Here we are! The first timeline of November is here, covering the main cyber attacks occurred in the first half of the same month (as usual with some additional events that were disclosed in the considered period). In this timeline I have collected 100 events, but this number also includes multiple ransomware events that occurred during the Summer, and came to my attention only now. In any case November has shown a trend inversion in comparison with the previous timelines.
Ransomware continues to dominate the threat landscape, and also thanks to the previously undisclosed events, characterize directly or indirectly 41 out of 100 events, and yes, unfortunately the list of the high-profile victims continues to grow. Another list that continues to grow is the one of the mega breaches: this timeline is no exception and a threat actor in particular, ShinyHunters, seems to be very active.
Another aspects that characterize this timeline is the massive exploitation of 0-day vulnerabilities: Google released three Chrome updates, but also Oracle and Apple had to release several security patches to address multiple vulnerabilities actively exploited in the wild (respectively for WebLogic, Solaris, and iOS).
And where there are vulnerabilities, there are state-sponsored actors: in particular one of these actors (dubbed UNC1945) was quite busy in exploiting the Solaris (CVE-2020-14871) vulnerability. In any case the most relevant cyber espionage event of this timeline is probably the discovery made by Microsoft of three threat groups – Strontium (AKA APT28, Fancy Bear), Zinc (AKA Lazarus Group), Cerium – targeting (unsurprisingly) at least seven prominent companies involved in COVID-19 vaccines research and treatments. Of course they are not the only ones in the list as you will soon discover.
As always, the details are in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
21/01/2020
Maze
Crossroads Technologies
Crossroads Technologies is hit with a Maze ransomware attack
Malware
M Professional scientific and technical activities
CC
US
Crossroads Technologies, Maze, ransomware
2
05/09/2020
Conti
Adams County Memorial Hospital
Adams County Memorial Hospital is hit by the Conti ransomware.
Malware
Q Human health and social work activities
CC
US
Adams County Memorial Hospital, Conti ransomware
3
13/09/2020
Pysa
Assured Imaging
The Pysa ransomware operators add Assured Imaging to the list of their victims.
Malware
M Professional scientific and technical activities
CC
US
Pysa, ransomware, Assured Imaging
4
15/09/2020
Conti
Higginbotham Family Dental
Higginbotham Family Dental is hit by the Conti ransomware.
Malware
Q Human health and social work activities
CC
US
Higginbotham Family Dental, Conti, ransomware
5
17/09/2020
Conti
New York Foundation for Senior Citizens
New York Foundation for Senior Citizens is hit by the Conti ransomware.
Malware
Q Human health and social work activities
CC
US
New York Foundation for Senior Citizens, Conti, ransomware
6
24/09/2020
Egregor
Dyras Dental
Dyras Dental joins the list of the Egregor ransomware victims.
Malware
Q Human health and social work activities
CC
US
Dyras Dental, Egregor, ransomware
7
16/10/2020
DoppelPaymer
Med-Care Infusion Services, Inc
Med-Care Infusion Services, Inc joins the list of the DoppelPaymer ransomware victims.
Family Health Centers Of Georgia Inc is hit with a Conti ransomware attack.
Malware
Q Human health and social work activities
CC
US
Family Health Centers Of Georgia Inc, Conti, ransomware
9
21/10/2020
Conti
Riverside Community Care
Riverside Community Care is hit with a Conti ransomware attack.
Malware
Q Human health and social work activities
CC
US
Riverside Community Care, Conti, ransomware
10
21/10/2020
REvil AKA Sodinokibi
Beacon Health Solutions, LLC.
The Revil ransomware operators add Beacon Health Solutions, LLC. to the list of their victims.
Malware
Q Human health and social work activities
CC
US
REvil, Sodinokibi ransomware, Beacon Health Solutions, LLC.
11
21/10/2020
Netwalker
Wilmington Surgical
The Netwalker ransomware gang adds Wilmington Surgical to the list of their victims
Malware
Q Human health and social work activities
CC
US
Netwalker, ransomware,Wilmington Surgical
12
01/11/2020
Ragnar Locker
Campari Group
Italian liquor company Campari Group is hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files are allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.
Malware
I Accommodation and food service activities
CC
IT
Campari Group, Ragnar Locker, ransomware
13
01/11/2020
?
JM Bullion
Precious metal online retailer JM Bullion discloses a data breach after their site is hacked to include malicious scripts that stole customers' credit card information.
