I am catching up with the cyber attacks timelines for this troubled 2020, which has nearly come to an end. I am happy to publish the first timeline of December, covering the most important events occurred in the first two weeks of this month. Before going into the details let me say that you will hopefully note a change. Starting from this timeline, I have decided to report three different dates for each event in order to provide a consistent chronological order even for the events occurred in the past and disclosed (or discovered) a posteriori: the date when the event was published, when it happened, and, if available, when it was discovered (and this is different than the date when it was published).
Despite double extortion ransomware attacks continue to dominate the threat landscape, undoubtedly this timeline is characterized by the massive supply chain attack allegedly carried out by Russian state-sponsored actors and potentially targeting more than 18,000 organizations worldwide including high-profile targets in the government and business space. This operation will leave an enduring mark and some months will be probably necessary to evaluate its real extent.
The above event overshadows everything else, so even the fact that nearly one out of three events are related to ransomware (but this is not a surprise any longer), with the list of high-profile victims that continue to grow at each timeline. Ransomware that has also become destructive and, in case of the Pay2Key operation, used as a cyber weapon in the war between Israel and Iran. In general I would say that the number of operations driven by cyber warfare is unusually high in this timeline.
Last but not least, even the cyber espionage front is quite crowded, but this is another sign of the difficult times we are living…
Details and links for each event are in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date Published
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
09/11/20
27/03/20
-
?
TBG West Insurance
A filing from Cadwalader, Wickersham & Taft reveals that one of its vendors, TBG West Insurance, was hit with a ransomware attack on March 2020.
Malware
K Financial and insurance activities
CC
US
Cadwalader, Wickersham & Taft, TBG West Insurance, ransomware
2
09/11/20
Between April and May 2020
-
?
New York Bar association
The New York Bar Association reveals to have been compromised via unauthorized code inserted into third-party commerce and management software known as iMIS on ita website.
Malicious Script Injection
M Professional scientific and technical activities
CC
US
New York Bar Association
3
09/11/20
Between April and May 2020
-
?
Chicago Bar association
The Chicago Bar Association reveals to have been compromised via unauthorized code inserted into third-party commerce and management software known as iMIS on ita website.
Malicious Script Injection
M Professional scientific and technical activities
CC
US
Chicago Bar association
4
01/12/20
-
-
State-sponsored actors
U.S. think tank organizations
The FBI and DHS-CISA warn of state-sponsored hacking groups targeting U.S. think tank organizations.
Targeted Attack
S Other service activities
CE
US
FBI, DHS-CISA
5
01/12/20
-
-
?
Vulnerable Oracle WebLogic servers
Researchers from Juniper discover a botnet known as DarkIRC, actively targeting thousands of exposed Oracle WebLogic vulnerable to CVE-2020-14882.
Researchers from Check Point reveal to have seen, during the month of November, a dramatic spike in phishing emails impersonating internationally-known shipping companies such as DHL, Amazon & FedEx.
Account hijacking
X Individual
CC
>1
Check Point, DHL, Amazon, FedEx
7
01/12/20
-
-
?
Single individuals
Researchers from Sonatype discover two malicious NPM packages (jdb.js' and 'db-json.js') that install the njRAT remote access trojan.
Malware
X Individual
CC
>1
Sonatype, NPM, jdb.js, db-json.js, njRAT
8
01/12/20
-
-
?
Android GO SMS Pro users
Malicious actors exploit the GO SMS Pro vulnerability to download users' details.
Vulnerability
X Individual
CC
>1
GO SMS Pro, Android
9
01/12/20
Sometime in the spring
-
?
Philabundance
Hunger relief group Philabundance loses nearly $1,000,000 in Business Email Compromise scam.
Business Email Compromise
Q Human health and social work activities
CC
US
Philabundance
10
01/12/20
-
-
?
Misconfigured Linux Systems
Researchers from Cisco Talos discover a Monero cryptomining botnet called Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems.
Misconfiguration
Y Multiple Industries
CC
>1
Cisco Talos, Monero, Xanthe, Docker, Linux
11
01/12/20
23/11/20
-
?
IIMJobs
The database of the Indian job board IIMJobs is leaked on a hacking forum after the website suffered a data breach. 1.4 million users are affected.
