It’s time to publish the first timeline of August where I have collected 92 events (a light increase compared to July), including 6 that occurred before the analyzed interval.
Unsurprisingly ransomware continues to dominate the threat landscape with 10 events out of 92 (nearly the 22% similarly to the previous timeline) with the list of high profile targets that grows month after month fueled by the consolidated gangs in this space such as Maze, Sodinokibi (AKA REvil), and Netwalker.
With regards to the COVID-19 pandemic, it is interesting to notice that the occurrence of a second wave has seen an equivalent trend in the cyber space with a new wave of campaigns, primarily focused on leveraging the stimulus packages put in place by several governments for phishing attacks or distributing malware.
Even the Cyber Espionage front is unusually rich in this timeline (10 events) with multiple operations carried out by state-sponsored actors from China, Russia, Iran, and North Korea.
But my suggestion is always the same, browse the timeline where you can find the details of each event. Additionally, feel free to share it to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/1970
?
Pepperstone
Pepperstone sends out an email to clients, alerting them of a data security incident in which third parties are reaching out to the broker’s clients and falsely claiming to be Pepperstone.
Unknown
K Financial and insurance activities
CC
AU
Pepperstone
2
01/01/1970
?
City of Lafayette
The City of Lafayette suffers a ransomware attack that impact the phone services, email, and online payment reservation systems. The city is forced to pay $45,000.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Lafayette, ransomware
3
01/01/1970
?
iVoy
Delivery startup, iVoy, experiences a data breach, over 127,000 accounts exposed.
Unknown
H Transportation and storage
CC
MX
iVoy
4
01/01/1970
Maze
Canon
Canon suffers a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.
Malware
C Manufacturing
CC
JP
Canon, Ransomware, Maze
5
01/01/1970
RansomEXX
Konica Minolta
Konica Minolta is hit with a RansomEXX ransomware attack
Malware
C Manufacturing
CC
JP
Konica Minolta, RansomEXX, ransomware
6
01/01/1970
?
British Dental Association
The British Dental Association notifies its members of a breach occurred on July 30.
Unknown
S Other service activities
CC
UK
British Dental Association
7
08/02/2020
?
Telstra
Telstra is hit with a DDoS attack
DDoS
J Information and communication
CC
AU
Telstra
8
08/02/2020
Indian Hackers
Dawn News Channel
One of the leading Pakistan News Channels, Dawn, was reportedly targeted by Indian hackers.
Unknown
J Information and communication
H
PK
Pakistan, India
9
08/02/2020
?
Hudson Independent School District
Hudson ISD’s website is down after a cyber attack affected the website’s host.
Unknown
P Education
CC
US
Hudson Independent School District
10
08/03/2020
Chinese state-sponsored hackers
US private entities
Three agencies of the US government CISA, CyberCom, and FBI) publish a joint alert about new versions of Taidoor (AKA Taurus RAT), a malware family previously associated with Chinese state-sponsored hackers.
Targeted Attack
Y Multiple Industries
CE
US
CISA, CyberCom, FBI, Taidoor, Taurus RAT, China
11
08/03/2020
Russian Hackers
Liam Fox
A personal email account belonging to Liam Fox, the former UK trade minister, is repeatedly hacked into by Russian attackers who stole classified documents relating to US-UK trade talks.
Targeted Attack
O Public administration and defence, compulsory social security
CE
UK
Liam Fox, Russia
12
08/03/2020
?
Multiple targets
The FBI warns private industry partners of increased security risks because of devices still running Windows 7, after observing some attacks.
>1
Y Multiple Industries
CC
US
FBI, Windows 7
13
08/03/2020
Maze
Regis
Regis, an aged-care operator is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
AU
Regis, Raze, Ransomware
14
08/03/2020
Netwalker
Forsee Power
Netwalker ransomware operators leak the data of Forsee Power, a well-known player in the electromobility market.
Malware
C Manufacturing
CC
FR
Netwalker, ransomware, Forsee Power
15
08/03/2020
?
Single Individuals in U.K.
Hundreds of Britons are targeted by a free TV license SMS phishing campaign.
