It’s time to publish the second timeline of November (part I available at this link), covering the main cyber attacks occurred in the second half of the same month. This timeline shows a small increase in the number of collected events: 108 against 100 of the previous one, where the total includes 3 events that occurred before the considered time interval, but were published in this period.
Needless to say, ransomware dominates the threat landscape: 40 out of 108 events (roughtly 37%) are directly or indirectly related to this threat, and the list of the high-profiles victim continues to grow accordingly, but despite the number and impact of ransomware incidents overshadow every other event, there are a couple of them that are not related to this threat and equally worthy to mention. Apparently the hacks to fintech companies are back (or maybe they were never gone), Pickle Finance suffered a $19.7 million worth loss in cryptocurrency, and also Peatix, an event organizing platform, had 4.2 million users leaked.
The cyber espionage front is particularly hot in this end of 2020, given also the interest of targeting entities involved in the development of the COVID-19 vaccine. Obviously pharmaceutical companies are not the only targets of nation-state criminals, and even this timeline is rich of such operations: APT32 was particularly active, but also other well-know actors like the Lazarus Group and APT10 appear in the table.
Finally, also the Anonymous hacktivists are back in the timeline after a while, with an operation against the Uganda Police.
Details and links for all the events are in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
13/10/2020
?
Mumbai
Authorities in India determine that a major power outage that occurred on October 13 in Mumbai may have been caused by hackers, according to reports.
Malware
D Electricity gas steam and air conditioning supply
Four Winds Hospital reveals to have been hit with a ransomware attack on September 1st.
Malware
Q Human health and social work activities
CC
US
Four Winds Hospital, ransomware
4
16/11/2020
The Lazarus Group AKA Hidden Cobra
Multiple targets
Researchers from ESET discover a new campaign carried out by the Lazarus Group (AKA Hidden Cobra) tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates from WIZVERA VeraPort.
Managed.com, one of the biggest providers of managed web hosting solutions, takes down all its servers in order to deal with a ransomware attack.
Malware
J Information and communication
CC
US
Managed.com, REvil, Sodinokibi
6
16/11/2020
?
Americold
Cold storage giant Americold is hit with a ransomware attack impacting their operations, including phone systems, email, inventory management, and order fulfillment.
Malware
M Professional scientific and technical activities
CC
US
Americold, ransomware
7
16/11/2020
?
Single individuals
Researchers from Malwarebytes reveal that the Malsmoke campaign has changed tactic, switching from exploit kits to social engineering to target adult content consumers.
Malware
X Individual
CC
>1
Malwarebytes, Malsmoke
8
16/11/2020
?
Multiple targets in the retail sector
Researchers from RiskIQ discover a new skimmer dubbed Grelos
Malicious Script Injection
G Wholesale and retail trade
CC
>1
RiskIQ, Grelos, Magecart
9
16/11/2020
?
Single individuals
Researchers from Sonatype reveal the details of CursedGrabber, a new family of Discord malware hidden in the npm registry.
Malware
X Individual
CC
>1
Sonatype, CursedGrabber, Discord, npm
10
16/11/2020
?
Northampton Public Library
The Northampton Public Library discloses a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Northampton Public Library, ransomware
11
16/11/2020
NetWalker
Umanis
Umanis is hit with a NetWalker ransomware attack.
Malware
M Professional scientific and technical activities
CC
FR
Umanis, ransomware, NetWalker
12
17/11/2020
APT10 AKA Cicada, Stone Panda, and Cloud Hopper
Japanese companies and subsidiaries from multiple industry sectors in 17 regions around the globe.
Researchers from Broadcom reveal that the Chinese state-sponsored group APT10 has been observed while attempting to exploit the Windows Zerologon vulnerability in attacks against Japanese companies and subsidiaries from multiple industry sectors in 17 regions around the globe.
CVE-2020-1472 Vulnerability
Y Multiple Industries
CE
JP
Broadcom, APT10, Zerologon, China, CVE-2020-1472, Cicada, Stone Panda, Cloud Hopper
13
17/11/2020
FunnyDream
Southeast Asian governments
Researchers from BitDefender discover a widespread cyber-espionage campaign carried out by a Chinese group named FunnyDream.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
BitDefender, FunnyDream, China
14
17/11/2020
?
Vulnerable CMS Servers
Researchers from Wordfence reveal that unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.