Unknown
N Administrative and support service activities
CC
IN
IIMJobs
12
02/12/20
-
-
North Korean hackers
Six pharmaceutical companies including Johnson & Johnson, Novavax Inc., Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc.
North Korean hackers have targeted at least six pharmaceutical companies in the U.S., the U.K. and South Korea working on COVID-19 treatments.
Targeted Attack
M Professional scientific and technical activities
CE
>1
Johnson & Johnson, Novavax Inc., Genexine Inc., Shin Poong Pharmaceutical Co., Celltrion Inc.
13
02/12/20
-
-
Turla
Ministry of Foreign Affairs of a European Union country
Researchers from ESET reveal that the Russian-backed hacking group Turla has used a previously undocumented malware toolset, dubbed Crutch, to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns.
Targeted Attack
O Public administration and defence, compulsory social security
CE
N/A
ESET, Turla, Crutch
14
02/12/20
Early July 2020
-
Shadow Academy
20 universities in Australia, Afghanistan, the UK, and the USA
Researchers from RiskIQ reveal the details of Shadow Academy, an operation targeting 20 universities in multiple countries.
Account hijacking
P Education
CC
>1
RiskIQ, Shadow Academy
15
02/12/20
27/11/20
-
Magecart
Multiple Magento-powered online stores
Researchers from Sansec discover a credit card stealing campaign bundled with a backdoor for easy reinstall.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Magecart, Sansec, Magento
16
02/12/20
-
-
?
Single individuals in the UK
Threat actors are exploiting the legitimate SendGrid mailing service to spoof HMRC phishing emails that bypass spam filters.
Account hijacking
X Individual
CC
UK
SendGrid, HMRC
17
02/12/20
-
-
?
Adobe users
Researchers from GreatHorn discover a phishing campaign targeting Adobe users.
Account hijacking
X Individual
CC
>1
GreatHorn, Adobe
18
02/12/20
End of November 2020
-
?
OGUsers
For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — is hacked.
Unknown
S Other service activities
CC
N/A
OGUsers
19
02/12/20
02/12/20
-
?
Austrian Ministry of Health
The Austrian Ministry of Health is taken down while people were waiting to register for the mass COVID-19 tests.
DDoS
Q Human health and social work activities
CC
AT
Austrian Ministry of Health, COVID-19
20
02/12/20
01/12/20
01/12/20
?
City of Braunau
The City of Braunau is taken down by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
AT
City of Braunau, ransomware
21
02/12/20
-
-
?
Proton Therapy Centers
Proton Therapy Centers reports a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Proton Therapy Centers, ransomware
22
02/12/20
-
-
?
Eurolls
Eurolls, an Italian manufacturing firm, is hit with a ransomware attack.
Malware
C Manufacturing
CC
IT
Eurolls, ransomware
23
02/12/20
-
-
?
Radio Azzurra
Radio Azzurra, an Italian Broadcasting station is hit with a ransomware attack.
Malware
J Information and communication
CC
IT
Radio Azzurra, ransomware
24
02/12/20
-
-
Conti
Intersport
The Conti ransomware threat actors dump more than two dozen files as alleged proof of access and exfiltration from the international sporting goods retailer Intersport.
Malware
G Wholesale and retail trade
CC
CH
Conti, ransomware, Intersport
25
02/12/20
01/11/20
-
?
Estonian Ministry of Economy
The Estonian Information System Authority (RIA) reveals that the Estonian Ministry of Economy suffered a data breach in November.
Unknown
O Public administration and defence, compulsory social security
CC
EE
Estonian Ministry of Economy, Estonian Information System Authority, RIA
26
02/12/20
01/11/20
-
?
Estonian Ministry of Foreign Affairs
The Estonian Information System Authority (RIA) reveals that the Estonian Ministry of Foreign Affairs suffered a data breach in November when a database is copied by external actors.
Unknown
O Public administration and defence, compulsory social security
CC
EE
Estonian Ministry of Foreign Affairs, Estonian Information System Authority, RIA
27
02/12/20
01/11/20
-
?
