2020 Cyber Attacks Statistics
Paolo Passeri
0 Comments
2020, Cyber Attacks, Cyber Crime, Cyber Espionage, Cyber Warfare, Hacktivism, Statistics
Views:
311
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
As always, be aware that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.
And please support my work, sharing the content and following me on Twitter and Linkedin for the latest updates.
| ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 02/01/2020 | Chuckling Squad | Adam Sandler's Twitter account | Adam Sandler's Twitter account is hacked and used to post offensive messages against Mariah Carey, President Obama, and President Trump. | Account Hijacking | R Arts entertainment and recreation | CC | US | Adam Sandler, Twitter, Mariah Carey, President Obama, President Trump, Chuckling Squad | |
| 2 | 02/01/2020 | ? | Klamath County Veterans Service Office | Klamath County Veterans Service Office notifies a phishing attack occurred on September 19, 2019 | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Klamath County Veterans Service Office | |
| 3 | 03/01/2020 | ? | Alomere Health | The personal and medical information of 49,351 patients is exposed following a security incident involving two employees' email accounts. | Account Hijacking | Q Human health and social work activities | CC | US | Alomere Health | |
| 4 | 03/01/2020 | ? | Contra Costa County Library System | The Contra Costa County Library System is hit by ransomware | Malware | O Public administration and defence, compulsory social security | CC | US | The Contra Costa County Library System, ransomware | |
| 5 | 03/01/2020 | ? | Native American Rehabilitation Association | Native American Rehabilitation Association announces that it experienced an Emotet attack on November 4-5, 2019. | Malware | Q Human health and social work activities | CC | US | Native American Rehabilitation Association, Emotet | |
| 6 | 04/01/2020 | ? | Austria's foreign ministry | Austria's foreign ministry is targeted by a cyber-attack that is suspected to have been conducted by a foreign country. | Targeted attack | O Public administration and defence, compulsory social security | CE | AT | Austria | |
| 7 | 04/01/2020 | Iran cyber security group hackers | U.S. Federal Depository Library Program | The homepage for the U.S. Federal Depository Library Program is briefly altered to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face. | Defacement | O Public administration and defence, compulsory social security | CW | US | FDLP, U.S. Federal Depository Library Program, Iran, Iran cyber security group hackers | |
| 8 | 04/01/2020 | Shield Iran | Sierra Leone Commercial Bank (slcb.com) | For the same reason, a group of Iranian hackers dubbed "Shield Iran" defaces the Sierra Leone Commercial Bank | Defacement | K Financial and insurance activities | CW | SL | Shield Iran, Sierra Leone Commercial Bank, slcb.com | |
| 9 | 04/01/2020 | ? | Multiple targets | Researchers from Fortinet report that a ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme. | Malware | Y Multiple Industries | CC | >1 | Fortinet, ransomware, DeathRansom | |
| 10 | 04/01/2020 | ? | Saskatchewan’s eHealth | Hackers make through the first level of security for Saskatchewan’s eHealth records system, locking the government out of some systems and asking for a ransom. | Unknown | Q Human health and social work activities | CC | US | Saskatchewan’s eHealth | |
| 11 | 06/01/2020 | Iranian Hacker | Texas Department of Agriculture | The Texas Department of Agriculture is hit with a cyberattack that defaces its website with an image of Gen. Qassem Soleimani, the top Iranian commander who was killed in a U.S. strike the previous week. | Defacement | O Public administration and defence, compulsory social security | CW | US | Texas Department of Agriculture, Qassem Soleimani, Iranian Hacker | |
| 12 | 06/01/2020 | SideWinder APT Group | Military entities | Researchers from Trend Micro discover the first example of a malicious app in the Google Play Market, exploiting the recently patched CVE-2019-2215 zero-day vulnerability. | Targeted attack | O Public administration and defence, compulsory social security | CE | >1 | Trend Micro, Google Play Market, CVE-2019-2215 | |
| 13 | 06/01/2020 | ? | Canyon | Canyon announces it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group". | Unknown | C Manufacturing | CC | DE | Canyon | |
| 14 | 06/01/2020 | ? | Focus Camera | Researchers from Juniper Threat Labs reveal that the website of popular photography and imaging retailer Focus Camera got hacked late in December 2019 by MageCart attackers to inject malicious code that stole customer payment card details. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Focus Camera, Magecart, Juniper Threat Labs | |
| 15 | 06/01/2020 | ? | Single Individuals | Researchers from Fortinet discover a new campaign of the "Predator the Thief" malware. | Malware | X Individual | CC | >1 | Fortinet, Predator the Thief | |
| 16 | 06/01/2020 | ? | Multiple targets | UK Security Researcher Kevin Beaumont warns that the attackers behind REvil ransomware (AKA Sodinokibi) are now targeting unpatched Pulse Secure VPN servers | Vulnerability | Y Multiple Industries | CC | >1 | Kevin Beaumont, Revil, Sodinokibi, Pulse Secure, CVE-2019-11510 | |
| 17 | 06/01/2020 | ? | Pittsburg Unified School District | Students in the Pittsburg Unified School District of Pennsylvania are left without internet access as the result of a ransomware attack. | Malware | P Education | CC | US | Pittsburg Unified School District | |
| 18 | 06/01/2020 | ? | Hamden Schools | Public schools in Hamden are taken down by a malware attack. | Malware | P Education | CC | US | Hamden Schools | |
| 19 | 06/01/2020 | ? | Wallace State Community College | The Wallace State Community College is hit by a cyber attack. | Malware | P Education | CC | US | Wallace State Community College | |
| 20 | 07/01/2020 | ? | City of Las Vegas | The City of Las Vegas is hit by a cyber attack via a malicious email. | Targeted attack | O Public administration and defence, compulsory social security | N/A | US | City of Las Vegas | |
| 21 | 07/01/2020 | ? | Unpatched routers (D-Link, Netgear, and Linksys) | Researchers from BitDefender reveal the details of LiquorBot, a cryptomining botnet attacking unpatched routers since at least May 2019 | Vulnerability | Y Multiple Industries | CC | >1 | BitDefender, LiquorBot, CVE-2015-2051, CVE-2016-1555, CVE-2016-6277, Crypto | |
| 22 | 07/01/2020 | ? | Single Individuals | A new phishing campaign tries to take advantage of the Iran cyber attack scare. | Account Hijacking | X Individual | CC | >1 | Iran | |
| 23 | 07/01/2020 | Master X | Multiple targets | Researchers from AppRiver reveal that a hacker with the handle “Master X” is leveraging a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” to deliver either the Lokibot info stealer or Azorult remote access trojan. | Malware | Y Multiple Industries | CC | >1 | AppRiver, Master X, Drake, Lokibot, Azorult | |
| 24 | 07/01/2020 | ? | Enloe Medical Center | Enloe Medical Center is hit by a ransomware attack that causes the hospital to reschedule some elective procedures. | Malware | Q Human health and social work activities | CC | US | Enloe Medical Center, ransomware | |
| 25 | 07/01/2020 | ? | City of Bend | The City of Bend is the latest victim of the Click2Gov breach. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | City of Bend | |
| 26 | 08/01/2020 | ? | US financial entity | The FBI says that unidentified threat actors have used the CVE-2019-11510 Pulse Secure VPN flaw "to exploit a notable US financial entity’s research network since August 2019. | Vulnerability | K Financial and insurance activities | CC | US | FBI, CVE-2019-11510, Pulse Secure VPN | |
| 27 | 08/01/2020 | ? | US municipal government | The FBI says that also a US municipal government was breached via the CVE-2019-11510 Pulse Secure VPN flaw. | Vulnerability | O Public administration and defence, compulsory social security | CC | US | FBI, CVE-2019-11510, Pulse Secure VPN | |
| 28 | 08/01/2020 | ? | Well-known personalities in Korea | A recent report from South Korean media claims that Samsung Galaxy smartphones of many well-known personalities in Korea were hacked. According to the report, the hacker extorts cash from its victims. If the victim fails to pay the ransom, the hacker threatens to disclose all data. | Account Hijacking | X Individual | CC | KR | Samsung, South Korea | |
| 29 | 08/01/2020 | ? | Multiple targets | Security researchers observe ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781. | Vulnerability | Y Multiple Industries | CC | >1 | Citrix, NetScaler ADC, Citrix Gateway, CVE-2019-19781 | |
| 30 | 08/01/2020 | ? | Multiple targets | A new ransomware called Snake emerges in the threat landscape. | Malware | Y Multiple Industries | CC | >1 | Snake, Ransomware | |
| 31 | 08/01/2020 | Lazarus Group | Cryptocurrency businesses | Researchers from Kaspersky reveal the details of a new wave of attacks linked to Operation AppleJeus, and targeting cryptocurrency business in multiple countries including UK, Poland, Russia and China. | Targeted attack | V Fintech | CC | >1 | Kaspersky, Operation AppleJeus, Lazarus Group | |
| 32 | 08/01/2020 | ? | Firefox users | Mozilla warns Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability is indexed as CVE-2019-17026. | Targeted attack | X Individual | CC | >1 | Mozilla, Firefox | |
| 33 | 09/01/2020 | Iranian state-sponsored hackers | Bapco | Multiple sources reveal that Iranian state-sponsored hackers have deployed Dustman, a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The attack occurred on December 29, 2019. | Malware | D Electricity gas steam and air conditioning supply | CW | BH | Dustman, Bapco, Iran | |