Wordpress plugin vulnerability
Y Multiple Industries
CC
>1
Wordfence, WordPress, Epsilon Framework
15
17/11/2020
?
Office 365 Users
Microsoft discovers an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets.
Account hijacking
Y Multiple Industries
CC
>1
Microsoft, Office 365
16
17/11/2020
?
Multiple targets
A new phishing campaign by the TrickBot gang distributes LightBot, a new reconnaissance tool.
Account hijacking
Y Multiple Industries
CC
>1
TrickBot, LightBot
17
17/11/2020
?
Hampton Roads Sanitation District
Hampton Roads Sanitation District is hit with a ransomware attack.
Malware
S Other service activities
CC
US
Hampton Roads Sanitation District, ransomware
18
17/11/2020
DoppelPaymer
Reconstructive Orthopedic Center (ROC)
Reconstructive Orthopedic Center (ROC) joins the list of the victims of the DoppelPaymer ransomware
Malware
Q Human health and social work activities
CC
US
Reconstructive Orthopedic Center, ROC, DoppelPaymer
19
17/11/2020
?
Port of Kennewick
Hackers are demanding a $200,000 ransom after placing an encryption lock on the Port of Kennewick's computer servers and files.
Malware
H Transportation and storage
CC
US
Port of Kennewick, ransomware
20
18/11/2020
?
Customers of MercadoLivre in Brazil
Researchers from Cybereason Nocturnus discover Chaes a malware targeting the financial information of Brazilian customers of MercadoLivre, the largest Brazilian e-commerce platform.
Malware
G Wholesale and retail trade
CC
BR
Cybereason, Nocturnus, Chaes, MercadoLivre
21
18/11/2020
?
Liquid.com
Liquid.com's domain is transferred under the control of a malicious actor. The attack happens after some GoDaddy employees fall victim of a social engineering scam.
DNS hijacking
V Fintech
CC
JP
Liquid.com, GoDaddy
22
18/11/2020
?
NiceHash
NiceHash freezes all the funds after falling victim of the same DNS hijack.
DNS hijacking
V Fintech
CC
SI
NiceHash, GoDaddy
23
18/11/2020
?
Bibox.com
Even if it is not confirmed Bibox.com is allegedly hit by the same attack.
DNS hijacking
V Fintech
CC
EE
Bibox.com, GoDaddy
24
18/11/2020
?
Celsius.network
Celsius.network is allegedly hit by the same attack.
DNS hijacking
V Fintech
CC
UK
Celsius.network, GoDaddy
25
18/11/2020
?
Wirex.app
Wirex.app is allegedly hit by the same attack.
DNS hijacking
V Fintech
CC
SK
Wirex.app, GoDaddy
26
18/11/2020
?
City of Kuurne
The municipal services in Kuurne are down after suffering a cryptomining attack.
Malware
O Public administration and defence, compulsory social security
CC
BE
Kuurne
27
18/11/2020
?
Mansfield schools
Mansfield schools are hit with a DDoS attack.
DDoS
P Education
CC
US
Mansfield schools
28
19/11/2020
?
AspenPointe
U.S. healthcare provider AspenPointe notifies patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information and personally identifiable information.
Unknown
Q Human health and social work activities
CC
US
AspenPointe
29
19/11/2020
Ragnar Locker
Cloud service providers, communication, construction, travel, and enterprise software companies
The FBI warns private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.
Malware
Y Multiple Industries
CC
US
Ragnar Locker, ransomware
30
19/11/2020
Mount Locker
TurboTax users
A new version of the Mount Locker ransomware specifically targets files used by the TurboTax tax software.
Malware
X Individual
CC
US
Mount Locker, ransomware, TurboTax
31
19/11/2020
?
Paris-Normandy
The French daily newspaper Paris-Normandy is hit with a ransomware attack.
Seeley Medical notifies to have become aware of suspicious activity on its network on September 7. An investigation revealed that its network had been infected with malware which prevented access to certain files on the system.
Malware
Q Human health and social work activities
CC
US
Seeley Medical
34
19/11/2020
REvil AKA Sodinokibi
Griffin Hospital
The Griffin Hospital is affected by the Managed.com ransomware attack.
Jackson County is affected by the Managed.com ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Jackson County, ransomware, Revil, Sodinokibi, Managed.com
36
20/11/2020
?
Vulnerable Wordpress sites
Researchers from Akamai discover a new cyber criminal group taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of hijacking the original site's search engine ranking and reputation and promote online scams.