Estonian Ministry of Social Affairs
The Estonian Information System Authority (RIA) reveals that the Estonian Ministry of Social Affairs suffered a data breach in November when the information of 9,158 people is stolen.
Unknown
O Public administration and defence, compulsory social security
CC
EE
Estonian Ministry of Social Affairs, Estonian Information System Authority, RIA
28
03/12/20
01/09/20
-
?
Organizations associated with the COVID-19 vaccine cold chain
Researchers from IBM X-Force warn of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain (Cold Chain Equipment Optimization Platform CCEOP) in a large scale spear-phishing campaign that has started three months ago, in September 2020.
Targeted Attack
M Professional scientific and technical activities
Staffing agency Randstad NV announces that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack.
Malware
N Administrative and support service activities
CC
NL
Randstad NV, Egregor, ransomware
30
03/12/20
-
03/12/20
Egregor
Kmart
US department store Kmart suffers a ransomware attack that impacts back-end services at the company.
Malware
G Wholesale and retail trade
CC
US
Kmart, Egregor, ransomware
31
03/12/20
-
03/12/20
DeathStalker AKA Deceptikons
Multiple targets
Kaspersky researchers discover a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker.
Malware
Y Multiple Industries
CC
>1
Kaspersky, DeathStalker, Deceptikons
32
03/12/20
-
03/12/20
?
Multiple targets
A joint report between AdvIntel and Eclypsium reveal the details of a TrickBot’s new component probing for UEFI vulnerabilities.
Malware
Y Multiple Industries
CC
>1
AdvIntel, Eclypsium, TrickBot, UEFI
33
03/12/20
01/12/20
03/12/20
Iranian threat actors
Water facility in Israel
A group of Iranian hackers post a video showing how they managed to access an industrial control system (ICS) at a water facility in Israel.
Misconfiguration
D Electricity gas steam and air conditioning supply
CW
IL
Iran
34
03/12/20
30/08/20
03/12/20
REvil AKA Sodinokibi
Undisclosed American Video Delivery Solutions Provider
Researchers from Kela reveal that an undisclosed American Video Delivery Solutions Provider was hit with the REvil ransomware exploiting the CVE-2019-11510 vulnerability.
Malware
J Information and communication
CC
US
REvil, Sodinokibi, ransomware, CVE-2019-11510, Kela
35
03/12/20
30/08/20
03/12/20
Maze
Undisclosed Vietnamese IT corporation
Researchers from Kela reveal that an undisclosed Vietnamese IT corporation was hit with the Maze ransomware exploiting the CVE-2019-11510 vulnerability.
Malware
M Professional scientific and technical activities
CC
VN
Maze, ransomware, CVE-2019-11510, Kela
36
03/12/20
30/08/20
03/12/20
LockBit
Undisclosed Japanese Manufacturing Company
Researchers from Kela reveal that an undisclosed Japanese Manufacturing Company was hit with the LockBit ransomware exploiting the CVE-2019-11510 vulnerability.
Malware
C Manufacturing
CC
JP
LockBit, ransomware, CVE-2019-11510, Kela
37
03/12/20
02/12/20
02/12/20
?
Dedalus
Dedalus, a French company providing IT services to healthcare organizations is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
FR
Dedalus, ransomware
38
03/12/20
01/12/20
03/12/20
?
Municipality of Hof van Twente
The Municipality of Hof van Twente is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
NL
Hof van Twente, ransomware
39
04/12/20
01/12/20
04/12/20
Egregor
TransLink
The Egregor ransomware operation breaches the Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.
Malware
H Transportation and storage
CC
CA
Egregor, Ransomware, Vancouver, TransLink
40
04/12/20
01/12/20
04/12/20
?
City of Long Beach
The city of Long Beach is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Long Beach, ransomware
41
04/12/20
-
-
?
OC Transpo
The City of Ottawa investigates a cyber security incident related to its OC Transpo My Alerts system.
Unknown
H Transportation and storage
CC
CA
City of Ottawa, OC Transpo
42
04/12/20
-
14/11/20
Clop
Parkland Corporation
Parkland Corporation is hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
CA
Parkland Corporation, Clop, ransomware
43
04/12/20
01/05/20
-
Egregor
Nutrasource
Nutrasource, a firm that does clinical trials, is among the unconfirmed victims of the Egregor ransomware.