| 34 | 09/01/2020 | ? | Albany International Airport | Albany International Airport's staff announces that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. | Malware | H Transportation and storage | CC | US | Albany International Airport, Ransomware, Sodinokibi | |
| 35 | 09/01/2020 | Magnallium AKA APT33, Refined Kitten, or Elfin | American Electric Utilities | Researchers from Dragos reveal that a state-sponsored group affiliated to Iran called Magnallium has been probing American electric utilities for the past year. | Password-spraying | D Electricity gas steam and air conditioning supply | CW | US | Dragos, Iran, Magnallium, APT33, Refined Kitten, Elfin | |
| 36 | 09/01/2020 | Xenotyme, Dymalloy, Electrum | American Electric Utilities | The same report details the activities of three additional groups targeting the American Electric Utilities. | Targeted attack | D Electricity gas steam and air conditioning supply | CW | US | Xenotyme, Dymalloy, Electrum, Dragos | |
| 37 | 09/01/2020 | ? | Android users | Google reveals to have removed roughly 1,700 applications infected with the Joker Android malware (also known as Bread) since the company started tracking it in early 2017. | Malware | X Individual | CC | >1 | Android, Bread, Joker, Google | |
| 38 | 09/01/2020 | ? | Multiple targets | A new ransomware dubbed Ako emerges in the threat landscape. | Malware | Y Multiple Industries | CC | >1 | Ako, Ransomware | |
| 39 | 09/01/2020 | ? | Multiple targets | Researchers at Sentinel One reveal that the Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. | Malware | Y Multiple Industries | CC | >1 | Sentinel One, TrickBot, PowerTrick | |
| 40 | 09/01/2020 | ? | City of Dunwoody | The City of Dunwoody reveals to have been hit by a cyber attack during the Christmas Eve. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Dunwoody | |
| 41 | 09/01/2020 | ? | btyDental | btyDental notifies patients after suffering a ransomware attack discovered on November 2019. | Malware | Q Human health and social work activities | CC | US | btyDental, ransomware | |
| 42 | 09/01/2020 | ? | Bartlett Public Library District | The Bartlett Public Library District’s computer systems recovers from a ransomware attack occurred on Saturday, November 30. | Malware | O Public administration and defence, compulsory social security | CC | US | Bartlett Public Library District, ransomware | |
| 43 | 09/01/2020 | ? | City of Dawson Creek | The City of Dawson Creek says its computer systems were hacked in an apparent ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | CA | Dawson Creek, Ransomware | |
| 44 | 10/01/2020 | ? | Manor Independent School District | Manor Independent School District announces that email scammers had fleeced the District out of $2.3 million. | Business Email Compromise | P Education | CC | US | Manor Independent School District | |
| 45 | 10/01/2020 | ? | European websites for Perricone MD | Researchers from RapidSpike reveal that multiple european websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Perricone MD, RapidSpike, Magecart | |
| 46 | 10/01/2020 | ? | Multiple targets in the US | The US Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit the CVE-2019-11510 remote code execution (RCE) vulnerability. | Vulnerability | Y Multiple Industries | CC | >1 | US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-11510, RCE | |
| 47 | 10/01/2020 | ? | Website collecting donations for the victims of the Australia bushfires | Researchers from Malwarebytes discover that attackers compromised a website collecting donations for the victims of the Australia bushfires and injected ATMZOW, a malicious script that steals the payment information of the donors. | Malicious Script Injection | Q Human health and social work activities | CC | AU | Magecart, Malwarebytes, ATMZOW | |
| 48 | 10/01/2020 | ? | Single Individuals | A malicious ad campaign is underway in Google Search results that leads users to fake Amazon support sites and tech support scams. | Search Engine Poisoning | X Individual | CC | >1 | Google Search, Amazon | |
| 49 | 10/01/2020 | ? | High-profile Facebook pages | Facebook addresses a security issue that exposed page admin accounts, after the bug was exploited in attacks in the wild against several high-profile pages. | Vulnerability | X Individual | CC | >1 | ||
| 50 | 10/01/2020 | ? | Android users | Researchers from Malwarebytes discover that the UMX U686CL, an Android phone subsidized by the US government for low-income users comes preinstalled with malware (Android/Trojan.HiddenAds.WRACT). | Malware | X Individual | CC | US | Malwarebytes, UMX U686CL, Android, Android/Trojan.HiddenAds.WRACT | |
| 51 | 10/01/2020 | ? | Boing Boing | The popular Boing Boing blog is hacked by an unknown party who plants malicious code into the site’s WordPress theme. Users visiting the site from desktop computers are redirected to a fake download page for an Adobe Flash update. | Account Hijacking | J Information and communication | CC | US | Boing Boing, Adobe Flash | |
| 52 | 10/01/2020 | ? | The Center for Facial Restoration | The Center for Facial Restoration reveals to have been victim of hack back in November 2019, with the attackers threatening to release the patients' data. | Unknown | Q Human health and social work activities | CC | US | The Center for Facial Restoration | |
| 53 | 10/01/2020 | ? | Los Angeles County | Los Angeles County confirms it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data. | Account Hijacking | P Education | CC | US | Los Angeles County | |
| 54 | 11/01/2020 | ? | Android users | Researchers from Kaspersky reveal that an Android malware, dubbed Trojan-Dropper.AndroidOS.Shopper.a, camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. | Malware | X Individual | CC | >1 | Kaspersky, Android, Trojan-Dropper.AndroidOS.Shopper.a, Google Play Protect | |
| 55 | 13/01/2020 | ? | Multiple targets | Researchers from Cofense reveal that after almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns. | Malicious Spam | X Individual | CC | >1 | Cofense, Emotet | |
| 56 | 13/01/2020 | ? | UNIX Systems | The security team at npm takes down a malicious package, discovered by the Microsoft Vulnerability Research team and named 1337qq-js, caught stealing sensitive information from UNIX systems. | Malware | Y Multiple Industries | CC | >1 | npm, Microsoft Vulnerability Research team, 1337qq-js,UNIX | |
| 57 | 13/01/2020 | ? | Android users | An Android banking Trojan dubbed Faketoken has recently been observed by security researchers from Kaspersky while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. | Malware | K Financial and insurance activities | CC | >1 | Android, Faketoken, Kaspersky | |
| 58 | 13/01/2020 | ? | Account receivable specialists | Researchers from Agari discover a new group called Ancient Tortoise targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. | Business Email Compromise | K Financial and insurance activities | CC | >1 | Agari, Ancient Tortoise | |
| 59 | 13/01/2020 | ? | Company in the medical tech sector | Researchers from Guardicore reveal the details of an attack targeting a company in the medical tech sector via a malware hiding its modules in WAV audio files and spreading to vulnerable Windows 7 machines on the network via EternalBlue. | Malware | C Manufacturing | CC | N/A | Guardicore, WAV, EternalBlue, Crypto | |
| 60 | 14/01/2020 | Fancy Bear AKA APT28 | Burisma | Researchers from Area 1 reveal that Russian spies from GRU are suspected of trying to hack into Burisma, the Ukrainian gas company with whom Hunter Biden worked. | Targeted attack | D Electricity gas steam and air conditioning supply | CE | UA | Area 1, Burisma, GRU, Hunter Biden, Russia, APT28, Fancy Bear | |
| 61 | 14/01/2020 | Omnichorus | LimeLeads | 49 million user records extracted from a misconfigured Elasticsearch database by US data broker LimeLeads are put up for sale online. | Misconfiguration | M Professional scientific and technical activities | CC | US | Elasticsearch, LimeLeads, Omnichorus | |
| 62 | 14/01/2020 | ? | Single Individuals | The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new ransomware named 5ss5c. | Malware | X Individual | CC | >1 | Satan, ransomware, 5ss5c | |
| 63 | 14/01/2020 | ? | Single Individuals | Researchers from Bitdefender discover 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads. | Malware | X Individual | CC | >1 | Bitdefender, Google Play | |
| 64 | 14/01/2020 | ? | New Mexico Public Regulation Commission | The New Mexico Public Regulation Commission is "hacked by an outside source" | Unknown | O Public administration and defence, compulsory social security | CC | US | New Mexico Public Regulation Commission | |
| 65 | 15/01/2020 | ? | United Nations | The United Nations is hit by a cyberattack through the malware Emotet. | Malware | U Activities of extraterritorial organizations and bodies | CC | N/A | United Nations,Emotet | |
| 66 | 15/01/2020 | ? | P&N Bank | P&N Bank in Western Australia informs its customers that hackers may have accessed personal information stored on its systems following a cyber attack on December 12, during an upgrade at a third-party hosting company. | Unknown | K Financial and insurance activities | CC | AU | P&N Bank | |
| 67 | 15/01/2020 | ? | PlanetDrugsDirect | Canadian online pharmacy PlanetDrugsDirect emails customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. 400,000 individuals are potentially compromised. | Unknown | Q Human health and social work activities | CC | CA | PlanetDrugsDirect | |
| 68 | 15/01/2020 | ? | Single Individuals | An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more. | Malware | X Individual | CC | >1 | Oski | |
| 69 | 06/01/2020 | ? | Twitter account of former Australian cricket coach Darren Lehmann | The Twitter account of former Australian cricket coach Darren Lehmann is hacked by a Donald Trump supporter. | Account Hijacking | X Individual | H | AU | Twitter, Darren Lehmann, Donald Trump | |