Brute-force
Y Multiple Industries
CC
>1
Akamai, Wordpress
37
20/11/2020
?
Multiple targets
Researchers from Abnormal Security discover a new campaign with scammers trying to steal email credentials from employees by impersonating their organization's human resources department in phishing emails camouflaged as internal 'back to work' company memos.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, COVID-19
38
20/11/2020
ShinyHunters
Glofox
Irish gym management software company Glofox investigates reports of a recent data breach in which users’ personal details may have been compromised.
Unknown
M Professional scientific and technical activities
CC
IE
Glofox, ShinyHunters
39
20/11/2020
?
Mitsubishi Electric Corp.
Mitsubishi Electric Corp. was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners.
Cloud Misconfiguration
C Manufacturing
CC
JP
Mitsubishi Electric Corp.,
40
20/11/2020
?
LSU Health New Orleans
LSU Health New Orleans issues a HIPAA breach notification after detecting a cyber-intrusion into an employee’s electronic mailbox.
Account hijacking
Q Human health and social work activities
CC
US
LSU Health New Orleans
41
20/11/2020
Conti
Golden Gate Regional Center (GGRC)
Golden Gate Regional Center (GGRC) reveals to have been hit by a ransomware attack on September 23
Malware
Q Human health and social work activities
CC
US
Golden Gate Regional Center, GGRC, ransomware, Conti
42
20/11/2020
?
Oglethorpe County school system
The Oglethorpe County school system is hit with a ransomware attack.
Malware
P Education
CC
US
Oglethorpe County school system, ransomware
43
20/11/2020
?
LSU Health New Orleans Health Care Services Division
LSU Health New Orleans Health Care Services Division says it became aware of a cyber intrusion into an employee’s electronic mailbox. Thousands of patients’ information may have been potentially accessed.
Account hijacking
Q Human health and social work activities
CC
US
LSU Health New Orleans Health Care Services Division
44
21/11/2020
?
Manchester United
Manchester United is hit by what is believed is a ransomware attack.
Malware
R Arts entertainment and recreation
CC
UK
Manchester United, ransomware
45
21/11/2020
?
Pickle Finance
Popular decentralized finance (DeFi) protocol Pickle Finance is hacked, draining $19.7 million in DAI, a decentralized stablecoin
Unknown
V Fintech
CC
N/A
Pickle Finance
46
21/11/2020
RootAyyildiz
vote.joebiden.com
The Vote Joe site set up by the Biden-Harris Presidential campaign is hacked and defaced by a Turkish hacker called RootAyyildiz.
Defacement
S Other service activities
H
US
Vote Joe, Joe Biden, Kamala Harris, RootAyyildiz
47
21/11/2020
NetWalker
Law In Order
Law In Order, an Australian supplier of document and digital services to law firms, suffers a ransomware attack believed to be the NetWalker malware.
Malware
N Administrative and support service activities
CC
AU
Law In Order, NetWalker, ransomware
48
21/11/2020
?
Multiple targets
Multiple threat actors have spent the past two-three years mass-scanning the internet for ENV (environment) files accidentally uploaded and left exposed on web servers.
Misconfiguration
Y Multiple Industries
CC
>1
ENV
49
21/11/2020
?
Hundreds of female sports stars and celebrities
Unknown hackers steal naked photos and videos from hundreds of female sports stars and celebrities and leaked them online.
Unknown
X Individual
CC
>1
50
21/11/2020
?
Ouest-France
The Newspaper group Ouest-France is hit with a ransomware attack.
Malware
J Information and communication
CC
FR
Ouest-France, ransomware
51
21/11/2020
?
Archdiocese of St. Louis
The Archdiocese of St. Louis websites are down after a “coordinated ransomware campaign".
Malware
S Other service activities
CC
US
Archdiocese of St. Louis
52
22/11/2020
Clop
E-Land
South Korean conglomerate and retail giant E-Land suffers a Clop ransomware attack causing 23 of its retail stores to suspend operations while they deal with the attack. The attackers claim to have stolen 2 million credit cards over a one-year period ending with the attack.
Malware
G Wholesale and retail trade
CC
KR
E-Land, Clop, Ransomware
53
22/11/2020
?
US Fertility
US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company on September 14, 2020.
Malware
Q Human health and social work activities
CC
US
US Fertility, ransomware
54
22/11/2020
pumpedkicks
Multiple targets
A hacker posts a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. Few days later an actor dubbed 'arendee2018' posts the credentials.
