I am trying to catch up with the backlog, so it’s now time to publish the first timeline of June (I know we are in August) where I have collected a total of 96 events (including two occurred in May). The level of activity continues to be quite high and characterized by ransomware (around 30% of the events) and, even if the trend is decreasing, COVID-19-themed attacks.
Even in this fortnight the list of high-profile targets hit by ransomware is quite long and includes victims from different sectors (primarily manufacturing, public administration, healthcare and education). In some cases the victims had their data leaked as a consequence of their refusal to pay the ransom. A consequence of the growing number of double extortion attacks.
With regards to the events related to COVID-19, the most remarkable of this period is probably the one against a German multinational corporation, associated with a national task force to procure personal protective equipment. The timeline also includes some campaigns using as a bait the measures that some governments have put in place to thwart the economical crisis occurred after the pandemic.
The cyber espionage front is also quite hot: this fortnight has seen multiple campaigns carried out by known actors such as Goblin Panda, Gamaredon, and POISON CARP. Besides researchers from the Google’s Threat Analysis Group have identified efforts by China and Iran against the Trump and Biden presidential campaigns.
Let’s stop the preamble and go straight to the the timeline, where you can find the details of each event. Feel free to share it to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/1970
?
Genworth Financial
Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20.
Account Hijacking
K Financial and insurance activities
CC
US
Genworth Financial
2
01/01/1970
?
Everett & Hurite Ophthalmic Association
Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Everett & Hurite Ophthalmic Association
3
06/01/2020
?
Kent Commercial Services
Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP.
Malware
N Administrative and support service activities
CC
UK
Kent Commercial Services, ransomware
4
06/01/2020
?
Multiple organizations
Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks.
Malware
Y Multiple Industries
CC
>1
Panda Security, BazarBackdoor, TrickBot
5
06/02/2020
?
Minnesota Senate
The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials.
Unknown
O Public administration and defence, compulsory social security
CC
US
Minnesota Senate
6
06/02/2020
?
Kentucky Employees’ Health Plan (KEHP)
Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May.
Account Hijacking
Q Human health and social work activities
CC
US
Kentucky Employees’ Health Plan, KEHP
7
06/02/2020
Sodinokibi AKA REvil
Agromart Group
The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group.
Malware
M Professional scientific and technical activities
CC
CA
Sodinokibi, Agromart Group, ransomware
8
06/03/2020
Cycldek, Conimes, or Goblin Panda
Large organizations and government institutions in Vietnam
Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB.
Targeted Attack
O Public administration and defence, compulsory social security
CE
VN
Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda
9
06/03/2020
Netwalker
Columbia College of Chicago
The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
Columbia College of Chicago, Netwalker, Ransomware
10
06/03/2020
Netwalker
University of California San Francisco (UCSF)
The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
University of California San Francisco, UCSF, Netwalker, Ransomware
11
06/03/2020
?
Microsoft Office 365 customers
Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Microsoft Office 365, VPN, COVID-19
12
06/03/2020
?
San Francisco Employees’ Retirement System (SFERS)
The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020.
Unknown
S Other service activities
CC
US
San Francisco Employees’ Retirement System, SFERS
13
06/03/2020
DoppelPaymer
Digital Management Inc. (DMI)
The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor.
Malware
M Professional scientific and technical activities
CC
US
DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA
14
06/03/2020
Maze
Westech International
The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor.
Malware
C Manufacturing
CC
US
Westech International, Maze, Ransomware
15
06/03/2020
?
Viva Republica Inc.
Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853).
Unknown
V Fintech
CC
KR
Viva Republica Inc., Toss
16
06/03/2020
?
Duluth School District
The Duluth School District reveals the details of a security breach involving 14 student accounts.
Account Hijacking
P Education
CC
US
Duluth School District
17
06/03/2020
?
Anti-racism organizations
Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd.
DDoS
U Activities of extraterritorial organizations and bodies
CC
>1
Cloudflare, George Floyd
18
06/04/2020
China and Iran APT Groups
Trump and Biden presidential campaigns
Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
Google, Threat Analysis Group, TAG, Trump, Biden
19
06/04/2020
Maze
Conduent
The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.
Malware
M Professional scientific and technical activities
CC
US
Conduent, Maze, Ransomware
20
06/04/2020
?
Chartered Professional Accountants of Canada (CPA)
Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.
