And finally the last timeline for 2020 is published (in the next few days I will publish the statistics for December and the whole 2020). In this second timeline of December (the first one is here) I have collected 97 events. Despite this number shows a clear decrease compared with the first timeline (where I collected 125 events), you need to consider that “Christmas Event” where a single threat actor dumped 368.8 million records from 26 companies, 6 of which were previously unreported. So if on one hand this timeline is characterized by this massive mega-breach (spoiler alert: it’s not the only one), on the other hand, ransomware continues to be the most prevalent threat, characterizing the 33% of the events.
The list of high-profile victims continue to grow and this timeline is no exception. More organizations fall victims of double extortion attacks, and more data dumps emerge in the criminals’ sites. In one particular case (the Pay2Key ransomware operations allegedly carried out by the Iranian actor Fox Kitten) the ransomware is also being used as a cyber weapon for destructive operations against multiple target in Israel.
The cyber espionage front is equally quite active and, easily predictable, state-sponsored groups (similarly to the ransomware gangs) are setting their sights to entities related to the development of the COVID-19 vaccine (this is the case of the Lazarus Group). Equally remarkable is the discovery of a cyber espionage operation against 36 Al Jazeera journalists, allegedly carried out via the technology provided by the infamous NSO Group.
Details and links for each event are in the timeline! Thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
11/12/20
09/12/20
09/12/20
?
Ville de Pantin (City of Pantin)
The city of Pantin is hit by a possible ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Ville de Pantin, City of Pantin, ransomware
2
12/12/20
-
-
NetWalker
Staircase Financial Management
Staircase Financial Management is hit with a NetWalker ransomware attack.
After breaking into Amital Software, the Iranian threat actors behind the Pay2Key ransomware steal their clients' list and launch their attack against them.
Malware
Y Multiple Industries
CW
IL
Amital Software, Irani, Pay2Key, ransomware
4
14/12/20
-
-
Ransomexx
Inchcape Australia
Automotive services provider Inchcape Australia appears to have been hit by the Ransomexx ransomware, with the cyber criminals leaking some data that they stole, on the dark web
Malware
N Administrative and support service activities
CC
AU
Inchcape Australia, Ransomexx, ransomware
5
15/12/20
12/12/20
15/12/20
?
Roanoke College
Roanoke College delays the spring semester by almost a month after a cyberattack (probably ransomware) impacts files and data access.
Malware
P Education
CC
US
Roanoke College, ransomware
6
15/12/20
Early November 2020
-
?
Users in France, Italy, Denmark, and the US.
Researchers from Vade Secure discover a new campaign able to bypass the transport layer via a new tool called Email Appender.
Account hijacking
Y Multiple Industries
CC
>1
Vade Secure, Email Appender
7
16/12/20
-
-
?
Single individuals
Researchers from Avast identify malware hidden in at least 28 third party Google Chrome (15) and Microsoft Edge (13) extensions, downloaded around three million times, associated with some of the world’s most popular platforms.
Malware
X Individual
CC
>1
Avast, Google Chrome, Microsoft Edge
8
16/12/20
-
-
?
Cyberpunk 2077 players
A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare.
Researchers from Lookout reveal the details of Goontact, a new malware strain with spying and surveillance capabilities, available in both Android and iOS versions.
Malware
X Individual
CC
>1
Lookout, Goontact, Android, iOS
10
16/12/20
15/12/20
15/12/20
Hade
Forward Air
Trucking and freight logistics company Forward Air suffers a Hade ransomware attack.
Malware
H Transportation and storage
CC
US
Forward Air, Hade, ransomware
11
16/12/20
-
-
?
41 e-commerce stores
Researchers from Sansec discover a new Magecart campaign, targeting 41 stores, thanks to a mistake in the Remote Access Tool used to compromise the sites.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sansec, Magecart
12
16/12/20
-
-
?
RubyGems users
Researchers from Sonatype discover two new RubyGems packages laden with a cryptocurrency malware (pretty_color and ruby-bitcoin).
Malware
Y Multiple Industries
CC
>1
Sonatype, RubyGems, pretty_color, ruby-bitcoin
13
16/12/20
End of November 2020
End of November 2020
?
G Suite users
Researchers from Abnormal Security discover a new phishing campaign using a fake IRS W-8BEN form as its mechanism, targeting users of Google's G Suite.
Account hijacking
Y Multiple Industries
CC
>1
Abnormal Security, IRS W-8BEN, G Suite
14
16/12/20
Between 17/6/20 and 22/6/20
19/06/20
?