Account Hijacking
X Individual
CC
UK
TV
16
08/03/2020
?
Tacoma Public Schools
Tacoma Public Schools email is hacked and sends out phishing emails.
Account Hijacking
P Education
CC
US
Tacoma Public Schools
17
08/04/2020
?
Multiple targets
A hacker publishes a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
CVE-2019-11510 Vulnerability
Y Multiple Industries
CC
>1
CVE-2019-11510, Pulse Secure
18
08/04/2020
?
SMB in the U.S.
A report from Interpol reveals that American medium-sized companies are actively targeted by LockBit ransomware.
Malware
Y Multiple Industries
CC
US
LockBit, ransomware
19
08/04/2020
?
Chrome users
Researchers from Adguard reveal that more than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
Malicious Browser Extension
X Individual
CC
>1
Adguard, Chrome
20
08/04/2020
?
UberEats
Security researchers from Cyble discover user records of American online food ordering and delivery platform UberEats on the DarkWeb.
Unknown
I Accommodation and food service activities
CC
US
Cyble, UberEats
21
08/04/2020
?
Multiple targets
Researchers from INKY discover a phishing campaign in several countries designed to extract credentials from users via fake Zoom invites.
Account Hijacking
Y Multiple Industries
CC
>1
INKY, Zoom
22
08/05/2020
?
Hillsborough County
A court hearing held via Zoom for the US teenager accused of masterminding the Twitter hack is interrupted with rap music and porn.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Zoom, Twitter, Hillsborough County
23
08/05/2020
?
Pace Center for Girls
Pace Center for Girls issues a warning to its supporters after the organization discovers some of its data was affected by the security breach at Blackbaud.
Malware
Q Human health and social work activities
CC
US
Pace Center for Girls, Blackbaud, ransomware
24
08/05/2020
?
Hancock County school district
Hancock County school district is hit by a cyber attack, affecting the internet connectivity
Unknown
P Education
CC
US
Hancock County school district
25
08/06/2020
China, Russia, Iran, and Tunisia
Multiple countries
In its TAG bulletin, Google reveals it took down ten influence operation campaigns in Q2 2020, traced back to China, Russia, Iran, and Tunisia.
Fake Social Network Accounts
O Public administration and defence, compulsory social security
CW
>1
TAG bulletin, Google, China, Russia, Iran, Tunisia
26
08/06/2020
?
Intel
Classified and confidential documents from Intel, allegedly resulting from a breach, are uploaded to a public file sharing service.
Misconfiguration
C Manufacturing
CC
US
Intel
27
08/06/2020
Water Nue
More than 1,000 companies in the U.S. and Canada
Researchers from Trend Micro discover Water Nue, a series of business email compromise campaigns targeting executives of more than 1,000 companies, most recently in the US and Canada.
Business Email Compromise
Y Multiple Industries
CC
US
CA
Trend Micro, Water Nue
28
08/06/2020
Chimera
Taiwan semiconductor vendors
Researchers from CyCraft Technology reveal the details of Operation Skeleton, a series of targeted attacks against Taiwan semiconductor vendors.
Targeted Attack
C Manufacturing
CE
TW
CyCraft Technology, Operation Skeleton, Chimera
29
08/06/2020
?
Firefox users
Firefox fixes a bug abused in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites.
Evil cursor
X Individual
CC
>1
Firefox
30
08/06/2020
Magecart Group 8
Multiple Targets
Researchers from Malwarebytes discover a new credit card skimming campaign making use of homoglyph techniques, connected to an existing Magecart threat group.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, homoglyph, Magecart, Magecart Group 8
31
08/06/2020
Interactive Data
?
Interactive Data, a data broker, is hacked and fuels fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts
Unknown
M Professional scientific and technical activities
CC
US
Interactive Data, COVID-19
32
08/06/2020
?
Imperial Valley College
Imperial Valley College is hit with a Ransomware Attack
Malware
P Education
CC
US
Imperial Valley College
33
08/06/2020
?
Scholarship America
Scholarship America discloses a phishing attack.