Unknown
S Other service activities
CC
CA
Chartered Professional Accountants of Canada, CPA
21
06/04/2020
Tycoon
Small to medium size organizations in the software and education industries
Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.
Malware
Y Multiple Industries
CC
>1
Blackberry, KPMG, Tycoon, ransomware
22
06/04/2020
?
Multiple organizations
Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel.
Brute-Force
Y Multiple Industries
CC
>1
Akamai, cPanel, Stealthworker
23
06/04/2020
?
Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more
Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages.
Account Hijacking
Y Multiple Industries
CC
>1
Ironscale
24
06/04/2020
?
Banking users
Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV).
Malware
K Financial and insurance activities
CC
US
Check Point, Zloader
25
06/04/2020
Higaisa
Multiple organizations
Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, Higaisa, LNK
26
06/04/2020
?
Android users
Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA).
Malware
X Individual
CC
>1
Trend Micro, Android, AndroidOS_HiddenAd.HRXJA
27
06/04/2020
?
San Beda University (SBU)
An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.
Unknown
P Education
CC
PH
San Beda University, SBU
28
06/05/2020
Maze
VT San Antonio Aerospace
The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020.
Malware
M Professional scientific and technical activities
CC
US
VT San Antonio Aerospace, Maze, Ransomware
29
06/05/2020
"John Wick" and "Korean Hackers"
ZEE5
A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets.
Unknown
J Information and communication
CC
IN
John Wick, Korean Hackers, ZEE5
30
06/05/2020
?
Fitness Depot
Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month.
Malicious Script Injection
G Wholesale and retail trade
CC
CA
Fitness Depot, Magecart
31
06/05/2020
Kupidon
Multiple organizations
A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data.
Malware
Y Multiple Industries
CC
>1
Kupidon, Ransomware
32
06/05/2020
eCh0raix
QNAP storage devices
The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices.
Malware
Y Multiple Industries
CC
>1
eCh0raix, Ransomware, QNAP
33
06/05/2020
?
City of Florence
The city of Florence, Alabama, is hit by the DoppelPaymer ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Florence, Alabama
34
06/05/2020
Maze
ST Engineering
The threat actors behind the Maze ransomware steal and leak the data of ST Engineering.
Malware
C Manufacturing
CC
SG
Maze, ransomware, ST Engineering.
35
06/05/2020
?
University of Utah
University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah
36
06/05/2020
?
Multiple organizations
Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers.
Targeted Attack
Y Multiple Industries
CE
IT
Yoroi ZLab, Netwire
37
06/05/2020
?
Multiple organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796).
CVE-2020-0796 Vulnerability
Y Multiple Industries
CC
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796
38
06/06/2020
?
Single Individuals
A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab.
Malware
X Individual
CC
>1
STOP Djvu, Ransomware, Zorab
39
06/07/2020
EKANS (SNAKE)
Enel Group
The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network,
Malware
D Electricity gas steam and air conditioning supply
CC
IT
Enel Group, SNAKE, EKANS, ransomware
40
06/07/2020
?
University of the Philippines Cebu
Unknown attackers break into the evaluation portal of the University of the Philippines Cebu.
Unknown
P Education
CC
PH
University of the Philippines Cebu
41
06/07/2020
?
Hockley Medical Practice
Hockley Medical Practice have their records of nearly 9,000 patients hacked.
Unknown
Q Human health and social work activities
CC
UK
Hockley Medical Practice
42
06/08/2020
EKANS (SNAKE)
Honda
Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
Malware
C Manufacturing
CC
JP
Honda, SNAKE, EKANS
43
06/08/2020
Russia?
German multinational corporation
Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations).
Targeted Attack
C Manufacturing
CE
DE
IBM X-Force, COVID-19
44
06/08/2020
DoppelPaymer
Avon
Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware.
Malware
C Manufacturing
CC
UK
Avon, DoppelPaymer, ransomware
45
06/08/2020
?
Greenworks
Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Greenworks, RapidSpike, Magecart
46
06/08/2020
?
Bitcoin users
Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days.
Account Hijacking
X Individual
CC
>1
YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX
47
06/08/2020
TA410
U.S. energy providers
Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
US
Proofpoint, FlowCloud
48
06/08/2020
Avaddon
Single Individuals
Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide.