| 70 | 08/01/2020 | ? | Kuwait State News Agency | Kuwait state news agency says its Twitter was hacked to spread misinformation about US withdrawal. | Account Hijacking | J Information and communication | H | KW | Kuwait State News Agency | |
| 71 | 10/01/2020 | ? | PIH Health | PIH Health notifies almost 200,000 patients whose protected health information was in employee email accounts that were compromised. | Account Hijacking | Q Human health and social work activities | CC | US | PIH Health | |
| 72 | 10/01/2020 | ? | Panama-Buena Vista Union School | Panama-Buena Vista Union School District is hit with a ransomware attack. | Malware | P Education | CC | US | Panama-Buena Vista Union School, ransomware | |
| 73 | 10/01/2020 | Anonymous Iran | City of Ozark | Hackers from Anonymous Iran claim to have defaced the website of city of Ozark. | Defacement | O Public administration and defence, compulsory social security | H | US | Anonymous Iran, City of Ozark | |
| 74 | 13/01/2020 | ? | St. Louis Community College | More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing scam. | Account Hijacking | P Education | CC | US | St. Louis Community College | |
| 75 | 15/01/2020 | ? | Town of Colonie | The Albany County town of Colonie is hit by a cyber-attack that takes the town's computer system and email offline. | Unknown | O Public administration and defence, compulsory social security | CC | US | Town of Colonie | |
| 76 | 16/01/2020 | ? | Vulnerable Citrix Systems | Researchers from FireEye discover a malicious actor deploying a previously-unseen payload called NOTROBIN on vulnerable Citrix Systems. The actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts, establishing a backdoor for subsequent campaigns. | Vulnerability | Y Multiple Industries | CC | >1 | FireEye, NOTROBIN, Citrix, CVE-2019-19781 | |
| 77 | 16/01/2020 | TA542 | Pharmaceutical companies in the US, Canada and Mexico | Researchers from Proofpoint discover a new Emotet campaign targeting pharmaceutical companies in the US, Canada and Mexico | Malware | M Professional scientific and technical activities | CC | US CA MX | Proofpoint, Emotet | |
| 78 | 16/01/2020 | ? | Targets in Middle East | Researchers from Cisco Talos discover a new campaign selectively attacking targets in Middle East via a Remote Access Trojan (RAT), dubbed JhoneRAT, and abusing cloud services. | Targeted attack | Y Multiple Industries | CE | >1 | Cisco Talos, RAT, JhoneRAT | |
| 79 | 16/01/2020 | ? | Multiple targets | Researchers from Zscaler discover a new version of the FTCODE ransomware with password-stealing capabilities. | Malware | Y Multiple Industries | CC | >1 | Zscaler, FTCODE, ransomware | |
| 80 | 16/01/2020 | ? | Rudolf and Stephanie Hospital in Benešov | The Rudolf and Stephanie Hospital in Benešov is hit with a Ryuk ransomware attack. | Malware | Q Human health and social work activities | CC | CZ | The Rudolf and Stephanie Hospital, Benešov, Ryuk, Ransomware | |
| 81 | 16/01/2020 | ? | Georgia election server (Center for Election Systems at Kennesaw State University) | Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock. | Vulnerability | O Public administration and defence, compulsory social security | CC | US | Georgia, Shellshock, Center for Election Systems at Kennesaw State University | |
| 82 | 16/01/2020 | ? | US Government and Military | A new research from Cisco Talos discover a new Emotet campaign affecting the United States of America's government and military. | Malware | O Public administration and defence, compulsory social security | CC | US | Talos, Emotet | |
| 83 | 16/01/2020 | ? | City of Detroit | The City of Detroit officials warn data breach exposed city workers and residents after several email accounts were compromised. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | City of Detroit | |
| 84 | 17/01/2020 | ? | Multiple targets | Microsoft publishes a security advisory containing mitigation measures for CVE-2020-0674, an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer. | Targeted attack | Y Multiple Industries | N/A | >1 | Microsoft, CVE-2020-0674 | |
| 85 | 17/01/2020 | Phoenix’s Helmets (Anka Neferler Tim) | Several Greek government websites | Several Greek government websites are taken down by Turkish hackers. Targets include the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry. | DDoS | O Public administration and defence, compulsory social security | H | GR | Phoenix’s Helmets, Anka Neferler Tim | |
| 86 | 17/01/2020 | ? | ADP Users | In proximity of the tax season, cybercriminals launch a phishing campaign targeting some ADP users. | Account Hijacking | X Individual | CC | US | ADP | |
| 87 | 17/01/2020 | ? | Sunset Cardiology | Sunset Cardiology is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Sunset Cardiology, Maze, ransomware | |
| 88 | 18/01/2020 | ? | Temple Har Shalom Synagogue | The Temple Har Shalom Synagogue is hit with a Sodinokibi Ransomware attack. | Malware | U Activities of extraterritorial organizations and bodies | CC | US | Temple Har Shalom Synagogue, Sodinokibi, Ransomware | |
| 89 | 18/01/2020 | Anonymous Greece | Top Channel 24 TV | Anonymous Greece responds to the ongoing attacks of Turkish hackers by attacking the Turkish channel Top Channel 24 TV. | DDoS | J Information and communication | H | TR | Anonymous Greece, Top Channel 24 TV | |
| 90 | 18/01/2020 | ? | New Orleans Ernest N. Morial Convention Center | The New Orleans Ernest N. Morial Convention Center is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | New Orleans, Ernest N. Morial Convention Center, ransomware | |
| 91 | 18/01/2020 | ? | Adventist Health | Adventist Health notifies 2,653 patients after suffering a phishing incident. | Account Hijacking | Q Human health and social work activities | CC | US | Adventist Health | |
| 92 | 19/01/2020 | ? | Single Individuals | A new sextortion scam leverages the insecurity of connected devices to trick the victims. | Malicious Spam | X Individual | CC | >1 | Sextortion | |
| 93 | 19/01/2020 | ? | Multiple targets | A hacker publishes a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. | Misconfiguration | Y Multiple Industries | CC | >1 | Telnet, IoT | |
| 94 | 19/01/2020 | ? | Kamaru Usman Twitter account | UFC champion Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor | Account Hijacking | X Individual | CC | US | UFC, Kamaru Usman, Twitter, Conor McGregor | |
| 95 | 19/01/2020 | ? | Oman United Insurance | Oman United Insurance, one among the largest insurers in the country discloses a “ransomware attack” on the company’s data centre early this month. | Malware | K Financial and insurance activities | CC | OM | Oman United Insurance, ransomware | |
| 96 | 20/01/2020 | Tick (China) | Mitsubishi Electric | Mitsubishi Electric discloses a security breach that might have caused the leak of personal and confidential corporate information. The breach was detected on June 28, 2019. | Targeted attack | C Manufacturing | CE | JP | Mitsubishi Electric, Tick | |
| 97 | 20/01/2020 | ? | Hanna Andersson | US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Hanna Andersson, Magecart | |
| 98 | 21/01/2020 | Saudi Arabia | Jeff Bezos | An investigation reveals that Jeff Bezos' phone exfiltrated a massive amounts of personal information after receiving a WhatsApp-attached video file sent by the future king of Saudi Arabia, Prince Mohammed bin Salman on May 1, 2018. | Targeted attack | X Individual | CE | US | Jeff Bezos, WhatsApp, Prince Mohammed bin Salman | |
| 99 | 21/01/2020 | ? | Volusia County Public Library (VCPL | 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9 | Unknown | O Public administration and defence, compulsory social security | CC | US | Volusia County Public Library, VCPL | |
| 100 | 21/01/2020 | ? | Vulnerable Wordpress sites | Researchers from Sucuri reveal that over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites. The campaign was possible because of two vulnerable plugins ("CP Contact Form with PayPal" and "Simple Fields"). | Vulnerability | Y Multiple Industries | CC | >1 | Sucuri, Wordpress, "CP Contact Form with PayPal", "Simple Fields" | |
| 101 | 21/01/2020 | ? | 100 UPS Store Locations | Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020. | Account Hijacking | G Wholesale and retail trade | CC | US | UPS Store | |
| 102 | 21/01/2020 | Threat Actors from Iran | Multiple targets in the US | The FBI Cyber Division issues a flash security alert related to the recent defacement attacks operated by Iranian threat actors. | Defacement | Y Multiple Industries | CW | US | FBI, Iran | |
| 103 | 21/01/2020 | ? | Single Individuals | Researchers from Malwarebytes reveal the details of a large high-profile malvertising campaign distributing browser lockers. | Malvertising | X Individual | CC | >1 | Malwarebytes | |
| 104 | 21/01/2020 | ? | Citibank customers | Researchers discover q new Citibank phishing scam that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily trick their victims. | Account Hijacking | K Financial and insurance activities | CC | US | Citibank | |
| 105 | 21/01/2020 | ? | Multiple targets | Researchers from Microsoft discover a new version of the sLoad malware downloader, dubbed Starslord. | Malware | Y Multiple Industries | CC | >1 | Microsoft, sLoad, Starslord | |
| 106 | 21/01/2020 | ? | PayPal customers | Researchers from ZeroFOX discover a new version of the 16Shop phishing campaign targeting PayPal customers. | Account Hijacking | G Wholesale and retail trade | CC | >1 | ZeroFOX, 16Shop, PayPal | |
| 107 | 21/01/2020 | ? | Vulnerable internet routers running the Tomato firmware | Researchers from Palo Alto Networks reveal that internet routers running the Tomato alternative firmware are under active attack by the Muhstik botnet, searching for devices using default credentials. | Misconfiguration | Y Multiple Industries | CC | >1 | Palo alto Networks, Muhstik, Tomato | |