Account Hijacking
Q Human health and social work activities
CC
US
Scholarship America
34
08/07/2020
DoppelPaymer
Boyce Technologies
The DoppelPaymer ransomware gang hits ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic.
Malware
C Manufacturing
CC
US
Boyce Technologies, ransomware,
35
08/07/2020
?
Reddit users
Multiple Reddit subreddits are defaced, with the attackers posting pro-Trump messages and changing the communities' themes to show content supporting Trump's 2020 campaign.
Account Hijacking
Y Multiple Industries
H
US
Reddit, Trump
36
08/07/2020
?
Britain's National Trust
Britain's National Trust warns volunteers of a data breach linked to the cyber-attack on US cloud computing and software provider Blackbaud in May.
Malware
Q Human health and social work activities
CC
UK
Britain's National Trust, Blackbaud, ransomware
37
08/08/2020
Fox Kitten (AKA Parisite)
Fortune 500 firms, government agencies, and banks.
The FBI warns of Iranian hackers actively attempting to exploit CVE-2020-5902 affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.
CVE-2020-5902
Y Multiple Industries
CC
US
FBI, CVE-2020-5902, F5 Big-IP, ADC, Fox Kitten, Parisite
38
08/08/2020
?
cPanel users
A phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel.
The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.
CVE-2019-16759 Vulnerability
S Other service activities
CC
US
Defcon.org, CVE-2019-16759, vBulletin
41
08/09/2020
?
Users accessing cryptocurrency-related sites
A report reveals that a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser.
SSL Stripping
V Fintech
CC
>1
Tor
42
08/09/2020
Nefilim
SPIE group
Nefilim ransomware operators leak the date of SPIE group, an independent European leader in multi-technical services
Malware
M Professional scientific and technical activities
Michigan State University (MSU) discloses that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attacked lasted between Oct. 19, 2019 and June 26, 2020
Malicious Script Injection
P Education
CC
US
Michigan State University, MSU, Magecart
45
08/10/2020
Avaddon
Undisclosed Construction company
The gang behind the Avaddon ransomware launches a data leak site to extort victims and published the data of a construction company.
Malware
C Manufacturing
CC
N/A
Avaddon, ransomware
46
08/10/2020
?
Single Individuals
Researchers from Cyble discover a large scale hacking campaign targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.
Malware
Y Multiple Industries
CC
>1
Cyble
47
08/10/2020
?
Multiple targets
Researchers from SentinelOne discover new variants of the popular Agent Tesla Trojan that include new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
Malware
Y Multiple Industries
CC
>1
SentinelOne, Agent Tesla
48
08/10/2020
?
US Small businesses
Researchers from Proofpoint reveal the details of a wave of phishing attacks impersonating the US Small Business Administration (SBA).
Account Hijacking
Y Multiple Industries
CC
US
Proofpoint, US Small Business Administration, SBA
49
08/10/2020
Pysa (AKA Mespinoza)
Piedmont Orthopedics/OrthoAtlanta
Piedmont Orthopedics/OrthoAtlanta is hit with a Pysa (AKA Mespinoza) ransomware attack. The threat actors leak the data.
Microsoft addresses 120 vulnerabilities with its August 2020 Patch Tuesday updates, including two vulnerabilities, CVE-2020-1464 and CVE-2020-1380, actively exploited in attacks.
CVE-2020-1464 and CVE-2020-1380 vulnerabilities
Y Multiple Industries
CC
>1
Microsoft, CVE-2020-1464 , CVE-2020-1380
60
08/11/2020
?
Single Individuals
Researchers from Check Point reveal the details of multiple phishing campaigns exploiting the promise of a COVID-19 vaccine.
Account Hijacking
X Individual
CC
>1
COVID-19, Check Point
61
08/11/2020
?
FHN
Illinois healthcare system FHN notifies patients of a phishing attack that took place in February and was discovered in April.
Account Hijacking
Q Human health and social work activities
CC
US
FHN
62
08/11/2020
?
Adit
An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack.