MEDNAX Services
MEDNAX Services reveals it was the victim of a phishing attack.
Account hijacking
N Administrative and support service activities
CC
US
MEDNAX Services
15
16/12/20
-
-
?
Taylor Made Diagnostics
Taylor Made Diagnostics has some data published by ransomware operators.
Malware
Q Human health and social work activities
CC
US
Taylor Made Diagnostics, ransomware
16
17/12/20
From March 2020
17/12/20
?
Multiple targets
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers from Palo Alto and Microsoft discover SUPERNOVA, another backdoor that is likely from a second threat actor.
Targeted Attack
Y Multiple Industries
CE
>1
SolarWinds Orion, Palo Alto, Microsoft, SUPERNOVA
17
17/12/20
Starting from end of August 2020
Early December 2020
?
Vietnamese private companies and government agencies
Researchers from ESET discover "Operation SignSight", a supply chain attack against Vietnamese private companies and government agencies, carried out by inserting malware inside two applications of an official government software toolkit (Vietnam Government Certification Authority - VGCA)
Targeted Attack
Y Multiple Industries
CE
VN
ESET, Operation SignSight, Vietnam Government Certification Authority, VGCA
18
17/12/20
16/12/20
16/12/20
?
People’s Energy Company
People’s Energy Company reveals that it was the victim of a cyberattack in which an unauthorized party accessed one of the systems used to store member data.
Unknown
D Electricity gas steam and air conditioning supply
CC
UK
People’s Energy Company
19
17/12/20
Starting from Early 2020
Mid-December 2020
?
US and Canadian bank customers
Researchers from Trend micro discover a new infostealer written in AutoHotkey (AHK), targeting the US and Canadian bank customers as part of an ongoing campaign that has begun in early 2020.
Malware
K Financial and insurance activities
CC
US
CA
Trend Micro, AutoHotkey, AHK
20
17/12/20
Starting from October 2020
-
?
Multiple targets
Researchers from Menlo Labs uncover an increase in a drive-by attack that impersonates legitimate browser, Flash, and Microsoft Teams updates, using the “SocGholish” framework.
Malware
Y Multiple Industries
CC
>1
Menlo Labs, drive-by, Flash, Microsoft Teams, SocGholish
21
17/12/20
?
?
?
Ville d'Évreux (City of Évreux)
The City if Évreux and its municipality is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Ville d'Évreux. City of Évreux, ransomware
22
17/12/20
?
?
?
Fareva
Fareva, a pharmaceutical manufacturer involved in the COVID-19 vaccine production, is hit with a cyber attack.
Unknown
M Professional scientific and technical activities
CC
FR
Fareva
23
18/12/20
-
-
?
Single individuals
The US Department of Justice seizes two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines.
Account hijacking
X Individual
CC
US
US Department of Justice, COVID-19
24
18/12/20
01/09/20
-
?
Kraeber & Co
Researchers from Cyble discover a targeted phishing campaign against Kraeber & Co, a company involved in the COVID-19 vaccine development.
Targeted Attack
Q Human health and social work activities
CE
DE
Cyble. Kraeber & Co, COVID-19 vaccine
25
20/12/20
July 2020 and August 2020
-
?
36 Al Jazeera journalists, producers, anchors, and executives, and a journalist at Al Araby TV
Researchers from The Citizen Lab reveal the details of a campaign targeting at least 36 Al Jazeera journalists, producers, anchors, and executives, and a journalist at Al Araby TV. According to the researchers the campaign, part of an exploit chain named Kismet created and sold by NSO Group, was carried out using a zero-day for the iOS messaging app.
Targeted Attack
J Information and communication
CE
QA
The Citizen Lab, Al Jazeera, Al Araby TV, Kismet, NSO Group, iOS
26
20/12/20
-
-
Pay2Key
Israel Aerospace Industries
The ransomware group Pay2Key, linked to Iran, claims to have successfully hacked the largest Israeli airpower defense corporation: Israel Aerospace Industries.
Malware
C Manufacturing
CW
IL
Ransomware, Pay2Key, Iran, Israel Aerospace Industries.
27
20/12/20
18/12/20
18/12/20
?
City of Paderborn's Lernstatt
The City of Paderborn's Lernstatt is hit with a DDoS attack that blocks 17,000 student and 2000 teacher accounts.
DDoS
P Education
CC
DE
City of Paderborn, Lernstatt
28
20/12/20
-
06/04/20
?