| 108 | 21/01/2020 | ? | Multiple targets | Researchers from Cisco Talos discover a new large-scale cryptomining campaign, dubbed Vivin, acting since more than two years. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Vivin, Crypto | |
| 109 | 22/01/2020 | ? | Tillamook County | Tillamook County is hit by a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Tillamook County, ransomware | |
| 110 | 22/01/2020 | ? | Greenville Water | Greenville Water is hit by a cyber attack. | Unknown | E Water supply, sewerage waste management, and remediation activities | CC | US | Greenville Water | |
| 111 | 22/01/2020 | ? | FedEx customers | FedEx warns of a new text message phishing scam that at first glance looks to be about a FedEx package delivery. | Account Hijacking | X Individual | CC | US | FedEx | |
| 112 | 22/01/2020 | ? | Android users | Researchers from Dr.Web discover a new campaign targeting Android users via the Android.Xiny mobile trojan. | Malware | X Individual | CC | >1 | Dr.Web, Android, Android.Xiny | |
| 113 | 23/01/2020 | ? | Gedia Automotive Group | Parts manufacturer Gedia Automotive Group shuts down its network after being hit with a Sodinokibi ransomware attack. | Malware | C Manufacturing | CC | DE | Gedia Automotive Group, ransomware, Sodinokibi | |
| 114 | 23/01/2020 | ? | Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics | The sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics (olympictickets2020[.]com), are the victims of a magecart attack. | Malicious Script Injection | R Arts entertainment and recreation | CC | N/A | Magecart, Euro Cup, Tokyo Summer Olympics, olympictickets2020[.]com | |
| 115 | 23/01/2020 | APT33? | European energy sector organization | Researchers from Recorded Future discover a cyber espionage campaign with suspected ties to Iran, targeting the European energy sector in a reconnaissance campaign via the PupyRAT software. | Targeted attack | D Electricity gas steam and air conditioning supply | CE | EU | APT33, PupyRAT, Recorded Future | |
| 116 | 23/01/2020 | ? | Bitcoin Gold | Bitcoin Gold experiences a 51% attack. A total amount of over $70,000 is double-spent | 51% Attack | V Fintech | CC | N/A | Bitcoin Gold | |
| 117 | 23/01/2020 | ? | Ben Gurion International Airport | As Israel hosted dozens of world leaders last week for the World Holocaust Forum, the country’s cyber defense system fended off hundreds of cyberattacks targeting the country’s international airport and the planes of the world leaders. | >1 | H Transportation and storage | >1 | IL | Ben Gurion International Airport | |
| 118 | 24/01/2020 | ? | City of Potsdam | The City of Potsdam severs the administration servers' Internet connection following a ransomware attack carried out exploiting the CVE-2019-1978 vulnerability. | Malware | O Public administration and defence, compulsory social security | CC | DE | City of Potsdam, ransomware, CVE-2019-1978 | |
| 119 | 24/01/2020 | Konni Group | U.S. government agency | Researchers at Palo Alto Networks' Unit 42 discover a new campaign dubbed "Fractured Statue", carried out via a malware called CARROTBALL, used in targeted attacks, against a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. | Targeted attack | O Public administration and defence, compulsory social security | CE | US | Palo Alto Networks, Unit 42, CARROTBALL, North Korea, Konni Group, Fractured Statue | |
| 120 | 24/01/2020 | ? | Targets in the government, military, and financial sector | A new version of the Ryuk Stealer malware is discovered. This version allows to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. | Malware | Y Multiple Industries | CC | >1 | Ryuk, ransomware | |
| 121 | 24/01/2020 | Turkish hackers | Several Government websites in Greece | A new DDoS attack hits the official state websites of the Greek prime minister, the national police and fire service and other ministries. | DDoS | O Public administration and defence, compulsory social security | H | GR | Turkey, Greece | |
| 122 | 24/01/2020 | ? | Tampa Bay Times | The Tampa Bay Times suffers a Ryuk ransomware attack. | Malware | J Information and communication | CC | US | Tampa Bay Times, Malware | |
| 123 | 26/01/2020 | ? | Bird Construction | Bird Construction acknowledges to have been recently hit with a Maze ransomware attack. | Malware | M Professional scientific and technical activities | CC | CA | Bird Construction, Maze, ransomware | |
| 124 | 26/01/2020 | ? | SuperCasino | The online gambling platform SuperCasino experiences a data breach that exposes sensitive information belonging to its customers. | Unknown | R Arts entertainment and recreation | CC | MT | SuperCasino | |
| 125 | 27/01/2020 | State-sponsored Turkish hackers | At least 30 organizations | Turkish hackers allegedly acting in the interest of the Turkish government are believed to have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups | DNS hijacking | Y Multiple Industries | CE | >1 | Turkey | |
| 126 | 27/01/2020 | OurMine | Twitter accounts of over a dozen popular American football teams, the NFL, the UFC, and ESPN. | The OurMine collective hacks hijacks the Twitter accounts of over a dozen popular American football teams, including the San Francisco 49ers and Kansas City Chiefs, who competed in the Super Bowl Final, the NFL, the UFC, and ESPN. | Account Hijacking | R Arts entertainment and recreation | CC | US | OurMine, Twitter, San Francisco 49ers, Kansas City Chiefs, Super Bowl, NFL, UFC, ESPN | |
| 127 | 27/01/2020 | Aggah | Some Italian companies operating in the Retail sector | Researchers from Yoroi-Cybaze ZLab discover a new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. | Targeted attack | G Wholesale and retail trade | CC | IT | Aggah, Yoroi-Cybaze Zlab | |
| 128 | 27/01/2020 | ? | Royal Yachting Association | The Royal Yachting Association (RYA) forces a password reset for all online users after warning that some that their data may have been compromised by a third party. | Unknown | S Other service activities | CC | US | Royal Yachting Association | |
| 129 | 28/01/2020 | ? | Vulnerable Citrix ADC servers | A new ransomware called Ragnarok is detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit. | Malware | Y Multiple Industries | CC | >1 | Ragnarok, Citrix, CVE-2019-19781, Ransomware | |
| 130 | 28/01/2020 | ? | Red Kite Community Housing | Red Kite Community Housing announces to have fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000. | Domain Spoofing | S Other service activities | CC | UK | Red Kite Community Housing | |
| 131 | 28/01/2020 | ? | Tissue Regenix Group PLC | Tissue Regenix Group PLC says that its computer systems and a third-party IT service provider in the United States were accessed without authorization. | Unknown | C Manufacturing | CC | US | Tissue Regenix Group PLC | |
| 132 | 28/01/2020 | ? | Personal Touch Home Care of Greater Portsmouth. | Personal Touch Home Care of Greater Portsmouth notifies a Maze ransomware attack occurred on December 1, 2019. | Malware | S Other service activities | CC | US | Personal Touch Home Care of Greater Portsmouth, Maze, Ransomware | |
| 133 | 29/01/2020 | ? | United Nations | A leaked report reveals that the European network of the United Nations were compromised during the Summer of 2019 | Targeted attack | U Activities of extraterritorial organizations and bodies | CE | N/A | United Nations | |
| 134 | 29/01/2020 | ? | Electronic Warfare Associates (EWA) | Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, is hit with the Ryuk ransomware. | Malware | C Manufacturing | CC | US | Electronic Warfare Associates, EWA, Ryuk, ransomware | |
| 135 | 29/01/2020 | ? | Users in Japan | A new campaign is discovered distributing the Emotet malware in Japan, and leveraging the scare of Coronavirus. | Malicious Spam | X Individual | CC | JP | Emotet, Coronavirus | |
| 136 | 29/01/2020 | ? | Multiple targets | The attackers behind the Maze ransomware publish a list of 25 victims with small data sets leaked as a proof of the hack. | Malware | Y Multiple Industries | CC | >1 | Maze | |
| 137 | 29/01/2020 | ? | LiveRamp | Facebook reveals that back in October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account -- allowing them to run ads using other people's money. | Account Hijacking | M Professional scientific and technical activities | CC | US | Facebook, LiveRamp | |
| 138 | 30/01/2020 | NEC | NEC confirms to have been hit with a cyberattack since 2018 that resulted in unauthorized access to its internal network and the exposure of 28,000 files. | Targeted attack | C Manufacturing | CE | JP | NEC | ||
| 139 | 30/01/2020 | APT34 AKA Oilrig (Iran government-backed) | US Government workers | Researchers from Intezer Lab reveal the details of a spear-phishing campaign, mimicking Westat surveys, a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, since at least 16 years. | Targeted attack | O Public administration and defence, compulsory social security | CE | US | APT34, Oilrig, Iran, Intezer Lab, Westat | |
| 140 | 30/01/2020 | TA505 | Multiple targets | Researchers from Microsoft and Prevailion reveal a new campaign by TA505, weaponizing Excel documents. | Targeted attack | Y Multiple Industries | CC | >1 | Microsoft, Prevailion, TA 505, Excel | |
| 141 | 30/01/2020 | ? | Undisclosed Canadian Insurance company | A Canadian insurance company paid nearly $1 million USD (about $1.3 million CAD) following a ransomware attack. | Malware | K Financial and insurance activities | CC | CA | Ransomware | |
| 142 | 30/01/2020 | ? | Users in the US | Multiple Coronavirus Phishing Campaigns are discovered, actively targeting US users. | Account Hijacking | X Individual | CC | US | Coronavirus | |
| 143 | 30/01/2020 | ? | Single Individuals | Researchers discover a new phishing campaign distributing malware, pretending to be from the Spamhaus Project. | Malicious Spam | X Individual | CC | >1 | Spamhaus | |