Misconfiguration
M Professional scientific and technical activities
CC
US
Adit, meow
63
08/12/2020
The Lazarus Group AKA Hidden Cobra AKA APT37
Israeli Defense Industry
Researchers from ClearSky reveal that hackers from North Korea were able to steal sensitive information from dozens of companies in the defense sector. The campaign is dubbed Dreamjob.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IL
ClearSky, North Korea, The Lazarus Group, Hidden Cobra, APT37
64
08/12/2020
?
Various government organization in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
The U.S. Cybersecurity and Infrastructure Security Agency, CISA, COVID-19
65
08/12/2020
DarkHotel?
Undisclosed South Korean Company
Researchers from Kaspersky reveal the details of "Operation PowerFall,” an attack occurred in May, relying on two unknown vulnerabilities back then: CVE-2020-1380 and CVE-2020-0986.
An alleged cyber attack by Indian intelligence agencies is identified by the Pakistani intelligence.
Unknown
O Public administration and defence, compulsory social security
CE
PK
India, Pakistan
67
08/12/2020
?
NHS
A report reveals that NHS staff were hit with a wave of malicious email attacks at the height of the COVID-19 pandemic, with doctors, nurses and other key workers reporting over 40,000 spam and phishing attacks between March and the first half of July.
Account Hijacking
O Public administration and defence, compulsory social security
CC
UK
NHS, COVID-19
68
08/12/2020
?
Flintshire Council
Personal information of people who left comments about local planning issues on Flintshire council's website is hacked.
Unknown
O Public administration and defence, compulsory social security
CC
UK
Flintshire Council
69
08/12/2020
?
Multiple targets
Researchers from Juniper discover a new phishing campaign targeting business customers with a new version of the IceID malware using password protection, among other techniques, to avoid detection.
Malware
Y Multiple Industries
CC
>1
Juniper, IcedID
70
01/01/1970
Russian Intelligence Directorate (GRU)
Multiple targets
The NSA and FBI warn about espionage operations from the Russian Intelligence Directorate (GRU) using a previously undisclosed Linux malware toolset called Drovorub.
Researchers from Group-IB reveal the details of RedCurl, a cyber espionage group conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents.
Targeted Attack
Y Multiple Industries
CE
>1
Group-IB, RedCurl
72
01/01/1970
?
Banking users in multiple countries
Researchers from ESET reveal the details of Mekotio, a banking trojan targeting users in multiple countries (including Mexico, Brazil, Chile, Spain, Peru, and Portugal).
Malware
K Financial and insurance activities
CC
>1
ESET, Mekotio, Mexico, Brazil, Chile, Spain, Peru, Portugal
73
01/01/1970
?
U.S. Financial Industry Regulatory Authority (FINRA) members
The U.S. Financial Industry Regulatory Authority (FINRA) warns its members that a copycat site is impersonating them and potentially being used in phishing attacks.
Account Hijacking
K Financial and insurance activities
CC
US
U.S. Financial Industry Regulatory Authority, FINRA
74
01/01/1970
?
Nykaa
Nykaa, an Indian retail seller of beauty, wellness and fashion, loses Rs 62 lakh (around USD 85,000) after the email of an Italian supplier is spoofed.
Business Email Compromise
G Wholesale and retail trade
CC
IN
Nykaa
75
01/01/1970
CactusPete (AKA Karma Panda or Tonto Team)
Financial and military organizations in Eastern Europe
Researchers from Kaspersky discover a new campaign carried out by Cactus Pete, an APT linked to the Chinese military.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, Cactus Pete, Karma Panda, Tonto Team
split
76
01/01/1970
?
Bletchley Park Trust
The Bletchley Park Trust is another victim hit in Blackbaud breach.
Malware
R Arts entertainment and recreation
CC
UK
Bletchley Park Trust, ransomware, Blackbaud
77
01/01/1970
?
Harvard University
Even the Harvard University might have compromised by the Blackbaud breach.
Malware
P Education
CC
US
Harvard University, ransomware, Blackbaud
78
01/01/1970
?
Verizon customers
Researchers from Armorblox discover a new phishing campaign targeting Verizon customers to steal user credentials, passwords and personal details.
Account Hijacking
J Information and communication
CC
US
Armorblox, Verizon
79
01/01/1970
?