Premier Kids Care
Premier Kids Care reveals it was hit by a cyberattack back in April, where an unauthorized actor had gained access to its systems.
Account hijacking
Q Human health and social work activities
CC
US
Premier Kids Care
29
21/12/20
21/12/20
21/12/20
?
EXMO
British cryptocurrency exchange EXMO discloses that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets.
Unknown
V Fintech
CC
UK
EXMO
30
21/12/20
-
-
?
City of Ellensburg
The City of Ellensburg is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Ellensburg, ransomware
31
21/12/20
-
-
?
Viandes Dubreton
Viandes Dubreton is hit by a probable ransomware attack.
Malware
I Accommodation and food service activities
CC
CA
Viandes Dubreton, ransomware
32
21/12/20
21/12/20
21/12/20
?
Hôpital d'Albertville
The Albertville Hospital (Hôpital d'Albertville) is hit with a ransomware attack.
The Jefferson County Property Valuation Administrator‘s office reveals it was hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Jefferson County Property Valuation Administrator, ransomware
34
21/12/20
Early December 2020
-
?
Office 365 Users
Researchers from Abnormal Security discover a new campaign impersonating the New York Department of Labor as a COVID-19 lure, claiming to administer relief funds in order to steal sensitive personal information.
Account hijacking
Y Multiple Industries
CC
US
\Abnormal Security, New York Department of Labor, COVID-19
35
22/12/20
-
-
?
Funke Media Group
Funke Media Group, one of the biggest media organizations in German-speaking territories is the victim of a ransomware attack.
Malware
J Information and communication
CC
DE
Funke Media Group, ransomware
36
22/12/20
01/12/20
01/12/20
Emotet
Multiple targets
Researchers from Cofense reveal a new spike of attacks using the Emotet botnet after a break lasted almost two months.
Malware
Y Multiple Industries
CC
>1
Cofense, Emotet
37
22/12/20
22/12/20
22/12/20
?
European Court of Human Rights
The European Court of Human Rights falls victim to a cyber-attack after publishing a ruling regarding the fate of Selahattin Demirtaş, an incarcerated Turkish political leader.
DDoS
U Activities of extraterritorial organizations and bodies
H
EU
European Court of Human Rights, Selahattin Demirtaş, Turkey
38
23/12/20
21/12/20
21/12/20
?
NetGalley
The NetGalley book promotion site suffers a data breach that allow threat actors to access a database with members' personal information.
Unknown
R Arts entertainment and recreation
CC
US
NetGalley
39
23/12/20
23/12/20
23/12/20
?
Chase users
A large scale phishing scam pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked.
Account hijacking
K Financial and insurance activities
CC
US
Chase
40
23/12/20
01/09/20
-
Lazarus Group
Undisclosed pharmaceutical company
Researchers from Kaspersky reveal details on a COVID-19-themed campaign, carried out by the North Korean actor Lazarus Group, and targeting a pharmaceutical company.
Targeted Attack
M Professional scientific and technical activities
CE
N/A
Kaspersky, COVID-19, Lazarus Group
41
23/12/20
01/10/20
-
Lazarus Group
Undisclosed government health ministry
Researchers from Kaspersky reveal details on a COVID-19-themed campaign, carried out by the North Korean actor Lazarus Group, and targeting a health ministry.
Targeted Attack
O Public administration and defence, compulsory social security
CE
N/A
Kaspersky, COVID-19, Lazarus Group
42
23/12/20
-
-
?
Multiple targets in the US
Researchers from Abnormal Security discover a credential phishing attack impersonating the U.S. Postal Service aiming to get victims to give up their credit card credentials.
Account hijacking
Y Multiple Industries
CC
US
Abnormal Security, U.S. Postal Service, USPS
43
23/12/20
-
-
?
TaskRabbit
TaskRabbit resets an unknown number of customer passwords after confirming it detected “suspicious activity” on its network.
Credential Stuffing
N Administrative and support service activities
CC
US
TaskRabbit
44
23/12/20
Mid-December 2020
-
Iranian threat actors
United States
The FBI and CISA reveal to have discovered Iranian cyber actors responsible for the creation of a website called Enemies of the People, which contained death threats aimed at U.S. election officials in mid-December 2020.
Fake Websites/Social Network accounts
O Public administration and defence, compulsory social security
CW
US
FBI, CISA, Enemies of the People
45
23/12/20
Between 13/11/19 and 24/07/20
-
?