Malicious Script Injection
G Wholesale and retail trade
CC
US
JM Bullion
14
01/11/2020
Revil AKA Sodinokibi
Flagship Group
Flagship Group, a social housing provider in Norwich, England, says it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack.
Malware
N Administrative and support service activities
CC
UK
Revil, Sodinokibi, Flagship Group, Ransomware
15
02/11/2020
Ragnar Locker
Capcom
Japanese game developer Capcom suffers a ransomware attack where threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada.
Malware
R Arts entertainment and recreation
CC
JP
Ragnar Locker, Ransomware, Capcom
16
02/11/2020
?
Multiple targets
Google releases a new Chrome version to address 10 security vulnerabilities including a remote code execution (RCE) zero-day exploited in the wild (CVE-2020-16009).
CVE-2020-16009 Vulnerability
Y Multiple Industries
N/A
>1
Google, Chrome, CVE-2020-16009
17
02/11/2020
UNC1945
Telecommunications, financial, and consulting companies
Mandiant publishes details about a new threat actor it calls UNC1945, using a zero-day vulnerability in the Oracle Solaris operating system (CVE-2020-14871) as part of its intrusions into corporate networks.
CVE-2020-14871 Vulnerability
Y Multiple Industries
CE
>1
Mandiant, UNC1945, Oracle Solaris, CVE-2020-14871
18
02/11/2020
?
Single individuals
The npm security team removes twilio-npm, a malicious JavaScript library from the npm website that contained malicious code for opening backdoors on programmers' computers.
Malware
X Individual
CC
>1
Npm, twilio-npm, JavaScript
19
02/11/2020
Kimsuky (AKA Velvet Chollima, Black Banshee and Thallium)
Multiple targets in the United States, Russia and Europe
Researchers at Cybereason publish a new report that includes details on two new pieces of malware associated with the North-Korea linked APT Kimsuky: a modular spyware called KGH_SPY and a downloader called CSPY Downloader.
Targeted Attack
Y Multiple Industries
CE
>1
Kimsuky, Velvet Chollima, Black Banshee and Thallium, Cybereason, North-Korea, KGH_SPY, CSPY Downloader
20
02/11/2020
?
Zoom users mostly in the US
Cyber-criminals launch a new sextortion scam aimed at people who use the video-conferencing app Zoom while in a state of undress.
Sextortion
X Individual
CC
US
Kimsuky, Velvet Chollima, Black Banshee and Thallium, Cybereason, North-Korea, KGH_SPY, CSPY Downloader
21
02/11/2020
?
Multiple targets
Researchers from Cofense discover a fake COVID-19 test result phishing campaign distributing the King Engine ransomware.
Malware
Y Multiple Industries
CC
>1
Cofense, COVID-19, King Engine, ransomware
22
02/11/2020
?
Saskatchewan Polytechnic
A cyberattack shuts down the Saskatchewan Polytechnic,
Unknown
P Education
CC
CA
Saskatchewan Polytechnic
23
03/11/2020
RansomExx
Brazil's Superior Court of Justice
Brazil's Superior Court of Justice is hit by a RansomExx ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
BR
Brazil's Superior Court of Justice, RansomExx, ransomware
24
03/11/2020
Ryuk or Conti?
Mattel
Toy industry giant Mattel discloses that they suffered a ransomware attack on July 28 that impacted some of its business functions but did not lead to data theft.
Malware
C Manufacturing
CC
US
Mattel, ransomware, Ryuk, Conti
25
03/11/2020
?
Multiple targets
Google releases security updates for the Chrome for Android browser to fix a zero-day vulnerability that is currently exploited in the wild (CVE-2020-16010).
CVE-2020-16010 Vulnerability
Y Multiple Industries
N/A
>1
Google, Chrome, Android, CVE-2020-16010
26
03/11/2020
?
US Voters
Voters across multiple US states are targeted by robocalls telling them to stay home or come vote tomorrow, due to massive turnouts and long lines at voting stations.
Robocalls
X Individual
N/A
US
Robocalls
27
03/11/2020
?
Single individuals
Researchers from Zimperium publish a report which reveals how cybercriminals have used a total of 265 Google Forms, part of Google Docs, while impersonating more than 25 brands, companies and government agencies.
Account hijacking
Y Multiple Industries
CC
>1
Zimperium, Google Forms
28
03/11/2020
REvil AKA Sodinokibi
Nexia Australia and New Zealand
Nexia Australia and New Zealand is hit with a Revil ransomware attack.