Malware
Q Human health and social work activities
CC
CA
Nutrasource, Egregor, ransomware
44
05/12/20
End of November 2020
-
LockBit
Kopter
Helicopter maker Kopter falls victim to a LockBit ransomware attack after hackers breached its internal network and encrypted the company's files.
Malware
C Manufacturing
CC
CH
Kopter, LockBit, ransomware
45
05/12/20
2015-2017
-
Two individuals
Leonardo
Italian police arrest two people allegedly for using malware to steal 10 GB of confidential data and military secrets from defense company Leonardo S.p.A.
Malware
M Professional scientific and technical activities
CE
IT
Leonardo
46
05/12/20
24/11/20
04/12/20
?
Netgain
Cloud hosting and IT services provider Netgain is forced to take some of their data centers offline after suffering a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Netgain, ransomware
47
05/12/20
-
-
?
Users of the MetaMask cryptocurrency wallet
Users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads.
Account hijacking
V Fintech
CC
>1
MetaMask, Google
48
05/12/20
04/12/20
-
?
SSQ Insurance
The website of SSQ Insurance is paralyzed by a ransomware attack.
Malware
K Financial and insurance activities
CC
CA
SSQ Insurance, ransomware
49
05/12/20
04/12/20
-
?
La Capitale
The website of La Capitale is paralyzed by a ransomware attack.
Malware
K Financial and insurance activities
CC
CA
La Capitale, ransomware
50
05/12/20
-
-
?
PickPoint
Unknown hackers attack the checkpoints of the PickPoint online order delivery service in Russia’s capital Moscow.
Unknown
H Transportation and storage
CC
RU
PickPoint
51
05/12/20
28/09/20
25/10/20
?
USNR LLC
USNR LLC, a manufacturing firm, is hit with a ransomware attack.
Malware
C Manufacturing
CC
US
USNR LLC, ransomware
52
06/12/20
-
-
?
Greater Baltimore Medical Center (GBMC)
The Greater Baltimore Medical Center (GBMC) is hit by a ransomware attack that impacts computer systems and medical procedures.
Malware
Q Human health and social work activities
CC
US
Greater Baltimore Medical Center, GBMC
53
06/12/20
01/11/20
-
?
RMD Kwikform
RMD Kwikform, says it is investigating the security breach, which happened in November.
Unknown
M Professional scientific and technical activities
CC
UK
RMD Kwikform
54
06/12/20
-
-
?
Texarkana Water Utilities
Texarkana Water Utilities is hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Texarkana Water Utilities, ransomware
55
07/12/20
29/11/20
-
DoppelPaymer
Foxconn
Foxconn electronics suffers a DoppelPaymer ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices, asking for $34 million ransom.
Malware
C Manufacturing
CC
MX
Foxconn, DoppelPaymer
56
07/12/20
-
-
Russian state-sponsored threat actors
Multiple targets in the US
The National Security Agency (NSA) warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability (CVE-2020-4006) to steal sensitive information after deploying web shells on vulnerable servers.
Targeted Attack
Y Multiple Industries
CE
US
National Security Agency, NSA, Russia, VMware, CVE-2020-4006
57
07/12/20
-
-
?
City of Independence
The City of Independence, Missouri, suffers a ransomware attack that disrupts the city's services.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Independence, ransomware
58
07/12/20
-
-
?
Multiple targets
The Kubernetes Product Security Committee provides advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.
CVE-2020-8554
Y Multiple Industries
CC
>1
Kubernetes, CVE-2020-8554
59
07/12/20
-
-
?
Vulnerable Wordpress sites
Researchers from NinTechNet reveal that attackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in Easy WP SMTP, a popular WordPress plugin installed on more than 500,000 sites.
WordPress plugin vulnerability
Y Multiple Industries
CC
>1
WordPress, Easy WP SMTP, NinTechNet
60
07/12/20
Mid-November 2020
-
?
Office 365 Users
Researchers from Ironscales discover a global phishing campaign, targeting Office 365 users and spoofing the Microsoft domain.
Account hijacking
Y Multiple Industries
CC
>1
Ironscales, Office 365
61
07/12/20
-
-
?