Malware
X Individual
CC
>1
Appriver, Avaddon, Ransomware
49
06/09/2020
Dark Basin
Environmental advocacy groups, journalists, and others
A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
>1
Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto
50
06/09/2020
?
Lion
Australian beverage giant Lion is hit by a Ransomware attack.
Malware
I Accommodation and food service activities
CC
AU
Lion, Ransomware
51
06/09/2020
?
Multiple organizations
Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets.
Cloud Misconfiguration
Y Multiple Industries
CC
>1
RiskIQ, Magecart, S3
52
06/09/2020
R3dr0x
Bharat Earth Movers Limited (BEML).
Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML)
Unknown
C Manufacturing
H
IN
Cyble, R3dr0x, Bharat Earth Movers Limited, BEML
53
06/09/2020
?
Vulnerable Microsoft SQL Servers
Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency.
Brute-Force
Y Multiple Industries
CC
>1
Sophos, Kingminer, Microsoft SQL Servers, Crypto
54
06/09/2020
?
Slovak government
Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network.
Wiretapping
O Public administration and defence, compulsory social security
CC
SK
Slovakia
55
06/10/2020
Maze
MaxLinear
U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24.
Malware
C Manufacturing
CC
US
MaxLinear, Ransomware, Maze
56
06/10/2020
?
Single Individuals
A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware.
Malware
X Individual
CC
>1
Abuse.ch, Black Lives Matter, TrickBot
57
06/10/2020
?
Small businesses in the UK
Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government.
Account Hijacking
Y Multiple Industries
CC
UK
Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19
58
06/10/2020
?
Multiple organizations
Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities.
Malware
Y Multiple Industries
CC
>1
Thanos, Recorded Future, Ransomware
59
06/10/2020
?
Microsoft
Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them.
Cloud Misconfiguration
M Professional scientific and technical activities
CC
US
Microsoft, Azure
60
06/10/2020
?
Single Individuals
Researchers from Google report an increase in the number of COVID-19 related scams.
Account Hijacking
X Individual
CC
IN
Google, India, COVID-19
61
06/10/2020
?
Small businesses in the UK
Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages.
Account Hijacking
Y Multiple Industries
CC
UK
Google, Small Business Grants Fund, SGF
62
06/10/2020
?
Single Individuals
Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users.
Account Hijacking
X Individual
CC
BR
Google, Brazil
63
06/10/2020
?
Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Malware
X Individual
CC
>1
Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
64
06/10/2020
?
City of Keizer
The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Keizer, ransomware
65
06/11/2020
?
City of Knoxville
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Knoxville, ransomware
66
06/11/2020
?
Customers of 36 US financial institutions
Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions.
Malware
K Financial and insurance activities
CC
US
F5 Labs, Qbot
67
06/11/2020
?
TAIT Towers
TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees.
Account Hijacking
C Manufacturing
CC
US
TAIT Towers
68
06/11/2020
Gamaredon (Primitive Bear)
Ukrainian institutions
Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
UA
ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook
69
06/11/2020
China, Russia, and Turkey
Twitter users
Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities.
Fake Social Network
O Public administration and defence, compulsory social security
CC
>1
Twitter, China, Russia, Turkey
70
06/11/2020
?
A1 Telekom
A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020.
Malware
J Information and communication
CC
AT
A1 Telekom
71
06/11/2020
Earth Empusa, AKA POISON CARP/Evil Eye,
Uyghurs minority
Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy.
Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist.
Account Hijacking
Q Human health and social work activities
CC
US
Infinity Diagnostics Center
73
06/11/2020
?
eHealth Saskatchewan
eHealth Saskatchewan admits to have suffered a ransomware attack on December 20.
Malware
Q Human health and social work activities
CC
CA
eHealth Saskatchewan, ransomware
74
06/11/2020
Sodinokibi AKA REvil
Activewear
Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020.
Malware
G Wholesale and retail trade
CC
AU
Activewear, Sodinokibi, REvil, ransomware
75
06/12/2020
?
University of Missouri Health Care (MU Health Care)
University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization.
Account Hijacking
Q Human health and social work activities
CC
US
University of Missouri Health Care, MU Health Care
76
06/12/2020
?
Portuguese users
A new malware called TroyStealer targets Portuguese users.
Malware
X Individual
CC
PT
TroyStealer
77
06/12/2020
?
NHS
The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020.