Malware
N Administrative and support service activities
CC
AU
Nexia Australia and New Zealand, REvil, Sodinokibi, ransomware
29
03/11/2020
Maze
Medical Management, Inc
The Maze ransomware gang adds Medical Management, Inc to the list of their victims.
Malware
Q Human health and social work activities
CC
US
Maze, ransomware, Medical Management, Inc.
30
03/11/2020
Maze
Abington Reproductive Medicine
The Maze ransomware gang adds Abington Reproductive Medicine to the list of their victims.
Malware
Q Human health and social work activities
CC
US
Maze, ransomware, Abington Reproductive Medicine
31
03/11/2020
?
Laboratoires Expanscience
Laboratoires Expanscience is hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
FR
Laboratoires Expanscience, ransomware
32
03/11/2020
?
Saarbrücken Airport
The Saarbrücken Airport is hit with a cyber attack.
Unknown
H Transportation and storage
CC
DE
Saarbrücken Airport
33
04/11/2020
?
Single individuals in the US
Researchers from Malwarebytes reveal that the Qbot botnet is sending U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns.
Malware
K Financial and insurance activities
CC
US
Malwarebytes, Qbot
34
04/11/2020
?
Office 365 Users
A creative Office 365 phishing campaign uses inverted images as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites.
Account hijacking
Y Multiple Industries
CC
>1
Office 365
35
04/11/2020
Suspected Chinese Threat Actor
Corporate organizations in Myanmar
Researchers from Sophos discover a new, Chinese, advanced persistent threat group performing DLL side-loading attacks including the phrase "KilllSomeOne."
The United States announce to have seized 27 domains that were used by Iran's Islamic Revolutionary Guard Corps (IRGC) to spread global covert influence campaigns.
Fake websites, social networks accounts.
O Public administration and defence, compulsory social security
CW
US
Iran, Islamic Revolutionary Guard Corps, IRGC
37
04/11/2020
?
Alamance Skin Center
Alamance Skin Center reveals to have been hit with a ransomware attack on October 21.
Malware
Q Human health and social work activities
CC
US
Alamance Skin Center, ransomware
38
04/11/2020
?
Kingston Health Sciences Centre (KHSC)
Kingston Health Sciences Centre (KHSC) confirms to be facing an online access interruption related to a possible cyber-security breach.
Unknown
Q Human health and social work activities
CC
CA
Kingston Health Sciences Centre, KHSC
39
05/11/2020
?
Club Fitness
Club Fitness notifies a data security discovered on June 18, 2020 when an unknown actor gained access to and obtained data from its network without authorization.
Unknown
R Arts entertainment and recreation
CC
US
Club Fitness
40
05/11/2020
?
Vulnerable Oracle WebLogic servers
Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
CVE-2020-14882 Vulnerability
Y Multiple Industries
CC
>1
Oracle WebLogic, CVE-2020-14882, Cobalt Strike
41
05/11/2020
?
GEO Group
The GEO Group, a company known for running private prisons and illegal immigration detention centers in the US and other countries, says it suffered a ransomware attack on August 19.
Malware
N Administrative and support service activities
CC
US
GEO Group, ransomware
42
05/11/2020
?
Almost 1,200 organizations in over 20 countries in government, military, insurance, finance and manufacturing
Researchers from Checkpoint reveal the details of INJ3CTOR3, a global campaign has compromised Sangoma and Asterisk VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world, to make profit from selling compromised accounts.
CVE-2019-19006 Vulnerability
Y Multiple Industries
CC
>1
Checkpoint, INJ3CTOR3, Sangoma, Asterisk, VoIP
43
05/11/2020
?
iOS users
Apple releases security updates for iOS to patch three zero-day vulnerabilities that were discovered being abused in attacks against its users.
Researchers from 7 Elements discover a threat actor specializing in business email compromise (BEC) attacks, observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations.
Business Email Compromise
Y Multiple Industries
CC
>1
7 Elements, Rackspace
45
05/11/2020
?
Brazilian Ministry of Health
The Brazilian Ministry of Health suffers a hacker attack.
Unknown
O Public administration and defence, compulsory social security
CC
BR
Brazilian Ministry of Health
46
05/11/2020
?
Lupin
Indian Drugmaker Lupin confirms an “information security incident” that has affected its IT systems.
Unknown
Q Human health and social work activities
CC
IN
Lupin
47
06/11/2020
Pay2Key
Organizations from Israel and Brazil
A new ransomware called Pay2Key istargeting organizations from Israel and Brazil, encrypting their networks within an hour.