The NCSC warns that APT nation-state groups and cyber criminals are now actively attempting to exploit the CVE 2020-15505 MobileIron vulnerability to compromise the networks of UK organizations.
CVE 2020-15505 Vulnerability
Y Multiple Industries
CE
UK
NCSC ,CVE 2020-15505, MobileIron
56
23/11/2020
Mustang Panda (AKA TA416 and RedDelta)
Entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party
Researchers from Malwarebytes discover a new campaign carried out by the Chinese threat group Mustang Panda targeting entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party.
Targeted Attack
Y Multiple Industries
CE
>1
Mustang Panda, TA416, RedDelta, Vatican, Chinese Communist Party
57
23/11/2020
?
Spotify users
A report from VPNMentor reveals that hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources.
Credential Stuffing
R Arts entertainment and recreation
CC
>1
VPNMentor, Spotify
58
23/11/2020
?
Minecraft players
Researchers from Kaspersky discover more than 20 apps on Google Play promising Minecraft mods, but turning out to be malicious.
Malware
R Arts entertainment and recreation
CC
>1
Minecraft, Android, Google Play
59
23/11/2020
?
Single individuals in the US
The U.S. Federal Bureau of Investigation (FBI) warns the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency's official websites.
Account hijacking
X Individual
CC
CE
US
FBI
60
23/11/2020
?
Levis Capital
Levis Capital, a Sydney-based hedge fund is forced to close after a hacker was able to send off fake invoices on behalf of the firm.
Account hijacking
K Financial and insurance activities
CC
AU
Levis Capital, Zoom
61
23/11/2020
Anonymous
Uganda Police (www.upf.go.ug)
Hacktivists from Anonymous take down the website of Uganda Police in the wake of protests triggered by the arrest of Robert Kyagulanyi Ssentamu, also known by his pop star alias, Bobi Wine.
DDoS
O Public administration and defence, compulsory social security
H
UG
Anonymous, Uganda Police, www.upf.go.ug, Robert Kyagulanyi Ssentamu, Bobi Wine
62
23/11/2020
NetWalker
Finistère Habitat
Finistère Habitat is hit with a NetWalker ransomware attack.
Malware
L Real estate activities
CC
FR
Finistère Habitat, NetWalker, ransomware
63
23/11/2020
REvil AKA Sodinokibi
Arizona Court System
The Arizona Court System is impacted by the Managed.com ransomware attack.
Malware
O Public administration and defence, compulsory social security
A hacker leaks the data of more than 4.2 million users registered on Peatix, an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.
Unknown
N Administrative and support service activities
CC
US
Peatix
65
24/11/2020
?
Rand McNally
Chicago-based transportation technology firm Rand McNally is hit with a cyber attack.
Unknown
N Administrative and support service activities
CC
US
Rand McNally
66
24/11/2020
?
Ritzau
Ritzau, the largest independent news agency in Denmark is hit with a ransomware attack.
Malware
J Information and communication
CC
DK
Ritzau, ransomware
67
24/11/2020
?
Single individuals in the US
Researchers from Inky discover a phishing campaign baiting U.S. citizens with emails purporting to be from government agencies offering federal assistance.
Account hijacking
X Individual
CC
US
Inky
68
24/11/2020
?
Android users
Researchers from Check Point warn of WAPDropper, a new malware family that currently targets mobile phone users to subscribe them silently to legitimate premium-rate services.
Malware
X Individual
CC
>1
Check Point, WAPDropper, Android
69
24/11/2020
?
Premier Health
Premier Health notifies its patients to have discovered unusual activity involving certain employee email accounts on June 8, 2020.
Account hijacking
Q Human health and social work activities
CC
US
Premier Health
70
24/11/2020
?
Misconfigured Docker servers
Researchers from Qihoo 360 discover Blackrota, a malicious backdoor program written in the Go language that
exploits an unauthorized access vulnerability in the Docker Remote API.
Misconfiguration
Y Multiple Industries
CC
>1
Qihoo 360, Blackrota, Go, Docker
71
24/11/2020
?
Multiple targets
Researchers from Intezer Labs discover a new version of the Stantinko botnet, posing as the legitimate Apache web server process (httpd) in order to make detection harder on infected hosts.
Malware
Y Multiple Industries
CC
>1
Intezer Labs, Stantinko, Apache
72
24/11/2020
?