Undisclosed target
Researchers at Abnormal Security discover a phishing campaign carried out compromising a partner of the targeted organization.
Account hijacking
Z Unknown
CC
N/A
Abnormal Security
62
07/12/20
Between December 2018 and October 2019
-
Gionee (Chinese mobile phone manufacturer)
Mobile users in China
A court in China finds a Gionee’s subsidiary guilty of intentionally installing malware on millions of smartphones. The company knowingly infected nearly 21.75 million devices with a Trojan.
Malware
X Individual
CC
CN
Gionee, Android
63
07/12/20
Four separate campaigns between February and September 2020
-
FakeSecurity
Multiple e-commerce sites
Researchers from Group-IB reveal the details of a JavaScript card skimmer group dubbed "FakeSecurity", using the Raccoon information stealer malware in order to target e-commerce sites and steal payment card details from victims
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Group-IB, FakeSecurity, Raccoon
64
08/12/20
-
-
APT29
SolarWinds
FireEye reveals to have been breached by the Russian group APT29. It turns out that the attackers compromised SolarWinds Orion via a backdoor called Sunburst, uploading a malicious update, and compromised more than 18,000 organizations worldwide including Microsoft, Cisco, and the US Nuclear Weapons Agency.
The gang behind the Conti ransomware leaks more than 10Gb of data belonging to TSYS, a payment processor.
Malware
K Financial and insurance activities
CC
US
Conti, ransomware, TSYS
66
08/12/20
-
-
?
At least three online stores
Researchers from Sansec discover a credit card stealer hidden in CSS code.
Malicious Script Injection
G Wholesale and retail trade
CC
N/A
Sansec, Magecart
67
08/12/20
01/11/20
-
?
Single individuals
Researchers from Bolster reveal that November 2020 saw new websites related to gift card fraud at a rate of more than 220 per day.
Account hijacking
X Individual
CC
US
Bolster
68
08/12/20
-
-
Avaddon
City of Dade City
The City of Dade City is hit with an Avaddon ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Avaddon, ransomware, Dade City
69
08/12/20
-
-
?
Michael Weinig AG
Michael Weinig AG is hit with a ransomware attack.
Malware
C Manufacturing
CC
DE
Michael Weinig AG, ransomware
70
08/12/20
-
30/10/20
?
University of Memphis
The University of Memphis reveals that an individual had hacked into a university email account.
Account hijacking
P Education
CC
US
University of Memphis
71
08/12/20
-
-
?
7 million debit and credit cardholders in India
Sensitive details belonging to 7 million debit and credit cardholders in India are available on a public Google Drive document that has been circulating on the dark web.
Unknown
X Individual
CC
IN
India
72
08/12/20
-
-
?
Several states in the US
Massachusetts and other states reveal to be targeted by international criminal gangs making large numbers of illegitimate jobless claims using stolen financial information from commercial data breaches.
Account hijacking
O Public administration and defence, compulsory social security
CC
US
Massachusetts
73
09/12/20
-
-
?
European Medicines Agency (EMA)
The European Medicines Agency (EMA) responsible for COVID-19 vaccine approval reveals to have suffered a cyberattack of an undisclosed nature. In a joint statement from Pfizer and BioNTech, the companies disclose that some documents related to their COVID-19 submissions were accessed by the threat actors during EMA's cyberattack.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
EU
European Medicines Agency, EMA, COVID-19, Pfizer, BioNTech
74
09/12/20
-
-
Molerats
Targets in Middle East
Researchers from Cybereason reveal the details of a new campaign carried out by the Molerats threat group using two new backdoors called SharpStage and DropBook, exploiting Dropbox, Google Drive, and Facebook.
Targeted Attack
Y Multiple Industries
CE
>1
Cybereason, Molerats, SharpStage, DropBook, Dropbox, Google Drive, Facebook
75
09/12/20
End of November 2020
-
APT28 (AKA Fancy Bear, Sofacy, Strontium, Sednit)
Governments and commercial organizations engaged in foreign affairs
Researchers from Intezer Lab uncover COVID-19 phishing lures used to deliver the Go version of Zebrocy
Researchers from KnowBe4 reveal the details of an additional phishing campaign exploiting the COVID-19 vaccine distribution fears.