| 144 | 30/01/2020 | ? | Rijksmuseum Twenthe | Hackers posing as a veteran London art dealer trick Rijksmuseum Twenthe, a Dutch museum, buying a John Constable painting into paying 2.4 million pounds ($3.1 million) to a fraudulent bank account. | Business Email Compromise | S Other service activities | CC | NL | Rijksmuseum Twenthe, John Constable | |
| 145 | 30/01/2020 | ? | UK Taxpayers | Cybersecurity company Mimecast discover an uptick in scams using the promise of tax refunds as a way to entice the victims into giving up private information including their name, address, phone number and card details. | Account Hijacking | X Individual | CC | UK | Mimecast, HMRC | |
| 146 | 30/01/2020 | ? | Multiple targets | Researchers from Lastline discover a large-scale spam campaign spreading info-stealing malware (Agent Tesla and LokiBot) and using advanced obfuscation techniques. | Malicious Spam | Y Multiple Industries | CC | >1 | Lastline, Agent Tesla, LokiBot | |
| 147 | 31/01/2020 | ? | Bouygues Construction | French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware. | Malware | M Professional scientific and technical activities | CC | FR | Bouygues Construction, Maze, Ransomware | |
| 148 | 31/01/2020 | ? | Hong Kong Universities | Researchers from ESET discover a new campaign of the Winnti group targeting some Hong Kong universities via the ShadowPad backdoor. | Targeted attack | P Education | CE | HK | ESET, Winnti. Hong Kong, ShadowPad | |
| 149 | 31/01/2020 | ? | TVEyes | TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, is hit with a ransomware attack. | Malware | J Information and communication | CC | US | TVEyes, ransomware | |
| 150 | 31/01/2020 | ? | Single Individuals | A new extortion campaign leverages the Ashley Madison breach | Malicious Spam | X Individual | CC | >1 | Ashley Madison | |
| 151 | 31/01/2020 | ? | City of Racine | The city of Racine is hit with a ransomware attack that knocks most of its non-emergency computer services offline. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Racine, malware | |
| 152 | 28/01/2020 | ? | Laurentian Bank | Police investigate after thieves hack three banking machines in the greater Montreal area, making off with an estimated $55,000. | Unknown | K Financial and insurance activities | CC | CA | Laurentian Bank | |
| 153 | 30/01/2020 | ? | Grundy County Courthouse | The Grundy County Courthouse experiences a "cybersecurity breach". | Unknown | O Public administration and defence, compulsory social security | CC | US | Grundy County Courthouse | |
| 154 | 30/01/2020 | ? | Mountain View Los Altos High School (MVLA) | Mountain View Los Altos High School is hit with a cyber attack. | Unknown | P Education | CC | US | Mountain View Los Altos High School, MVLA | |
| 155 | 31/01/2020 | ? | US Department of Defense (DOD) | A security researcher discovers a cryptocurrency-mining botnet inside a web server operated by the US Department of Defense (DOD). | Vulnerability | O Public administration and defence, compulsory social security | CC | US | US Department of Defense, DOD | |
| 156 | 31/01/2020 | ? | Dundee and Angus College | Dundee and Angus College is apparently hit with a ransomware attack. | Malware | P Education | CC | UK | Dundee and Angus College, Ransomware | |
| 157 | 31/01/2020 | ? | Everton Fan Services Twitter account | The Everton Fan Services Twitter account is allegedly hacked. | Account Hijacking | R Arts entertainment and recreation | CC | UK | Everton Fan Services, Twitter | |
| 158 | 31/01/2020 | ? | Fondren Orthopedic Group | Fondren Orthopedic Group notifies patients after a malware incident occurred on November 21, 2019, destroyed patient records. | Malware | Q Human health and social work activities | CC | US | Fondren Orthopedic Group, ransomware | |
| 159 | 31/01/2020 | ? | Belvidere City Hall | Belvidere City Hall is the victim of a cyber attack. | Unknown | O Public administration and defence, compulsory social security | CC | US | Belvidere City Hall | |
| 160 | 01/02/2020 | ? | More than 2,300 Nortek Security & Control (NSC) Linear eMerge E3 building access systems | Researchers from SonicWall reveal that attackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting CVE-2019-7256. | Vulnerability | Y Multiple Industries | CC | >1 | Nortek Security & Control, NSC, Linear eMerge E3 | |
| 161 | 01/02/2020 | ? | Five U.S. Law Firms | Five U.S. law firms are among the companies and organizations targeted by a new round of ransomware attacks. | Malware | M Professional scientific and technical activities | CC | US | Ransomware | |
| 162 | 01/02/2020 | ? | Confederation College | Confederation College suffers a malware attack. | Malware | P Education | CC | US | Confederation College | |
| 163 | 03/02/2020 | ? | Toll Group | Toll Group announces that to have experienced a "cybersecurity incident", and shuts down a number of IT systems at multiple sites across Australia in a bid to resolve the issue. The attack is allegedly caused by the Kokoklock (or Mailto) ransomware. | Malware | M Professional scientific and technical activities | CC | AU | Toll Group, ransomware, Kokoklock, Mailto | |
| 164 | 03/02/2020 | ? | Multiple targets | Researchers from Dragos reveal the details of EKANS, a new malware strain able to encrypt data and stop applications used in industrial control systems. | Malware | Y Multiple Industries | CC | >1 | Dragos, EKANS | |
| 165 | 03/02/2020 | ? | Government targets in Middle East | Researchers from Palo Alto Networks discover a new wave of campaigns exploiting CVE-2019-0604 against Middle East government targets. | Targeted attack | O Public administration and defence, compulsory social security | CE | >1 | Palo Alto Networks | |
| 166 | 03/02/2020 | ? | Credit Union National Association (CUNA) | Systems of the Credit Union National Association are knocked offline following a “cyber incident.” | Malware | K Financial and insurance activities | CC | US | Credit Union National Association, CUNA, ransomware | |
| 167 | 03/02/2020 | ? | Twitter users | Twitter discloses a security incident during which third-parties exploited the company's official API to match phone numbers with Twitter usernames. | API Exploit | X Individual | CC | >1 | ||
| 168 | 03/02/2020 | ? | Multiple targets | Security researchers discover a new wave of domains injected with Magecart skimmers hosted on opendoorcdn[.]com. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | opendoorcdn[.]com, Magecart | |
| 169 | 03/02/2020 | ? | Business account holders of the larger banks in Brazil | Researchers from IBM X-Force reveal the details of a new campaign of the Camubot malware targeting business account holders of the larger banks in Brazil. | Targeted attack | K Financial and insurance activities | CC | BR | IBM X-Force, Camubot | |
| 170 | 03/02/2020 | ? | Multiple targets | A new malicious spam campaign distributes the AZORult trojan and uses three levels of encryption to avoid detection. | Malicious Spam | Y Multiple Industries | CC | >1 | AZORult | |
| 171 | 04/02/2020 | ? | Undisclosed state-level voter registration and information site | The US Federal Bureau of Investigation (FBI) warns of a potential DDoS attack that targeted a state-level voter registration and information site. | DDoS | O Public administration and defence, compulsory social security | CC | US | FBI | |
| 172 | 04/02/2020 | ? | Single Individuals | The Emotet Trojan gets ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms. | Malicious Spam | X Individual | CC | >1 | Emotet, W-9 | |
| 173 | 04/02/2020 | ? | Customers of financial institutions in multiple countries. | Researchers from Fortinet discover a new Metamorfo variant targeting customers of financial institutions in multiple countries. | Malware | K Financial and insurance activities | CC | >1 | Fortinet, Metamorfo | |
| 174 | 04/02/2020 | ? | Ukrainian ISP | Ukrainian police arrest a 16-year-old from the city of Odessa for attempting to extort a local ISP into sharing data on one of its subscribers. | DDoS | M Professional scientific and technical activities | CC | UA | Ukraine | |
| 175 | 04/02/2020 | ? | North Miami Beach Police Department | The North Miami Beach Police Department determines to have been impacted by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | North Miami Beach Police Department | |
| 176 | 04/02/2020 | ? | Golden Entertainment | Golden Entertainment notifies customers, employees, and vendors of a phishing attack occurred between May and October 2019. | Account Hijacking | R Arts entertainment and recreation | CC | US | Golden Entertainment | |
| 177 | 04/02/2020 | ? | St. Louis Community College | More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing attack discovered on January 13. | Account Hijacking | P Education | CC | US | St. Louis Community College | |
| 178 | 04/02/2020 | ? | Eastern Virginia Medical School | Eastern Virginia Medical School discloses a phishing attack that could have exposed employees’ personal information, including bank accounts and Social Security numbers. | Account Hijacking | Q Human health and social work activities | CC | US | Eastern Virginia Medical School | |
| 179 | 05/02/2020 | ? | Credit card holders from India | Researchers from Group-IB discover a database containing over 460,000 payment card records uploaded to Joker's Stash, one of the most popular darknet cardshops. | Unknown | K Financial and insurance activities | CC | IN | Group-IB, Joker's Stash | |
| 180 | 05/02/2020 | ? | Single Individuals | Researchers from Cybereason discover an active campaign distributing an arsenal of malware that is able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world. The payloads observed in this campaign originated from different accounts in code repository platform Bitbucket, which was abused as part of the attackers delivery infrastructure. | Malware | X Individual | CC | >1 | Cybereason, Bitbucket | |