Malware
Y Multiple Industries
CC
>1
Ransomware, Pay2Key
48
06/11/2020
?
Linux servers and IoT devices
A newly discovered worm and botnet named Gitpaste-12 uses GitHub and Pastebin to host malicious code.
Multiple Vulnerabilities
Y Multiple Industries
CC
>1
Gitpaste-12, GitHub, Pastebin
49
06/11/2020
RansomExx
Multiple targets
Security firm Kaspersky reveals that it discovered a Linux version of the RansomEXX ransomware, marking the first time a major Windows ransomware strain has been ported to Linux.
Malware
Y Multiple Industries
CC
>1
Kaspersky, Linux, RansomEXX
50
06/11/2020
Ranzy Locker
City of Alfortville
The City of Alfortville is hit with a Ranzy Locker ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Alfortville, Ranzy Locker, ransomware
51
06/11/2020
?
Sandicliffe
The bank account details and medical histories of 'possibly thousands' of people are stolen during a cyber attack on Sandicliffe, a well-known car dealership company.
Unknown
H Transportation and storage
CC
UK
Sandicliffe
52
07/11/2020
?
Luxottica
A new Luxottica data breach exposes the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. The breach occurred on August 5th.
Unknown
C Manufacturing
CC
IT
Luxottica, LensCrafters, Target Optical, EyeMed
53
07/11/2020
DoppelPaymer
Compal Electronics
Taiwanese laptop maker Compal Electronics suffers a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom.
Malware
C Manufacturing
CC
TW
Compal Electronics, DoppelPaymer, ransomware
54
08/11/2020
?
Online banking customers in the UK
An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents via text messages (SMS).
Account hijacking
K Financial and insurance activities
CC
UK
HMRC
55
08/11/2020
?
Bigbasket
Grocery e-commerce platform Bigbasket faces a potential data breach which could have leaked details of its around 2 crore (20 million) users, according to cyber intelligence firm Cyble.
Unknown
G Wholesale and retail trade
CC
IN
Bigbasket, Cyble
56
08/11/2020
?
Mashable
Data belonging to users of American culture and technology news website Mashable is leaked on the internet. The company confirms that a hacker had obtained a copy of one of its databases and published it online.
Unknown
J Information and communication
CC
US
Mashable
57
09/11/2020
Ragnar Locker
Hodson Event Entertainment
The ransomware gang from Ragnar Locker hacks the Facebook account of Hodson Event Entertainment to promote the Campari hack.
Researchers from Sonatype discover a malicious NPM project used to steal Discord user tokens and browser information from unsuspecting users.
Malware
X Individual
CC
>1
Sonatype, NPM, Discord
59
09/11/2020
?
Organizations in the education sector (K-12)
Microsoft warns that ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deploy Cobalt Strike to compromise the rest of the network.
Malware
K Financial and insurance activities
CC
US
Microsoft, Microsoft Teams, Cobalt Strike
60
09/11/2020
?
X-Cart
E-commerce software vendor X-Cart reveals to have suffered a ransomware attack at the end of October.
Malware
M Professional scientific and technical activities
CC
US
X-Cart, ransomware
61
09/11/2020
Guildma
Android banking users
Security researchers from Kaspersky discover Ghimob, a new Android banking trojan that can spy and steal data from 153 Android applications.
Malware
K Financial and insurance activities
CC
>1
Kaspersky, Ghimob, Android, Guildma
62
09/11/2020
?
Gonzaga University
The Gonzaga University Black Student Union (BSU) is hit by a Zoom-bombing attack.
Zoom bombing
P Education
CC
US
Gonzaga University, Black Student Union, BSU, Zoom-bombing
63
09/11/2020
xHunt
Organizations in Kuwait
Researchers from Palo Alto Networks discover a new campaign by xHunt, using two backdoors tracked as ‘TriFive’ and ‘Snugy.
Targeted Attack
Y Multiple Industries
CE
KW
Palo Alto Networks, xHunt, TriFive, Snugy
64
09/11/2020
Russia?
Public Opinion in the UK
The British GCHQ has begun an offensive cyber-operation to disrupt anti-vaccine propaganda being spread by hostile states linked to Russia.
Fake websites, social networks accounts.
O Public administration and defence, compulsory social security
CW
UK
GCHQ, Russia
65
09/11/2020
DoppelPaymer
Bailly Creat
The French Pharmaceutical Lab Bailly Creat is hit with a DoppelPaymer ransomware attack.