Proliance Surgeons
Proliance Surgeons discloses a data security incident affecting its corporate website exposing customers' credit cards.
Malicious Script Injection
Q Human health and social work activities
CC
US
Proliance Surgeons
46
23/12/20
22/12/20
22/12/20
Conti
Leon Medical Center
Leon Medical Center confirms a Conti ransomware attack.
Malware
Q Human health and social work activities
CC
US
Leon Medical Center, Conti, ransomware
47
23/12/20
-
-
?
Innovaphone
Innovaphone, a provider of business IP telephony solutions, is hit by a hacker.
Unknown
M Professional scientific and technical activities
CC
DE
Innovaphone
48
23/12/20
Between 11/12/20 and 14/12/20
-
?
Now:Pensions
About 30,000 customers of Now:Pensions have their sensitive personal details being posted on the internet after an outside contractor is breached.
Unknown
K Financial and insurance activities
CC
UK
Now:Pensions
49
23/12/20
-
01/11/20
UltraRank
At least a dozen e-commerce sites
Researchers from Group-IB reveal that a cybercriminal gang known as "UltraRank" has launched a new campaign, targeting at least a dozen e-commerce sites to steal payment card data using a JavaScript sniffer, says security firm
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Group-IB, UltraRank
50
24/12/20
-
23/12/20
Conti
Sangoma Technologies Corporation
Sangoma discloses a data breach after 26 GB of data were stolen during a recent Conti ransomware attack and published online.
The ransomware group Pay2Key, which has been linked to Iran, claims to have stolen almost 1TB of data (and as a proof publishes 3 gigabytes) from the Israeli cyber security company Portnox.
Malware
M Professional scientific and technical activities
CW
IL
Pay2Key, Iran, ransomware, Portnox, Fox Kitten
52
24/12/20
-
-
REvil AKA Sodinokibi
The Hospital Group
The REvil ransomware gang hacks The Hospital Group and threatens to release before-and-after pictures of celebrity clients.
Malware
Q Human health and social work activities
CC
UK
REvil, Sodinokibi, ransomware, The Hospital Group
53
24/12/20
21/12/20
21/12/20
?
Citrix Application Delivery Controller (ADC)
Citrix confirms that an ongoing 'DDoS attack pattern is affecting Citrix Application Delivery Controller (ADC) networking appliances.
DDoS
Y Multiple Industries
CC
>1
Citrix Application Delivery Controller, ADC
54
24/12/20
01/12/20
-
?
Single individuals
Researchers from Cybereason discover a new campaign distributing the Dridex malware via fake Amazon Gift Cards.
Malware
X Individual
CC
>1
Cybereason, Dridex, malware, Amazon
55
24/12/20
From August 31 2020
-
Magecart
Multiple e-commerce sites
Researchers from Sansec discover a new multi-platform credit card skimmer able to harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.
Russian cryptocurrency exchange Livecoin posts a message on its official website, claiming it was hacked and lost control of some of its servers, warning customers to stop using its services.
Unknown
V Fintech
CC
RU
Livecoin
57
24/12/20
24/12/20
24/12/20
?
Scottish Environment Protection Agency (Sepa)
The Scottish Environment Protection Agency (Sepa) is hit by a "significant" cyberattack.
Unknown
O Public administration and defence, compulsory social security
CC
UK
Scottish Environment Protection Agency, Sepa
58
24/12/20
21/10/20
23/10/20
?
Agency for Community Treatment Services (ACTS)
The Agency for Community Treatment Services (ACTS) announces today that it suffered a ransomware attack on October 23, 2020.
Malware
Q Human health and social work activities
CC
US
Agency for Community Treatment Services, ACTS, ransomware
Japanese game developer Koei Tecmo discloses a data breach and take their European and American websites offline after stolen data of 65.000 users is posted to a hacker forum..
Account hijacking
R Arts entertainment and recreation
CC
JP
Koei Tecmo
61
25/12/20
-
-
?
Freedom Finance
The broker Freedom Finance admits the leak of the data of 16,000 clients on a dark web forum.
Unknown
K Financial and insurance activities
CC
RU
Freedom Finance
62
27/12/20
-
-
Muddy Water
Targets in Middle East
A new operation by the Muddy Water threat group uses a new macro-based malware that is evasive and spawns payload in multifaceted steps.
Targeted Attack
Y Multiple Industries
CE
>1
Muddy Water
63
27/12/20
From April 2020
-
?