Account hijacking
Y Multiple Industries
CC
>1
KnowBe4, COVID-19
77
09/12/20
-
-
Sidewinder
Government targets, mainly located in Nepal and Afghanistan
Researchers from Trend Micro discover a new campaign from the Sidewinder APT targeting government entities in Nepal and Afghanistan.
Targeted Attack
O Public administration and defence, compulsory social security
CE
NP
AF
Trend Micro, Sidewinder, Nepal, Afghanistan
78
09/12/20
Since October 2020
-
?
Multiple targets
Researchers from Palo Alto networks discover a new campaign distributing the njRAT and using Pastebin as a command and control center.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, njRAT, Pastebin, Bladabindi
79
09/12/20
Between 18/09/2020 and 13/10/2020
11/10/20
?
Dental Care Alliance
Dental Care Alliance notifies more than one million patients of a hacking incident that began on September 18, was discovered October 11, and contained on October 13.
Unknown
Q Human health and social work activities
CC
US
Dental Care Alliance
80
10/12/20
-
-
APT32
Undisclosed target
Security researchers from Facebook disrupts the infrastructure used by APT32 in their latest campaign.
Targeted Attack
Y Multiple Industries
CE
VN
Facebook, APT32
81
10/12/20
From June 2020
-
LuckyMouse
Multiple targets including the Office of the President, the Ministry of Justice, the Ministry of Health, various local law enforcement agencies, and many local governments
Researchers from ESET and Avast discover Operation StealthyTrident, an operation compromising Able Software, a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies.
Targeted Attack
O Public administration and defence, compulsory social security
CE
MN
ESET, Avast, Operation StealthyTrident, Able Software, LuckyMouse
82
10/12/20
-
-
Bangladesh-based group
Local activists, journalists and religious minorities
Security researchers from Facebook disrupts the infrastructure used by a local group in Bangladesh in their latest campaign.
Targeted Attack
X Individual
CE
BD
Facebook, Bangladesh
83
10/12/20
-
-
?
Single individuals
Microsoft warns of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day.
Malware
X Individual
CC
>1
Microsoft. Adrozek
84
10/12/20
-
-
Multiple actors
K-12 educational institutions in the US
A joint advisory by the FBI, the CISA, and MS-ISAC warns that K-12 educational institutions in the U.S. are being targeted by ransomware.
Malware
P Education
CC
US
FBI, CISA, MS-ISAC, K-12, ransomware
85
10/12/20
-
-
?
Ledger wallet users
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients.
Account hijacking
V Fintech
CC
>1
Ledger
86
10/12/20
-
-
PLEASE_READ_ME
Multiple vulnerable SQL servers
Researchers from Guardicore reveal that the malicious actors behind the PLEASE_READ_ME ransomware campaign have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers.
Misconfiguration
Y Multiple Industries
CC
>1
Guardicore, PLEASE_READ_ME, ransomware, MySQL
87
10/12/20
-
-
?
Vulnerable PostgreSQL databases
Researchers from Palo Alto Networks discover PGMiner, a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner.
CVE-2019-9193 Vulnerability
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, PGMiner, PostgreSQL
88
10/12/20
13/09/20
-
?
Brooklyn Defender Services
Brooklyn Defender Services discovers that an unauthorized person gained access to some of employees’ email accounts on September 13, 2020.
Account hijacking
S Other service activities
CC
US
Brooklyn Defender Services
89
10/12/20
-
-
Ragnar Locker
Dassault Falcon Jet
Dassault Falcon Jet, a US subsidiary of the French aviation firm Dassault Aviation, is hit by the Ragnar Locker ransomware.
The town of Ludlow is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Town of Ludlow, ransomware
91
10/12/20
-
-
?
Fax Express
A hacked database belonging to Fax Express is exposed, revealing approximately 560,000 compromised usernames and dehashed passwords.
Unknown
G Wholesale and retail trade
CC
US
Fax Express
92
10/12/20
-
-
?
Air France-KLM
Unknown hackers try to break into Air France-KLM.
Unknown
H Transportation and storage
CC
FR
Air France-KLM
93
10/12/20
02/11/20
-
?