Malware
Q Human health and social work activities
CC
FR
Lab Bailly Creat, DoppelPaymer, ransomware
66
09/11/2020
?
Multiple targets
Researchers at Area 1 Security discover a phishing campaign using a message saying that the recipient has been fired from their job, and attempting to plant two malware strains - Bazar and Buer - using the Trickbot botnet.
Malware
Y Multiple Industries
CC
US
Area 1 Security, Bazar, Buer, Trickbot
67
10/11/2020
?
123RF
Stock photo site 123RF suffers a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum.
Unknown
S Other service activities
CC
MY
123RF
68
10/11/2020
Chinese threat actors
Multiple targets
Researchers form Lacework reveal the details of Muhstik, a Chinese-linked botnet targeting Oracle WebLogic Server (CVE-2019-2725 and CVE-2017-10271) and Drupal RCE flaw (CVE-2018-7600).
Researchers from Abnormal Security discover a phishing campaign targeting Office 365 users, impersonating the U.S. Internal Revenue Service (IRS) an threatening the victims to legal action.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Office 365, U.S. Internal Revenue Service, IRS
70
10/11/2020
?
Multiple targets in the retail
Researchers from Akamai discover a new skimmer attack, targeting several e-stores with a new technique to exfiltrate data via WebSockets.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Akamai
71
10/11/2020
?
Pakistan International Airlines
Researchers from KELA reveal that access to Pakistan International Airlines’ network is being offered for sale on the cyber underground.
Unknown
H Transportation and storage
CC
PK
KELA, Pakistan International Airlines
72
10/11/2020
?
Facebook users in the UK
A fake Facebook Group is using the lure of a free hamper of Cadbury chocolate to trick social media users into divulging their personal and financial details, it has emerged.
Account hijacking
X Individual
CC
UK
Facebook, Cadbury
73
10/11/2020
?
Minecraft players
Researchers from Avast discover a wave of malicious minecraft apps on Play Store scamming millions of users.
Malware
R Arts entertainment and recreation
CC
>1
Avast, Minecraft, Play Store
74
11/11/2020
ShinyHunters
Animal Jam
The popular children's online playground Animal Jam suffers a data breach impacting 46 million accounts.
Unknown
R Arts entertainment and recreation
CC
US
Animal Jam, ShinyHunters
75
11/11/2020
Iranian threat actors
Israeli companies
The recent ransomware waves carried out via Pay2Key and WannaScream, which targeted Israeli companies have been traced back to Iranian threat actors.
Malware
Y Multiple Industries
CC
IL
Iran, ransomware, Pay2Key, WannaScream
76
11/11/2020
?
Multiple targets
Researchers from DataDome discover that multiple data-scraping groups have abused the Facebook link preview feature to scrape data from internet sites disguised as Facebook's content crawler.
Data-Scraping
Y Multiple Industries
CC
>1
DataDome, Facebook
77
11/11/2020
?
Multiple targets in the retail
Researchers from Sucuri discover a new web skimmer that pretends to be related to the same company.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sucuri
78
11/11/2020
?
Maine Township High School District 207, Niles Township High School District 219, Township High School District 211
Students of Maine Township High School District 207 and Niles Township High School District 219 are exposed to hate speech and lewd material after hackers apparently infiltrated both districts’ websites, school officials said.
Unknown
P Education
CC
US
Maine Township High School District 207, Niles Township High School District 219, Township High School District 211
79
11/11/2020
?
Keene City
Keene officials are asking people to take protective measures after a security breach may have compromised the banking information of about 5,525 individuals and organizations that have sent checks to the city's post office box.
Unknown
O Public administration and defence, compulsory social security
CC
US
Keene City
80
12/11/2020
?
The North Face
Outdoor retail giant The North Face resets the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th.
Credential Stuffing
G Wholesale and retail trade
CC
US
The North Face
81
12/11/2020
?
Multiple targets
Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild.
CVE-2020-16013, CVE-2020-16017 Vulnerabilities
Y Multiple Industries
N/A
>1
Google, Chrome, CVE-2020-16013, CVE-2020-16017
82
12/11/2020
CostaRicto
Multiple targets
Researchers from Blackberry discover a new mercenary hacker group tracked as CostaRicto, selling its services to entities requiring APT-level hacking expertise in cyber-espionage campaigns spanning the globe and targeting a multitude of industry sectors.