Users in multiple countries including Egypt, the Philippines, Pakistan, and Nepal.
Researchers from ThreatNix discover a new large-scale campaign abusing Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials. The campaign targeted more than 615,000 users in multiple countries including Egypt, the Philippines, Pakistan, and Nepal.
Account hijacking
X Individual
CC
>1
ThreatNix, Facebook, Github
64
27/12/20
-
-
?
NZBGeek
NZBGeek, a popular Usenet site, is hacked with user information including credit card details stolen.
Malicious Script Injection
S Other service activities
CC
N/A
NZBGeek
65
28/12/20
-
26/12/20
Nefilim
Whirlpool
Home appliances giant Whirlpool suffers a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices.
Malware
C Manufacturing
CC
>1
Whirlpool, ransomware, Nefilim, ransomware
66
28/12/20
Fall of 2020
-
?
Parliament of Finland
The Parliament of Finland reveals that email accounts of multiple members were compromised following a cyberattack.
Targeted Attack
O Public administration and defence, compulsory social security
CE
FI
Finland
67
28/12/20
-
-
?
AIDA Cruises
German cruise line AIDA Cruises suffers mysterious "IT restrictions" that lead to the cancellation of New Year's Eve cruises.
Unknown
R Arts entertainment and recreation
CC
DE
AIDA Cruises
68
28/12/20
Between June 11 and July 8 2020
01/06/11
?
Kawasaki Heavy Industries
Kawasaki Heavy Industries announces a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices.
Unknown
C Manufacturing
CE
JP
Kawasaki Heavy Industries
69
28/12/20
-
-
?
Ho. (Ho-mobile.it)
The personal data of over 2.5 million Ho-Mobile’s customers is putt on sale on a dark web hacker forum. The data includes personally identifiable information such as date of births, phone numbers, fiscal codes physical addresses, and email addresses.
Unknown
J Information and communication
CC
IT
Ho-Mobile, Ho.
70
28/12/20
28/12/20
28/12/20
?
Voyager
The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration.
DNS Hijacking
V Fintech
CC
CA
Voyager
71
28/12/20
-
-
?
Financial Institutions in the US
The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) warns financial institutions of ransomware actively targeting COVID-19 vaccine research organizations.
Malware
K Financial and insurance activities
CC
US
The US Treasury Department's Financial Crimes Enforcement Network, FinCEN, COVID-19, vaccine
72
28/12/20
-
-
?
Single individuals
The U.S. Federal Bureau of Investigation (FBI) warns users of smart devices to strengthen the login credentials after a recent spate of swatting attacks where perpetrators have hijacked smart gadgets to watch or live stream the bad joke.
Misconfiguration
X Individual
CC
US
FBI
73
28/12/20
28/12/20
28/12/20
?
Wasabi
Cloud storage provider Wasabi suffers an outage after a domain used for storage endpoints was suspended for hosting malware.
Malware
M Professional scientific and technical activities
CC
US
Wasabi
74
28/12/20
27/12/20
27/12/20
?
SNAI
SNAI, one of the main legal gaming operators in Italy, announces that it has been the subject of a suspected ransomware attack.
Malware
R Arts entertainment and recreation
CC
IT
SNAI, Ransomware
75
28/12/20
-
-
Spiderz
Al-Qard Al-Hassan
A hacker group called Spiderz claims to have successfully hacked into the Hezbollah's Al-Qard Al-Hassan financial organization and leaks details on depositors and borrowers from the lender.
Unknown
K Financial and insurance activities
CW
LB
Spiderz, Hezbollah, Al-Qard Al-Hassan
76
28/12/20
27/10/20
27/10/20
?
Five Points Eye Care
Five Points Eye Care reports a phishing attack occurred in October 2020.
Account hijacking
Q Human health and social work activities
CC
US
Five Points Eye Care
77
28/12/20
-
-
?
Ville et Agglomération de La Rochelle
The Ville et Agglomération de La Rochelle are hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Ville et Agglomération de La Rochelle, ransomware
78
29/12/20
-
-
?
T-Mobile
T-Mobile announces a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records, after a "malicious, unauthorized access".
Unknown
J Information and communication
CC
US
T-Mobile
79
29/12/20
28/12/20
28/12/20
?
Malaysian Armed Forces (MAF)
The Malaysian Armed Forces (MAF) reveals to have been hit by a cyber attack.
Unknown
O Public administration and defence, compulsory social security
N/A
MY
Malaysian Armed Forces, MAF
80
29/12/20
01/05/20
-
?