| 181 | 05/02/2020 | ? | Altsbit | Altsbit announces to have been hit with a devastating hack. Criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000. | Unknown | V Fintech | CC | IT | Altsbit, Crypto | |
| 182 | 05/02/2020 | Charming Kitten | Journalists, political and human rights activists | Researchers from Certfa Lab identify a new series of phishing attacks from Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services, targeting journalists, political and human rights activists. | Account Hijacking | X Individual | CE | >1 | Charming Kitten | |
| 183 | 05/02/2020 | ? | Single Individuals | Another phishing campaign, claiming to be sent from the World Health Organization (WHO), leverages the fear of the Coronavirus. | Account Hijacking | X Individual | CC | >1 | World Health Organization, WHO, Coronavirus | |
| 184 | 05/02/2020 | APT40 | Malaysian government officials | Malaysia's Computer Emergency Response Team (MyCERT) reveal the details of a campaign carried out by APT40, targeting local government officials using malicious documents exploiting CVE-2014-6352 and CVE-2017-0199. | Targeted attack | O Public administration and defence, compulsory social security | CE | MY | Malaysia's Computer Emergency Response Team, MyCERT, APT40, CVE-2014-6352, CVE-2017-0199 | |
| 185 | 05/02/2020 | ? | Financial services organizations in the United States | Researchers from FireEye continue to observe multiple targeted phishing campaigns designed to download and deploy a backdoor tracked as MINEBRIDGE. | Targeted attack | K Financial and insurance activities | CE | US | FireEye, MINEBRIDGE | |
| 186 | 05/02/2020 | Gamaredon | Ukrainian military and security institutions | Researchers from SentinelOne reveal an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. | Targeted attack | O Public administration and defence, compulsory social security | CE | UA | Gamaredon, SentinelOne, SentinelLabs | |
| 187 | 05/02/2020 | ? | Mississippi Center for Legal Services and North Mississippi Rural Legal Services | Mississippi Center for Legal Services and North Mississippi Rural Legal Services warn to have been hit with a Ryuk ransomware attack on Christmas Eve. | Malware | K Financial and insurance activities | CC | US | Mississippi Center for Legal Services, North Mississippi Rural Legal Services, ransomware, Ryuk | |
| 188 | 05/02/2020 | ? | Educational Enrichment Systems | Educational Enrichment Systems discloses a phishing attack occurred between May and July 2019. | Account Hijacking | P Education | CC | US | Educational Enrichment Systems | |
| 189 | 05/02/2020 | ? | All About Potential Family Chiropractic | All About Potential Family Chiropractic is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | All About Potential Family Chiropractic, Ransomware, Maze | |
| 190 | 06/02/2020 | ? | Android users | Researchers from Cofense discover a new phishing campaign targeting Android users, infecting their devices with the Anubis banking Trojan, embedded in more than 250 banking and shopping applications. | Malware | X Individual | CC | >1 | Cofense, Android, Anubis | |
| 191 | 06/02/2020 | ? | Pasco Corporation | Japanese defense contractor Pasco Corporation (Pasco) discloses a security breach that happened in May 2018. | Targeted attack | C Manufacturing | CE | JP | Pasco Corporation | |
| 192 | 06/02/2020 | ? | Kobe Steel (Kobelco) | Japanese defense contractor Kobe Steel (Kobelco) discloses a security breach that happened in June 2015/August 2016. | Targeted attack | C Manufacturing | CE | JP | Kobe Steel, Kobelco | |
| 193 | 06/02/2020 | ? | Two undisclosed victims | Researchers from Sophos investigate two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers and install the RobbinHood ransomware. The signed driver is part of a deprecated software package published by Gigabyte, with a known vulnerability tracked as CVE-2018-19320. | Malware | Z Unknown | CE | N/A | Sophos, RobbinHood, ransomware, Gigabyte, CVE-2018-19320 | |
| 194 | 06/02/2020 | ? | Single Individuals | Researchers from Kaspersky discover more than 20 phishing websites and 925 malicious files presented disguised as early released copy of the Oscar movies. | Malware | X Individual | CC | >1 | Kaspersky, Oscar | |
| 195 | 06/02/2020 | ? | Banks and financial institutions in the US and the UK | Researchers from Menlo Security reveal the details of a new Emotet campaign targeting banks and financial institutions in the US and the UK. | Malware | K Financial and insurance activities | CC | US UK | Menlo Security, Emotet | |
| 196 | 06/02/2020 | Gorgon Group | Multiple targets | Researchers from Prevailion reveal the details of a new campaign carried out by the Gorgon Group through spoofed login portals. | Account Hijacking | Y Multiple Industries | CC | >1 | Gorgon Group, Prevailion | |
| 197 | 06/02/2020 | ? | Idaho Central Credit Union | Idaho Central Credit Union informs some customers of two data breaches that impacted the financial institution | Account Hijacking | K Financial and insurance activities | CC | US | Idaho Central Credit Union | |
| 198 | 06/02/2020 | ? | Single Individuals | Researchers from Dr.Web discover a campaign using the CNET website to spread malware through its software download section, via a download link of a popular video player, VSDC. | Malware | X Individual | CC | >1 | CNET, VSDC, Dr.Web | |
| 199 | 07/02/2020 | ? | Multiple targets | Researchers from Binary Defense discover a new variant of Emotet spreading via Wi-Fi networks. | Malware | Y Multiple Industries | CC | >1 | Binary Defense, Emotet | |
| 200 | 07/02/2020 | OurMine | Facebook's Twitter and Instagram accounts | Hackers from the OurMine collective claim to have taken over Facebook's Twitter and Instagram accounts. | Account Hijacking | M Professional scientific and technical activities | CC | US | OurMine, Facebook, Twitter, Instagram | |
| 201 | 07/02/2020 | ? | Single Individuals | Security researchers from Kaspersky discover a phishing campaign that poses as an email from the United States’ CDC (Centers of Disease Control). | Account Hijacking | X Individual | CC | US | Kaspersky, Coronavirus, CDC, Centers of Disease Control | |
| 202 | 07/02/2020 | ? | Rockdale County | Some Rockdale County services are impacted after multiple county servers were are by a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Rockdale County | |
| 203 | 07/02/2020 | LulzSec ITA | Universities of Basilicata, Napoli and Roma 3 | The Italian hacktivist collective LulzSec ITA claims via Twitter to have hacked three Italian universities: Basilicata, Napoli and Roma 3. | SQL Injection | P Education | H | IT | LulzSec ITA, Basilicata, Napoli, Roma 3 | |
| 204 | 07/02/2020 | ? | Allegheny Intermediate Unit school system | The Allegheny Intermediate Unit school system is hit with a ransomware attack. | Malware | P Education | CC | US | Allegheny Intermediate Unit school system, ransomware | |
| 205 | 07/02/2020 | ? | Shields Health Solutions | Shields Health Solutions notifies its patients after an the email account of an employee is hacked between October 22 and October 24 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Shields Health Solutions | |
| 206 | 08/02/2020 | ? | Redcar and Cleveland Council | Redcar and Cleveland Council is hit with a ransomware cyber-attack. | Malware | O Public administration and defence, compulsory social security | CC | UK | Redcar and Cleveland Council, ransomware | |
| 207 | 08/02/2020 | ? | 50 sites of three of the world’s largest manufacturers of IoT devices in the Middle East, North America, and Latin America | Researchers from TrapX discover a malware campaign targeting 50 sites of three of the world’s largest manufacturers of IoT devices to install a variant of the Lemon_Duck cryptominer. | Malware | C Manufacturing | CC | >1 | TrapX, Lemon_Duck crypto | |
| 208 | 09/02/2020 | ? | Iran Internet infrastructure | Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet. | DDoS | J Information and communication | CW | IR | Iran | |
| 209 | 10/02/2020 | Outlaw | Linux-based enterprise systems | Researchers from Trend Micro reveal a new campaign by the group known as Outlaw. This the time the group infiltrates Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin Monero (XMR). | Malware | Y Multiple Industries | CC | >1 | Outlaw, Trend Micro, Crypto, Monero, XMR | |
| 210 | 10/02/2020 | ? | Havre Public Schools | Havre Public Schools are hit with a ransomware attack. | Malware | P Education | CC | US | Havre Public Schools, ransomware | |
| 211 | 10/02/2020 | ? | Wilson Elser Moskowitz Edelman & Dicker | The law firm Wilson Elser Moskowitz Edelman & Dicker is hit with a ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Wilson Elser Moskowitz Edelman & Dicker, ransomware | |
| 212 | 10/02/2020 | ? | US Supply chain software providers | The FBI has warns the US private sector about an ongoing hacking campaign that's targeting supply chain software providers with the Kwampirs malware. | Malware | Y Multiple Industries | CC | US | FBI, Kwampirs | |
| 213 | 10/02/2020 | ? | Managing Service Providers | A new ransomware called Ragnar Locker emerges, specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped. | Malware | M Professional scientific and technical activities | CC | >1 | Ragnar Locker, Ransomware | |
| 214 | 10/02/2020 | ? | Single Individuals | Researchers from Kaspersky spot a new malware called KBOT, a virus that spreads by injecting malicious code into Windows executable files, the first "living" virus in recent years spotted in the wild. | Malware | X Individual | CC | >1 | KBOT, Kaspersky | |
| 215 | 10/02/2020 | ? | City of Garrison | The City of Garrison is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Garrison, Malware | |
| 216 | 10/02/2020 | ? | Vernon Schools | Vernon Schools shut down the internet after suffering a cyber attack. | Unknown | P Education | CC | US | Vernon Schools | |