Galstan & Ward Family and Cosmetic Dentistry
Galstan & Ward Family and Cosmetic Dentistry reveals to have been hit with a ransomware attack on September 11.
Malware
Q Human health and social work activities
CC
US
Galstan & Ward Family and Cosmetic Dentistry, ransomware
73
24/11/2020
?
Headlam Group
Floor coverings distributor Headlam Group says to have suffered an unauthorized access to some of its computer systems, resulting in some data being accessed.
Unknown
G Wholesale and retail trade
CC
UK
Headlam Group
74
25/11/2020
?
Baltimore County Public Schools
Baltimore County Public Schools is hit by a ransomware attack that leads to a systemic shutdown of its network,
Malware
P Education
CC
US
Baltimore County Public Schools, ransomware
75
25/11/2020
?
Belden
Network device manufacturer Belden reveals it was hit with a cyberattack (probably ransomware) that allowed threat actors to steal files containing information about employees and business partners.
Malware
C Manufacturing
CC
US
Belden, ransomware
76
25/11/2020
?
Medical and manufacturing organizations in the US
The FBI warns US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise (BEC) attacks.
Business Email Compromise
C Manufacturing
CC
US
FBI
77
25/11/2020
?
Microsoft Edge users
Microsoft removes 18 Edge browser extensions from the Edge Add-ons portal after the extensions were caught injecting ads into users' web search results pages.
Malware
X Individual
CC
>1
Microsoft Edge
78
25/11/2020
?
Zoom users mostly in the US
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.
Account hijacking
X Individual
CC
US
Better Business Bureau, Zoom
79
25/11/2020
?
Unidas
The Brazilian car rental company Unidas suffers a data breach,
Unknown
H Transportation and storage
CC
BR
Unidas
80
26/11/2020
DoppelPaymer
Banijay Group SAS
French multinational production and distribution firm Banijay Group SAS reveals to have been hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident. In particular the attack targeted the network of Endemol, a company acquired.
Malware
R Arts entertainment and recreation
CC
FR
Banijay Group SAS, DoppelPaymer, ransomware, Endemol
81
26/11/2020
?
Multiple targets
Researchers at Sansec uncovered a novel technique to inject payment skimmers onto checkout pages via social media buttons.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sansec, Magecart
82
26/11/2020
?
Single individuals in the US
A massive ongoing phishing attack pretends to be an invite for a Zoom Thanksgiving meeting.
Account hijacking
X Individual
CC
US
Zoom
83
26/11/2020
Dark Caracal
Multiple targets
Researchers from Check Point reveal that the Dark Caracal cyberespionage group, associated with the Lebanese General Directorate, is back, with a new series of attack against multiple industries, using a new version of a 13-year-old backdoor Trojan dubbed Bandook.
Targeted Attack
Y Multiple Industries
CE
>1
Check Point, Dark Caracal, Bandook
84
26/11/2020
?
Capo Verde Private Technology Network
The Finance Minister of Capo Verde suffers a cyber attack on the State’s Private Technology Network (RTPE).
Unknown
J Information and communication
CC
CV
Capo Verde, Private Technology Network
85
26/11/2020
?
Gardiner Public Schools
The Gardiner Public Schools district is hit with a ransomware attack.
Malware
P Education
CC
US
Gardiner Public Schools, ransomware
86
26/11/2020
Beenu Arora
Undisclosed e-commerce company
A suspected individual called Beenu Arora hacks into an e-commerce company, steals the information of 30 companies and advertises the sale of the information on the dark net.
Unknown
G Wholesale and retail trade
CC
IN
Beenu Arora
87
26/11/2020
?
21,000 British motorists
The Personal information, including driving license numbers and phones numbers, of 21,000 British motorists is reportedly stolen by cyber criminals and put up for sale on dark web marketplaces.
Unknown
X Individual
CC
UK
British motorists
88
26/11/2020
Egregor
Spring Independent School District
The Spring Independent School District is allegedly hit with an Egregor ransomware attack.
Malware
P Education
CC
US
Spring Independent School District, Egregor, ransomware
89
26/11/2020
?
Undisclosed school district in Montana
An undisclosed school district in Montana is equally hit with a ransomware attack.
Malware
P Education
CC
US
Montana, ransomware
90
27/11/2020
Suspected North Korean hackers
Astra Zeneca
Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks.
Targeted Attack
M Professional scientific and technical activities
CE
UK
North Korea, Astra Zeneca
91
27/11/2020
?