Methodist Hospital of Southern California
The Methodist Hospital of Southern California joins the list of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Methodist Hospital of Southern California, Blackbaud, ransomware
81
29/12/20
28/12/20
28/12/20
?
Algemeen Medisch Laboratorium (General Medical Laboratory)
Algemeen Medisch Laboratorium, an Antwerp coronavirus testing laboratory, is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
BE
Algemeen Medisch Laboratorium, ransomware, General Medical Laboratory
82
29/12/20
Early December 2020
Early December 2020
?
Windows and Linux servers
Researchers from Intezer discover a Golang-based worm that targets Windows and Linux servers.
Malware
Y Multiple Industries
CC
>1
Intezer, Golang, Windows, Linux
83
29/12/20
26/12/20
26/12/20
?
City of Cornelia
The City of Cornelia is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Cornelia, ransomware
84
29/12/20
-
25/08/20
?
Treasure Valley Community College
Treasure Valley Community College reveals to have suffered a phishing attack.
Account hijacking
P Education
CC
US
Treasure Valley Community College
85
30/12/20
14/10/18
07/09/20
?
ROMWE
ROMWE, a Chinese e-commerce shop reveals to have suffered a data breach. Potentially 7.3 million user records have been compromised.
Unknown
G Wholesale and retail trade
CC
CN
ROMWE
86
30/12/20
30/12/20
30/12/20
?
Lithuania's National Center for Public Health (NVSC)
The internal networks of Lithuania's National Center for Public Health (NVSC) and several municipalities are with Emotet malware following a large campaign targeting the country's state institutions.
Malware
O Public administration and defence, compulsory social security
CC
LT
Lithuania National Center for Public Health, NVSC, Emotet
87
30/12/20
27/09/20
28/09/20
?
GenRx Pharmacy
GenRx Pharmacy, warns 137,000 patients over a potential data breach following a ransomware attack.
Malware
Q Human health and social work activities
CC
US
GenRx Pharmacy, ransomware
88
30/12/20
12/12/20
-
?
Nygard
Nygard, a Canada-based fashion line, is hit with a ransomware attack.
Malware
G Wholesale and retail trade
CC
CA
Nygard, ransomware
89
30/12/20
Early in December 2020
-
?
IndiGo
IndiGo, India’s biggest airline, reveals some segments of its data servers were breached in a hacking incident in December, which may have compromised some data.
Unknown
H Transportation and storage
CC
IN
IndiGo
90
30/12/20
12/10/20
-
?
Ambulance service in Wrocław
The ambulance service in Wrocław reveals to have been hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
PL
Ambulance service, Wrocław, ransomware
91
30/12/20
19/12/20
-
Zeppelin
Brendon Gyermekáruház Kft.
Brendon Gyermekáruház Kft., a retailer of baby clothes, reveals to have been hit with a Zeppelin ransomware attack.
Malware
G Wholesale and retail trade
CC
HU
Brendon Gyermekáruház Kft., Zeppelin, ransomware
92
30/12/20
Between 27/12/20 and 28/12/20
-
?
Agglomeration de Grand Annecy
The Agglomeration de Grand Annecy is hit with a malware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Agglomeration de Grand Annecy
93
31/12/20
August 2020 and September 2020
-
?
Multinational engineering company headquartered in Pune
A multinational engineering company headquartered in Pune is defrauded of 56,000 euros.
Business Email Compromise
M Professional scientific and technical activities
CC
IN
Pune
94
31/12/20
04/12/20
-
?
New York City Department of Education (NYC DoE)
The New York City Department of Education reveals to have been hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
New York City Department of Education, NYC DoE, ransomware
95
31/12/20
21/07/20
25/07/20
?
Apex Laboratory
Apex Laboratory discloses a ransomware attack, occurred on July 2020.
Malware
Q Human health and social work activities
CC
US
Apex Laboratory, ransomware
96
31/12/20
Between 28/07/20 and 15/10/20
16/10/20
?
Mattapan Community Health Center (MCHC)
Mattapan Community Health Center (MCHC) provides notice of a phishing incident involving potential unauthorized access to personal information.
Account hijacking
Q Human health and social work activities
CC
US
Mattapan Community Health Center, MCHC
97
31/12/20
-
-
?
Prestera Center for Mental Health Services
Prestera Center for Mental Health Services provides notice of a phishing attack resulting in the exposure of personal information of current and past patients.