Targeted Attack
Y Multiple Industries
CE
>1
Blackberry, CostaRicto
83
12/11/2020
Russian-speaker attackers
Multiple targets
Researchers from Morphisec reveal that Russian-speaking hackers have been using a new malware to steal information from their victims. Named Jupyter.
Malware
Y Multiple Industries
CC
>1
Morphisec, Jupyter
84
12/11/2020
?
Multiple targets
Researchers from ESET discover ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS, a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.
Malware
I Accommodation and food service activities
CC
>1
ESET, ModPipe,, ORACLE MICROS RES 3700 POS
85
12/11/2020
?
Akropolis
Cryptocurrency borrowing and lending service Akropolis reveals a hacker used a "flash loan" attack against its platform and stole roughly $2 million worth of Dai cryptocurrency.
Unknown
V Fintech
CC
GI
Akropolis, Crypto
86
12/11/2020
CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE and XENOTIME
Multiple targets
A report published by industrial cybersecurity firm Dragos reveals that the manufacturing sector has been attacked by five threat groups that have been known to target industrial environments.
Targeted Attack
C Manufacturing
CE
>1
Dragos, CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE and XENOTIME
87
12/11/2020
?
City of Bondy (Seine-Saint-Denis)
The City of Bondy (Seine-Saint-Denis) is been fully mobilized after a cyberattack affecting municipal services.
Unknown
O Public administration and defence, compulsory social security
CC
FR
City of Bondy (Seine-Saint-Denis)
88
12/11/2020
?
The Wash Tub
The Wash Tub notifies customers of an incident involving a suspected card breach that occurred September 2019 through October 2020.
Unknown
S Other service activities
CC
US
The Wash Tub
89
12/11/2020
?
Newcastle Grammar School
Newcastle Grammar School is hit with a ransomware attack.
At least seven prominent companies involved in COVID-19 vaccines research and treatments.
Microsoft says it detected three state-sponsored hacking operations that have launched cyber-attacks on at least seven prominent companies involved in COVID-19 vaccines research and treatments.
Biomedical and clinical research company Miltenyi Biotec says that it has fully restored systems after a malware attack that took place last month and affected the firm's global IT infrastructure.
Malware
M Professional scientific and technical activities
CC
DE
Miltenyi Biotec, Mount Locker, Ransomware
92
13/11/2020
?
Single individuals
Researchers from Netskope discover TroubleGrabber, a new credential stealer discovered, spreading via Discord attachments and using Discord webhooks to deliver stolen information to its operators.
Malware
X Individual
CC
>1
Netskope, TroubleGrabber, Discord
93
13/11/2020
TA505
Healthcare organizations in Australia
The Australian government issues a security alert today urging local health sector organizations of attacks involving the SDBBot Remote Access Tool (RAT) and deploying the Clop ransomware.
Malware
Q Human health and social work activities
CC
AU
SDBBot, Clop, ransomware
94
13/11/2020
?
Facebook users
Researchers from vpnMentor discover an unsecured database containing hundreds of thousands of stolen Facebook logins.
Account hijacking
X Individual
CC
>1
vpnMentor, Facebook
95
13/11/2020
?
Mercy Iowa City
Mercy Iowa City notifies 92,795 individuals after discovering that an employee’s email account was compromised from May 15 until June 24.
Account hijacking
O Public administration and defence, compulsory social security
CC
US
Mercy Iowa City
96
13/11/2020
?
Bayhealth
Bayhealth notifies 78,000 patients and donors that their information was involved in the Blackbaud ransomware data breach.
Malware
Q Human health and social work activities
CC
US
Bayhealth, Blackbaud, ransomware
97
14/11/2020
Egregor
Cencosud
Chilean-based multinational retail company Cencosud suffers a cyberattack by the Egregor ransomware operation that impacts services at stores.
Malware
G Wholesale and retail trade
CC
CI
Cencosud, Egregor, ransomware
98
14/11/2020
ShinyHunters
Pluto TV
ShinyHunters is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach.
Unknown
R Arts entertainment and recreation
CC
US
ShinyHunters, Pluto TV
99
14/11/2020
Avaddon
American Bank Systems
American Bank Systems (ABS), a company that provides services to U.S. financial institutions and banks is hit by a Avaddon ransomware attack this month. 53 gb data is leaked.
Malware
N Administrative and support service activities
CC
US
American Bank Systems, ABS, Avaddon, ransomware
100
15/11/2020
?
City of Saint John
The City of Saint John is hit by a 'significant' cyber attack
Unknown
O Public administration and defence, compulsory social security