Account Hijacking
Q Human health and social work activities
CC
UK
NHS
78
06/12/2020
m1x
puebla.gob.mx
A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers.
Unknown
O Public administration and defence, compulsory social security
CC
MX
m1x, puebla.gob.mx
79
06/12/2020
?
Electronic Waveform Lab, Inc.
Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020.
Malware
C Manufacturing
CC
US
Electronic Waveform Lab, Inc., ransomware
80
06/12/2020
?
Cano Health
Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018.
Account Hijacking
Q Human health and social work activities
CC
US
Cano Health
81
06/12/2020
?
www.indianblooddonors.com
A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums.
Unknown
Q Human health and social work activities
CC
IN
www.indianblooddonors.com
82
01/01/1970
Black Kingdom
Multiple organizations
Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510.
CVE-2019-11510
Y Multiple Industries
CC
>1
REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware
83
01/01/1970
?
Rangely District Hospital (RDH)
Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020.
Malware
Q Human health and social work activities
CC
US
Rangely District Hospital, RDH, ransomware
84
01/01/1970
?
3,500 Armenian citizens
Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts).
Unknown
X Individual
CC
AM
Azerbaijan, Armenia, COVID-19
85
01/01/1970
Maze
Threadstone Advisors LLP
The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A.
Malware
K Financial and insurance activities
CC
US
Maze, Threadstone Advisors LLP
86
01/01/1970
?
Sapiens International
Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers
Malware
M Professional scientific and technical activities
CC
IL
Sapiens International, Ransomware
87
01/01/1970
?
Bitcoin users
For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins.
Account Hijacking
V Fintech
CC
>1
Privnotes.com, privnote.com, bitcoin, crypto
88
01/01/1970
Anonymous USA (@AnonOpUSA)
Atlanta Police Department
The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org).
DDoS
O Public administration and defence, compulsory social security
H
US
Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org
89
01/01/1970
?
Foodora
The details of 727,000 Foodora accounts in 14 countries are leaked online.
Unknown
I Accommodation and food service activities
CC
DE
Foodora
90
01/01/1970
?
Geox
Geox, the Italian shoe maker is hit with a ransomware attack.
Malware
C Manufacturing
CC
IT
Geox, Ransomware
91
01/01/1970
?
Claire's
Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Claire's, Magecart, Sansec
92
01/01/1970
?
Single Individuals
A new campaign starts to push fake data breach notifications for big company names that really suffered a breach, to distribute malware and scams.
Malware
Y Multiple Industries
CC
>1
Breach
93
01/01/1970
?
Single Individuals
Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab.
Targeted Attack
X Individual
CE
IN
Amnesty International, Citizen Lab
94
01/01/1970
?
Intersport
The website of Intersport, one of Europe's largest sporting goods retail chain, is hit by a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
CH
Intersport, Magecart
95
01/01/1970
?
Apple Mac Users
Researchers at Intego warn Apple Mac users of a new malware in disguise of an installer for Adobe Flash Player (a variant of OSX/Shlayer and OSX/Bundlore), distributed via Google search results.
Malware
X Individual
CC
>1
Apple, Mac, Adobe Flash Player, OSX/Shlayer, OSX/Bundlore, Intego, Google
96
01/01/1970
Vendetta
Multiple organizations
Researchers from ElevenPaths reveal the details of Vendetta, a threat actor targeting technological, business and government sectors that handle sensitive information
Hey, sorry for commenting again. In the event my first comment did not post, I just wanted to say that the excel sheet for 1-15 June does not appear to have uploaded. Perhaps I’m looking in the wrong place? You do great work! Thank you for your work, it is invaluable!
Hey, I apologize if I’m missing the link but there is not the normal attached Excel spread sheet with the recorded attacks. I see the on available for 16-30 June, but not the one for 1-15. Any help would be appreciated. You do great work! Thanks!
Hey, sorry for commenting again. In the event my first comment did not post, I just wanted to say that the excel sheet for 1-15 June does not appear to have uploaded. Perhaps I’m looking in the wrong place? You do great work! Thank you for your work, it is invaluable!
I have just uploaded them. Apologies for the delay.
Hey, I apologize if I’m missing the link but there is not the normal attached Excel spread sheet with the recorded attacks. I see the on available for 16-30 June, but not the one for 1-15. Any help would be appreciated. You do great work! Thanks!