Employment Specialists of Maine
Employment Specialists of Maine notifies 2,000 patients of a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Employment Specialists of Maine, ransomware
94
10/12/20
04/12/20
-
ALTDOS
Country Group Securities (CGSEC)
Country Group Securities is hacked and has some data dumped.
Unknown
K Financial and insurance activities
CC
TH
Country Group Securities, CGSEC, ALTDOS
95
10/12/20
From November 2020
-
?
Office 365 Users
Researchers from Abnormal Security reveal the details of a phishing campaign designed to harvest Office 365 credentials using a Microsoft Outlook migration message.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Office 365,Microsoft Outlook
96
10/12/20
Mid-October 2020
Mid-October 2020
?
Panasonic India
Unknown hackers disclose 4GB of data belonging to Panasonic India.
Unknown
C Manufacturing
CC
IN
Panasonic India
97
10/12/20
01/10/20
-
?
Single individuals
Researchers from Armorblox reveal the details of a phishing campaign claiming that the recipient has been shortlisted for COVID compensation from IMF.
Account hijacking
X Individual
CC
>1
Armorblox, COVID-19, IMF
98
11/12/20
End of November 2020
-
Pay2Key
Amital Software
Amital Software is hit by the Pay2Key ransomware.
Malware
M Professional scientific and technical activities
CW
IL
Amital Software, Pay2Key, ransomware
99
11/12/20
12/12/20
12/12/20
?
Subway UK
Subway UK marketing system is hacked to send out TrickBot malware-laden phishing emails sent to customers.
Account hijacking
I Accommodation and food service activities
CC
UK
Subway, TrickBot
100
11/12/20
Between 18/09/2020 and 13/10/2020
11/10/20
?
Konikoff Dental Associates Harbour View
Konikoff Dental Associates Harbour View warns patients of a possible data breach related to suspicious activity in its environment.
Unknown
Q Human health and social work activities
CC
US
Konikoff Dental Associates Harbour View
101
11/12/20
30/09/20
30/09/20
?
Jersey City
The Jersey City reveals to have been hit by a ransomware attack back in October.
Malware
O Public administration and defence, compulsory social security
CC
US
Jersey City, ransomware
102
11/12/20
-
-
?
AMG Energia
AMG Energia is hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
IT
AMG Energia, ransomware
103
11/12/20
08/12/20
-
?
City of Marieville
The City of Marieville is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
City of Marieville, Ransomware
104
11/12/20
-
-
?
Socorro Independent School District
The Socorro Independent School District is taken down by a ransomware attack.
Malware
P Education
CC
US
Socorro Independent School District, ransomware
105
11/12/20
01/09/20
-
?
Designer Brands Inc.
Designer Brands Inc. reports in its earnings call that a vendor was hit with a ransomware attack in September and had to voluntarily shut down its systems.
Malware
G Wholesale and retail trade
CC
US
Designer Brands Inc., ransomware
106
11/12/20
08/10/20
-
?
City of Meadville
The City of Meadville reveals to have been hit with a ransomware attack on October 8th.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Meadville, ransomware
107
11/12/20
-
-
?
New York State motorists
The New York State Department of Motor Vehicles alerts consumers after several New Yorkers reported receiving phishing texts asking for personal information.
Account hijacking
X Individual
CC
US
New York State Department of Motor Vehicles
108
13/12/20
-
-
Pay2Key
Habana Labs
Intel-owned AI processor developer Habana Labs suffers a Pay2Key ransomware attacks and has the data leaked.
Malware
C Manufacturing
CW
IL
Intel, Habana Labs, Pay2Key, ransomware
109
14/12/20
-
-
Clop
Symrise
Symrise, a German manufacturer of flavors and fragrances used in products, has reportedly been the victim of a ransomware attack.
Malware
C Manufacturing
CC
DE
Symrise, Clop, ransomware
110
14/12/20
-
-
?
1.9 million members of the Chinese Communist Party
Researchers from Cyble discover the details of 1.9 million members of the Chinese Communist Party leaked on a hacking forum.