| 217 | 10/02/2020 | ? | Industries susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic | Proofpoint researchers uncover new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping, and aim to distribute the AZORult trojan. | Malicious Spam | Y Multiple Industries | CC | >1 | Coronavirus, AZORult | |
| 218 | 11/02/2020 | ? | Nacogdoches Independent School District | A ransomware attack affects some computers at Nacogdoches Independent School District. | Malware | P Education | CC | US | Nacogdoches Independent School District, ransomware | |
| 219 | 11/02/2020 | ? | College of Family Physicians of Canada | Doctors from the College of Family Physicians of Canada are the targets of a phishing campaign. | Account Hijacking | Q Human health and social work activities | CC | CA | College of Family Physicians of Canada | |
| 220 | 11/02/2020 | ? | Baker Wotring | The Baker Wotring law firm has its data exposed by the Maze gang, including fee agreements and diaries from personal injury cases. | Malware | M Professional scientific and technical activities | CC | US | Baker Wotring, Maze, ransomware | |
| 221 | 11/02/2020 | ? | Individuals in the U.S. | The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media. | Account Hijacking | X Individual | CC | US | U.S. Federal Trade Commission, FTC, Coronavirus | |
| 222 | 11/02/2020 | ? | American Express and Chase Customers | A clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate. | Account Hijacking | K Financial and insurance activities | CC | US | American Express, Chase | |
| 223 | 11/02/2020 | ? | The Pediatric Physicians’ Organization at Children’s (PPOC) | The Pediatric Physicians’ Organization at Children’s (PPOC) is hit with a ransomware attack. | Malware | Q Human health and social work activities | CC | US | The Pediatric Physicians’ Organization at Children’s, (PPOC), ransomware | |
| 224 | 11/02/2020 | ? | Carson City | Carson City is the latest victim of the Click2Gov breach. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | Carson City, Click2Gov | |
| 225 | 11/02/2020 | ? | Altice USA Inc. | Altice USA Inc. exposes the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, after a phishing attack in November 2019. | Account Hijacking | J Information and communication | CC | US | Altice USA Inc. | |
| 226 | 12/02/2020 | ? | Puerto Rico’s government | Puerto Rico’s government loses more than $2.6 million after falling for a Business Email Compromise Scam. The incident occurred on January 17. | Business Email Compromise | O Public administration and defence, compulsory social security | CC | PR | Puerto Rico | |
| 227 | 12/02/2020 | ? | IOTA Foundation | IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, shuts down its entire network after hackers exploit a vulnerability in the IOTA wallet app to steal user funds. | Vulnerability | V Fintech | CC | DE | IOTA Foundation, Crypto | |
| 228 | 12/02/2020 | ? | Countries in South America and Central America, as well as the U.S. | Researchers from Cisco Talos discover a new campaign carried out through a new version of Loda, a remote access trojan written in AutoIT | Targeted attack | Y Multiple Industries | CE | >1 | Cisco Talos, Loda | |
| 229 | 12/02/2020 | ? | Single Individuals | Researchers from Emisoft discover a new ransomware strain, dubbed Ransomwared, asking for explicit images are ransom. | Malware | X Individual | CC | >1 | Emisoft, ransomware, Ransomwared, | |
| 230 | 12/02/2020 | ? | Central Kansas Orthopedic Group | Central Kansas Orthopedic Group notifies more than 17,000 patients to have suffered a ransomware attack on January 9, 2019. | Malware | Q Human health and social work activities | CC | US | Central Kansas Orthopedic Group, ransomware | |
| 231 | 12/02/2020 | ? | Palm Beach county's election office | it is reported that Palm Beach election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections. | Malware | O Public administration and defence, compulsory social security | CC | US | Florida, Ransomware | |
| 232 | 13/02/2020 | ? | Rutter's | Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information. | Malware | G Wholesale and retail trade | CC | US | Rutter's | |
| 233 | 13/02/2020 | ? | Nedbank | Nedbank discloses a security incident that impacts the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns. | Vulnerability | K Financial and insurance activities | CC | ZA | Nedbank | |
| 234 | 13/02/2020 | MoleRATs (aka The Gaza Cybergang) | Entities and individuals in the Palestinian territories | Researchers from Cybereason discover two simultaneous campaigns (Spark and Pierogi) targeting entities and individuals in the Palestinian territories. | Targeted attack | X Individual | CE | PS | MoleRATs (aka The Gaza Cybergang) | |
| 235 | 13/02/2020 | ? | Chrome users | Security researchers discover and take down a malicious campaign dating back to 2017, using up to 500 malicious Chrome extensions. | Malicious Browser Extension | X Individual | CC | >1 | Chrome | |
| 236 | 13/02/2020 | ? | Multiple targets | A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. | Malware | Y Multiple Industries | CC | >1 | Parallax | |
| 237 | 13/02/2020 | ? | SIngle Individuals | Researchers from IBM X-Force discover a new Emotet-powered sextortion campaign. | Malicious Spam | X Individual | CC | >1 | IBM X-Force, Emotet, Sextortion | |
| 238 | 13/02/2020 | ? | Relation Insurance | Relation Insurance discloses a phishing attack occurred on August 15, 2019. | Account Hijacking | K Financial and insurance activities | CC | US | Relation Insurance | |
| 239 | 14/02/2020 | Hidden Cobra (AKA Lazarus Group) | Targets in the US | Multiple U.S. government agencies warn of a newly intensifying threat from North Korea. | Targeted attack | Y Multiple Industries | CE | US | Hidden Cobra, Lazarus Group | |
| 240 | 14/02/2020 | ? | Banks in the U.S. and Canada | Researchers from Lookout discover a phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada. | Account Hijacking | K Financial and insurance activities | CC | US CA | Lookout, US, Canada | |
| 241 | 14/02/2020 | ? | 27 companies | A targeted phishing attack using SLK attachments is underway against twenty-seven companies, with some of them being well-known brands, to gain access to their corporate networks. | Account Hijacking | Y Multiple Industries | CE | >1 | Phishing | |
| 242 | 14/02/2020 | ? | Single Individuals | Researchers from Trend Micro discover a new LokiBot campaign attempting to infect users by impersonating the launcher for Epic Games. | Malware | X Individual | CC | >1 | LokiBot, Trend Micro, Epic Games | |
| 243 | 14/02/2020 | ? | PSL Services | PSL Services notifies its clients of a phishing attack occurred on December 17, 2019. | Account Hijacking | M Professional scientific and technical activities | CC | US | PSL Services | |
| 244 | 14/02/2020 | ? | Charleston Lube Partners | Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019. | Malware | I Accommodation and food service activities | CC | US | Charleston Lube Partners | |
| 245 | 15/02/2020 | ? | Port Lavaca | The Port Lavaca City Hall is hit with a Ryuk ransomware attack, | Malware | O Public administration and defence, compulsory social security | CC | US | Port Lavaca, Ryuk, ransomware | |
| 246 | 15/02/2020 | OurMine | FC Barcelona Twitter Account | Hackers from the OurMine collective claim to have hijacked the Twitter account of FC Barcelona. | Account Hijacking | R Arts entertainment and recreation | CC | ES | OurMine, FC Barcelona, Twitter | |
| 247 | 15/02/2020 | OurMine | The International Olympic Committee Twitter Account | The International Olympic Committee Twitter Account Twitter account is also hacked by OurMine | Account Hijacking | U Activities of extraterritorial organizations and bodies | CC | N/A | OurMine, International Olympic Committee, Twitter | |
| 248 | 15/02/2020 | ? | Interactive Medical Systems | Wake County notifies that 1,900 employees are affected by a phishing attack to Interactive Medical Systems, a former benefits administrator. | Account Hijacking | M Professional scientific and technical activities | CC | US | Wake County, Interactive Medical Systems | |
| 249 | 13/02/2020 | ? | Grand Est | The Grand Est region is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | FR | Grand Est, ransomware | |
| 250 | 14/02/2020 | ? | INA Group | A ransomware attack cripples some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain. | Malware | D Electricity gas steam and air conditioning supply | CC | HR | INA Group, ransomware | |
| 251 | 14/02/2020 | ? | BST | A Maze ransomware attack on BST, an accounting firm in December exposes the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm. | Malware | K Financial and insurance activities | CC | US | Maze, BST, Community Care Physicians | |
| 252 | 14/02/2020 | ? | Tennessee Orthopaedic Alliance | Tennessee Orthopaedic Alliance notifies more than 81,000 patients after discovering two employee email accounts had been compromised on October 18, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Tennessee Orthopaedic Alliance | |
| 253 | 15/02/2020 | ? | Neebs Gaming YouTube channel | Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers. | Account Hijacking | R Arts entertainment and recreation | CC | US | Neebs Gaming, YouTube, Coinbase Pro, Bitcoin | |
| 254 | 15/02/2020 | ? | Lodi School District | School officials in Lodi are investigating after student data is breached at two different schools: Bear Creek High and Ronald E. McNair High. | Unknown | P Education | CC | US | Lodi School District | |
| 255 | 16/02/2020 | Fox Kitten | Companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors | Researchers from ClearSky reveal that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs to infiltrate and plant backdoors in companies all over the world. | Vulnerability | Y Multiple Industries | CE | >1 | ClearSky, Fox Kitten, CVE-2019-11510, CVE-2018-13379, CVE-2019-1579, CVE-2019-19781 | |