FuhrparkService (BWFU)
Unknown hackers infiltrate the FuhrparkService (BWFU) transport fleet, Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military.
Unknown
O Public administration and defence, compulsory social security
CC
DE
FuhrparkService, BWFU
80
01/01/1970
Defray
R1 RCM Inc
R1 RCM Inc., one of the US largest medical debt collection companies, is hit in a ransomware attack.
Malware
Q Human health and social work activities
CC
US
R1 RCM Inc, Defray, ransomware
81
01/01/1970
?
U.S. Businesses
The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses
Malware
Y Multiple Industries
CC
US
Emotet
82
01/01/1970
?
Multiple Targets
Researchers from Menlo Security reveal the details of Duri, a new attack campaign using a combination of HTML smuggling techniques and data blobs to evade detection and download malware.
Malware
Y Multiple Industries
CC
>1
Menlo Security, Duri, HTML smuggling
83
01/01/1970
?
Multiple targets
Researchers from Trend Micro discover XCSSET, a malware family exploiting Xcode projects to spread a form of Mac malware specializing in the compromise of Safari and other browsers.
Targeted Attack
Y Multiple Industries
CE
>1
Trend Micro, XCSSET, Xcode, Mac
84
01/01/1970
Hackers from North Korea
Multiple targets
The US Cybersecurity and Infrastructure Security Agency (CISA) publishes an alert on a new wave of attacks delivering the KONNI remote access Trojan (RAT).
Targeted Attack
Y Multiple Industries
CE
US
US Cybersecurity and Infrastructure Security Agency, CISA, KONNI
85
01/01/1970
?
ASDA Supermarket shoppers in the UK
ASDA Supermarket shoppers in the UK are targeted by a phishing scam run via Facebook and Twitter.
Account Hijacking
G Wholesale and retail trade
CC
UK
ASDA
86
01/01/1970
?
Gwinnet County High School
Gwinnet County High School is zoom bombed.
Zoom bombing
P Education
CC
US
Gwinnet County High School
87
01/01/1970
?
Oklahoma State Board of Education
Oklahoma State Board of Education is zoom bombed.
Zoom bombing
P Education
CC
US
Oklahoma State Board of Education, Zoom
88
01/01/1970
?
Carnival Corporation
Cruise line operator Carnival Corporation discloses that one of their brands suffered a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US/UK
Carnival Corporation, ransomware
89
01/01/1970
?
GCKey
Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits are breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is a critical single sign-on (SSO) system used by the public to access multiple Canadian government services.
Credential Stuffing
O Public administration and defence, compulsory social security
CC
CA
COVID-19, GCKey
90
01/01/1970
Sodinokibi (AKA REvil)
Brown-Forman
Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffers a ransomware attack. The intruders allegedly copied 1TB of confidential data.
Malware
I Accommodation and food service activities
CC
US
Sodinokibi, Revil, Brown-Forman
91
01/01/1970
?
Customers of Ritz Hotel in London
Diners at the luxury Ritz hotel in London are targeted by "extremely convincing" scammers who posed as hotel staff to steal payment card details. The scammers were able to obtain the victims' reservation details.
Hi Paolo, many thanks for publishing these wonderful stats. They are very useful and I really appreciate your hard work, as I assume to many other members of the community.
One thing I’d point out is that your 1-15 August 2020 Cyber Attacks Timeline comes up with the following error message.
“Error
Provided file /home/customer/www/hackmageddon.com/public_html/wp-content/uploads/2020/10/1-15-August-2020-Cyber-Attacks-Timeline.xlsx does not exist!”
Hi Paolo, many thanks for publishing these wonderful stats. They are very useful and I really appreciate your hard work, as I assume to many other members of the community.
One thing I’d point out is that your 1-15 August 2020 Cyber Attacks Timeline comes up with the following error message.
“Error
Provided file /home/customer/www/hackmageddon.com/public_html/wp-content/uploads/2020/10/1-15-August-2020-Cyber-Attacks-Timeline.xlsx does not exist!”
With best wishes (and thanks)
David
Thanks David, maybe I removed it by mistake. Should be fixed now. Thanks a lot!
Paolo.