Unknown
X Individual
CC
CN
Cyble, Chinese Communist Party
111
14/12/20
-
-
AridViper (AKA Desert Falcon and APT-C-23),
Targets in Middle East
Researchers from Palo Alto Networks discover PyMICROPSIA, a new Windows info-stealing malware linked to AridViper.
Targeted Attack
Y Multiple Industries
CE
>1
Palo Alto Networks, Unit 42, PyMICROPSIA, AridViper, Desert Falcon, APT-C-23
112
14/12/20
13/12/20
-
?
Hurtigruten
Norwegian cruise company Hurtigruten announces to have been hit by a major ransomware attack.
Malware
R Arts entertainment and recreation
CC
NO
Hurtigruten, ransomware
113
14/12/20
-
-
?
Linux servers and IoT devices
Researchers from Juniper discover a new wave of attacks by the Gitpaste-12 worm, targeting web applications, IP cameras and routers, with an expanded set of exploits for initially compromising devices.
Multiple Vulnerabilities
Y Multiple Industries
CC
>1
Juniper, Gitpaste-12
114
14/12/20
First week of December 2020
-
?
Multiple targets
Researchers from Abnormal Security discover a coordinated phishing campaign using fake fax alerts emails sent from legitimate, compromised accounts, and aiming to steal O365 credentials.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Office 365
115
14/12/20
-
-
?
Huber & Suhner
Huber & Suhner from is hit with a cyber attack that blocks the company’s production facilities worldwide.
Malware
C Manufacturing
CC
CH
Huber & Suhner, ransomware
116
14/12/20
14/12/20
-
Great Neck Yeshiva High School
The website of Great Neck Yeshiva High School is down following an apparent hack in which anti-Semitic propaganda and racial slurs are reportedly published.
Defacement
P Education
CC
US
Great Neck Yeshiva High School
117
14/12/20
-
-
?
Weslaco Independent School District
The Weslaco Independent School District is hit with a ransomware attack.
Malware
P Education
CC
US
Weslaco Independent School District, ransomware
118
15/12/20
-
-
?
Customers of multiple US and EU banks
Researchers from IBM Trusteer reveal that threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, spoofing more than 16,000 devices via emulators.
Account hijacking
K Financial and insurance activities
CC
>1
IBM Trusteer, emulators
119
15/12/20
-
-
Russian Internet Research Agency
Countries mainly in north Africa and some in the Middle East
Facebook removes two networks based in Russia associated to the Russian Internet Research Agency accusing them of carrying out interference campaigns in Africa.
Fake social networks accounts.
O Public administration and defence, compulsory social security
CW
>1
Facebook, Russian Internet Research Agency
120
15/12/20
-
-
Network linked to the French Military
Countries mainly in north Africa and some in the Middle East
Facebook removes one network linked to the French military, accused of carrying out interference campaigns in Africa.
Fake social networks accounts.
O Public administration and defence, compulsory social security
CW
>1
Facebook
121
15/12/20
Past 12 months
-
?
Multiple targets in the healthcare sector
Researchers from CybelAngel discover 2000 servers containing 45 million images of X-rays and other medical scans left online during the course of the past twelve months, freely accessible by anyone and in some cases infected by malware.
Misconfiguration
Q Human health and social work activities
CC
>1
CybelAngel
122
15/12/20
09/12/20
-
Russia?
Lithuania
In a coordinated cyber-attack on Lithuania, cyber-criminals breach multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published articles containing misinformation on the sites, including fake news against Polonia
Defacement
O Public administration and defence, compulsory social security
CW
LI
Lithuania, Russia, Polonia
123
15/12/20
From August 2020
-
?
Internet Service Providers and targets in India
Researchers from Cofense discover a new version of the Agent Tesla infostealer targeting specifically ISPs and individuals in India.
Malware
J Information and communication
CC
>1
Cofense, Agent Tesla, India
124
15/12/20
14/12/20
14/12/20
?
Firelands Middle School
A Zoom meeting in the Firelands Middle School is suspended after a Zoom bombing incident
Zoom bombing
P Education
CC
US
Firelands Middle School, Zoom
125
15/12/20
12/12/20
12/12/20
?
Promutuel Assurance
Promutuel Assurance is hit with a cyber attack that makes the company’s critical IT systems unavailable for use.