Small and medium-sized businesses in the U.S. and Australia.
Researchers from Mitiga discover a phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combining cloud services from Oracle and Amazon into its infrastructure.
Researchers from Trend Micro discover a new operation by APT32 targeting Apple MacOS users.
Targeted Attack
Y Multiple Industries
CE
VN
Trend Micro, APT32, Apple MacOS, APT-C-00
93
27/11/2020
?
Hundreds of companies around the world
A threat actor is selling passwords for Office 365 and email accounts of hundreds of C-level executives at companies across the world.
Account hijacking
Y Multiple Industries
CC
>1
Email
94
27/11/2020
?
TRF-1 (Tribunal Regional da Primeira RegiĂŁo)
The Brazilian Tribunal Regional da Primeira RegiĂŁo is hit with a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
BR
Tribunal Regional da Primeira RegiĂŁo, TRF-1
95
27/11/2020
?
Koninklijke Nederlandsche Wielren Unie (KNWU)
90,000 people from Koninklijke Nederlandsche Wielren Unie (the Royal Dutch Cycling Union, KNWU) have their details compromised after a database is left exposed in the Internet.
Misconfiguration
R Arts entertainment and recreation
CC
NL
Koninklijke Nederlandsche Wielren Unie, KNWU
96
28/11/2020
Conti
Advantech
Industrial automation and IoT chip maker Advantech is hit with a Conti ransomware attack. The attackers demand a ransom of 750 BTC (roughly $12,600,000 at the current exchange rate)
Malware
C Manufacturing
CC
US
Advantech, Conti ransomware
97
28/11/2020
DoppelPaymer
Delaware County
Delaware County, Pennsylvania is hit with the DoppelPaymer ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Delaware County, DoppelPaymer, Ransomware
98
28/11/2020
?
Stuller
Stuller is hit with a cyber attack.
Unknown
G Wholesale and retail trade
CC
US
Stuller
99
30/11/2020
RansomExx
Embraer
Brazilian aerospace and defence group Embraer is targeted by a RansomExx ransomware cyberattack. Few days later the attackers leak the stolen data.
Malware
C Manufacturing
CC
BR
Embraer, RansomExx, ransomware
100
30/11/2020
BlackShadow
Shirbit
A cybercrime group calling themselves 'BlackShadow' tweets that they hacked into the Israeli Shirbit insurance company and stole files during the attack. The threat actors extort the company by demanding almost $1 million in bitcoin to stop leaking the company's stolen data.
Unknown
K Financial and insurance activities
CC
IL
BlackShadow, Shirbit
101
30/11/2020
Bismuth AKA APT32 and OceanLotus
Human and civil rights organizations, multinational companies, financial services, educational institutions, and entities in the government sector.
Microsoft reveals that an advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.
Targeted Attack
Y Multiple Industries
CE
>1
Microsoft, Bismuth, APT32, OceanLotus
102
30/11/2020
?
Targets in Germany
Researchers from Malwarebytes discover a new campaign distributing the Gootkit information-stealing Trojan and the REvil Ransomware to targets in Germany.
Malware
Y Multiple Industries
CC
DE
Malwarebytes, Gootkit, REvil Ransomware
103
30/11/2020
Ryuk
K12 Inc.
Online education giant K12 Inc. reveals to have paid a ransom after their systems were hit by the Ryuk ransomware in the middle of November.
Malware
P Education
CC
US
K12 Inc., Ryuk, Ransomware
104
30/11/2020
?
Huntsville City Schools district
Ransomware operators attack the Huntsville City Schools district in Alabama, forcing them to shut down schools.
Malware
P Education
CC
US
Huntsville City Schools district, ransomware
105
30/11/2020
?
Brokerage firms in the US
US securities industry regulator FINRA warns brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website.
Account hijacking
K Financial and insurance activities
CC
US
FINRA
106
30/11/2020
?
Multiple targets in retail sector
A newly discovered credit card skimmer uses an innovative technique, hiding the skimmer inside images, to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.
Malicious Script Injection
G Wholesale and retail trade
CC
US
PayPal, Magecart
107
30/11/2020
?
Huntsville City Schools
Huntsville City Schools are hit with a ransomware attack.
Malware
P Education
CC
US
Huntsville City Schools, ransomware
108
30/11/2020
?
McLeod Health
McLeod Health notifies patients after an employee email account is compromised on April 2020.