphinx, COVID-19
80
05/11/2020
?
Portuguese Banking users
A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight.
Malware
K Financial and insurance activities
CC
PT
Lampion, Vodafone Group, COVID-19
81
05/11/2020
?
Multiple organizations
Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, Microsoft
82
05/12/2020
?
Magellan Health Inc
Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.
Malware
Q Human health and social work activities
CC
US
Magellan Health Inc, ransomware
83
05/12/2020
HIDDEN COBRA AKA Lazarus Group
US Companies
The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA.
Targeted Attack
Y Multiple Industries
CE
US
(FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group
84
05/12/2020
Magecart
>1000 websites
Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers.
Malicious Script Injection
Y Multiple Industries
CC
>1
Max Kersten, Magecart
85
05/12/2020
?
ESET
ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times.
DDoS
M Professional scientific and technical activities
CC
SK
ESET, Updates for Android, Google Play Store, Android
86
05/12/2020
?
Nikkei Inc.,
Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack.
Malware
J Information and communication
CC
JP
Nikkei Inc.
87
05/12/2020
Nefilim
W&T Offshore
The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc.,
Malware
D Electricity gas steam and air conditioning supply
CC
US
W&T Offshore, Nefilim
88
01/01/1970
Threat actors affiliated to the People’s Republic of China
US health care, pharmaceutical, and research industry sectors.
The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19
89
01/01/1970
?
Supercomputers across UK, Germany, Switzerland and Spain
Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions.
Malware
P Education
CC
>1
Supercomputers
90
01/01/1970
?
Multiple organizations
Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan.
Malware
Y Multiple Industries
CC
>1
Microsoft, COVID-19, LokiBot
91
01/01/1970
?
Multiple organizations
Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet.
Malware
Y Multiple Industries
CC
>1
ESET, Ramsay
92
01/01/1970
?
Interserve
Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details.
Unknown
M Professional scientific and technical activities
CC
UK
Interserve, Ministry of Defence
93
01/01/1970
?
Bam Construct
Bam Construct is hit by a malware.
Malware
M Professional scientific and technical activities
CC
UK
Bam Construct
94
01/01/1970
Russia
German Chancellor Angela Merkel
German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
DE
Angela Merkel, Russia
95
01/01/1970
?
Single Individuals
Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification,
Account Hijacking
X Individual
CC
>1
Sophos, DHL
96
01/01/1970
?
Wright County
Wright County notifies residents of a phishing attack occurred on January 31, 2019.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Wright County
97
01/01/1970
AKO
North Shore Pain Management
North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang.
Malware
Q Human health and social work activities
CC
US
North Shore Pain Management, AKO, ransomware
98
01/01/1970
?
Norfund
Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million.
Business Email Compromise
K Financial and insurance activities
CC
NO
Norfund
99
01/01/1970
?
Multiple organizations
Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Azure AD, Office 365
100
01/01/1970
Turla APT?
European diplomatic entities
Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Kaspersky, COMpfun, Turla
101
01/01/1970
RATicate
Industrial companies
Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
Targeted Attack
Y Multiple Industries
CE
>1
Sophos, RATicate
102
01/01/1970
?
Multiple organizations
A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury.
Malware
Y Multiple Industries
CC
US
Adwind, U.S. Department of the Treasury, COVID-19
103
01/01/1970
APT from China
Government entities, telecommunications firms, and the gas industry
A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017.
Targeted Attack
Y Multiple Industries
CE
>1
ESET, Avast, China, Mikroceen
104
01/01/1970
?
Elexon
Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware).
Malware
D Electricity gas steam and air conditioning supply
CC
UK
Elexon, ransomware
105
01/01/1970
?
Service NSW
Service NSW reveals to have fallen victim to a phishing attack occurred on April 22.
Account Hijacking
O Public administration and defence, compulsory social security
CC
AU
Service NSW
106
01/01/1970
?
Multiple Organizations
Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8.
Symantec Web Gateway Vulnerability
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec
107
01/01/1970
?
Multiple organizations
Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Symantec
108
01/01/1970
?
Saint Paulus Lutheran Church
Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.
Zoom bombing
S Other service activities
CC
US
Saint Paulus Lutheran Church, Zoom
109
01/01/1970
?
Des Moines City Council
A Des Moines civil rights meeting is abandoned after being Zoombombed.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Des Moines City Council, Zoom
110
01/01/1970
?
Online Shops
Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sucuri, WordPress, WooCommerce, Magecart
111
01/01/1970
?
Texas Department of Transportation (TxDOT)
A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT).
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Department of Transportation, TxDOT
112
01/01/1970
?
Car owners in Moscow
A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.
Unknown
X Individual
CC
RU
Russia, Car owners
113
01/01/1970
?
BlueScope
BlueScope confirms it was the victim of a cyber incident.
Unknown
C Manufacturing
CC
AU
BlueScope
114
01/01/1970
Tropic Trooper, AKA KeyBoy
Taiwanese and Philippine military
Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware.
Targeted Attack
O Public administration and defence, compulsory social security
HI Paolo,
The timeline spreadshseet is blank for April 16-30 and May
Can you help pls..
Fixed. The plugin used to fetch the tables from Google Drive is not working well lately.