| 256 | 16/02/2020 | APT-C-23 | Israel Defense Force (IDF) soldiers | An IDF’s spokesperson reveals that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IL | Israel Defense Force, IDF, APT-C-23, ISA, Israel Security Agency | |
| 257 | 16/02/2020 | ? | Vulnerable Wordpress sites | Researchers from WebARX reveal the details of a currently exploited vulnerability targeting the ThemeGrill Demo Importer plugin that allows the attackers to completely wipe a Wordpress site. | Vulnerability | Y Multiple Industries | CC | >1 | WebARX, ThemeGrill Demo Importer, Wordpress | |
| 258 | 16/02/2020 | ? | Butler County Community College | Butler County Community College is hit with a ransomware attack. | Malware | P Education | CC | US | Butler County Community College, ransomware | |
| 259 | 17/02/2020 | ? | ISS World | A ransomware attack hits the major facilities company ISS World, which has half a million employees worldwide. | Malware | N Administrative and support service activities | CC | DK | ISS World | |
| 260 | 17/02/2020 | ? | More than 80 Turkish companies | Check Point researchers discover an evolving, ongoing malspam campaign targeting more than 80 Turkish companies, distributing the Adwind RAT. | Malicious Spam | Y Multiple Industries | CC | TR | Check Point, Adwind RAT | |
| 261 | 17/02/2020 | ? | Multiple targets | IBM X-Force Threat Intelligence researchers discover a phishing campaign distributing the Lokibot information stealer malware via emails designed to look like they're sent by the Ministry of Health of the People's Republic of China and containing emergency Coronavirus regulations in English. | Malware | Y Multiple Industries | CC | >1 | IBM X-Force, Lokibot, Ministry of Health of the People's Republic of China, Coronavirus, COVID-19 | |
| 262 | 17/02/2020 | ? | Single Individuals | The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware. | Malicious Spam | X Individual | CC | >1 | World Health Organization, WHO, Coronavirus, COVID-19 | |
| 263 | 17/02/2020 | ? | Instagram users in Russia | A large-scale phishing campaign is running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business. | Account Hijacking | X Individual | CC | RU | ||
| 264 | 17/02/2020 | ? | Rabun County | The Rabun County is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Rabun County, ransomware | |
| 265 | 17/02/2020 | ? | East House | East House provide notices of a phishing attack occurred on July 25, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | East House | |
| 266 | 17/02/2020 | ? | Monroe County Hospital & Clinics | More than 7,000 patients of Monroe County Hospital & Clinics are notified that their personal information may have been leaked in a phishing attack occurred on December 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Monroe County Hospital & Clinics | |
| 267 | 18/02/2020 | ? | Undisclosed natural gas compression facility | The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility. | Malware | D Electricity gas steam and air conditioning supply | CC | US | Cybersecurity and Infrastructure Security Agency, CISA, ransomware | |
| 268 | 18/02/2020 | ? | Vulnerable Wordpress sites | Researchers from Wordfence reveal that a zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, ThemeREX Addons, WordPress | |
| 269 | 18/02/2020 | ? | ProtonVPN users | Researchers from Kaspersky discover a fake ProtonVPN website used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers. | Malware | X Individual | CC | >1 | Kaspersky, ProtonVPN, AZORult | |
| 270 | 18/02/2020 | ? | Windows users in Italy | Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy. | Malware | X Individual | CC | IT | Dharma, Ransomware | |
| 271 | 18/02/2020 | ? | Government Data Center in Rwanda | A Rwandan data centre that hosts servers related to the country’s government is taken down by hackers. | DDoS | O Public administration and defence, compulsory social security | CC | RW | Rwanda | |
| 272 | 19/02/2020 | ? | MGM Resorts | The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. | Misconfiguration | I Accommodation and food service activities | CC | US | MGM Resorts | |
| 273 | 19/02/2020 | DRBControl | Gambling companies located in Southeast Asia, Europe and the Middle East | Researchers from Trend Micro and Talent-Jump reveal the details of DRBControl, a criminal organization focused on gambling companies. | Targeted Attack | R Arts entertainment and recreation | CC | >1 | Trend Micro, Talent-Jump, DRBControl | |
| 274 | 19/02/2020 | Exaggerated Lion | Thousands of U.S. companies | Researchers uncover a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. | Business Email Compromise | Y Multiple Industries | CC | US | Agari, Exaggerated Lion | |
| 275 | 19/02/2020 | ? | US Taxpayers | Proofpoint researchers detect the first attacks in theme with the tax season carried out via tax-themed emails with malicious attachments, and legitimate tax-focused websites compromised to deliver malware | Malware | X Individual | CC | US | Proofpoint, Tax | |
| 276 | 19/02/2020 | ? | Swiss companies | Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) warns of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies. | Malware | Y Multiple Industries | CC | CH | Switzerland’s Reporting and Analysis Centre for Information Assurance, MELANI, ransomware | |
| 277 | 19/02/2020 | ? | Multiple targets | Researchers from Prevailion reveal the details of "PHPs Labyrinth", a campaign active since 2017, infecting more than 20,000 WordPress sites via malicious plugins. | Malicious Wordpress Plugin | Y Multiple Industries | CC | >1 | Prevailion, PHPs Labyrinth, WordPress | |
| 278 | 19/02/2020 | ? | Multiple targets | Security researcher Marco Ramilli discover a new batch of e-commerce sites compromised by a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Marco Ramilli, Magecart. | |
| 279 | 19/02/2020 | ? | Ministère de l’Éducation et de l’Enseignement Supérieur | The PII of at least 51,400, and possibly as many as 360,000 educators, in Quebec Province are exposed when a malicious actor obtained login credentials to the Ministère de l’Éducation et de l’Enseignement Supérieur network. | Unknown | O Public administration and defence, compulsory social security | CC | CA | Ministère de l’Éducation et de l’Enseignement Supérieur | |
| 280 | 19/02/2020 | ? | US Bank Customers | Researchers from IBM X-Force discover a new Emotet campaign spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan. | Malware | K Financial and insurance activities | CC | US | IBM, X-Force, Emotet, TrickBot | |
| 281 | 19/02/2020 | ? | Maroof International Hospital | Maroof International Hospital is hit with a severe ransomware attack | Malware | Q Human health and social work activities | CC | PK | Maroof International Hospital, ransomware | |
| 282 | 19/02/2020 | ? | City of Wayne | The city of Wayne is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Wayne, ransomware | |
| 283 | 19/02/2020 | ? | United Regional Health Care System | United Regional Health Care System discloses an incident that occurred last July when someone accessed an employee email account. 2,000 individuals are affected. | Account Hijacking | P Education | CC | US | United Regional Health Care System | |
| 284 | 20/02/2020 | ? | Defence Information Systems Agency (DISA) | The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019 | Unknown | O Public administration and defence, compulsory social security | CC | US | Defence Information Systems Agency, DISA | |
| 285 | 20/02/2020 | ? | Targets in Southeast Asia | Researchers from Cisco Talos uncover a new campaign, carried out via a remote access tool dubbed ObliqueRAT, focused on targets in Southeast Asia. | Targeted Attack | Y Multiple Industries | CE | >1 | Cisco Talos, ObliqueRAT | |
| 286 | 20/02/2020 | ? | IIT Madras | IIT Madras is hit with the GlobeImposter ransomware. | Malware | P Education | CC | IN | IIT Madras, GlobeImposter, ransomware | |
| 287 | 20/02/2020 | ? | Nine websites | Security researchers discover a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Magecart | |
| 288 | 20/02/2020 | ? | VibrantCare Rehabilitation | VibrantCare Rehabilitation notifies 1,655 patients after an employee’s email account is accessed. | Account Hijacking | Q Human health and social work activities | CC | US | VibrantCare Rehabilitation | |
| 289 | 20/02/2020 | ? | San Felipe Del Rio CISD | A business email compromise targets the San Felipe Del Rio CISD. | Business Email Compromise | P Education | CC | US | San Felipe Del Rio CISD | |
| 290 | 20/02/2020 | ? | South Adams Schools district | The South Adams Schools district is hit with a ransomware attack. | Malware | P Education | CC | US | South Adams Schools district, ransomware | |
| 291 | 21/02/2020 | ? | Android users | Security researchers from Check Point discover a new mobile threat called Haken, hidden in 8 applications. | Malware | X Individual | CC | >1 | Check Point, Haken, Joker, Android | |
| 292 | 21/02/2020 | Lynx | Slickwraps | Slickwraps suffers a data breach after an individual is able to access their systems and after receiving no response to emails, publicly discloses how the access to the site was gained and the data that was exposed. | Vulnerability | C Manufacturing | CC | US | Lynx, Slickwraps | |
| 293 | 21/02/2020 | ? | Reading Municipal Light Department (RMLD) | The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announces it was hit by a ransomware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | US | Reading Municipal Light Department, RMLD, ransomware | |
| 294 | 21/02/2020 | Pakistan? | Indian diplomats and military personnel in some embassies | Researchers from Cybaze-Yoroi ZLab discover that operation Transparent Tribe, allegedly carried out by Pakistan against Indian targets is back after four years. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN | Cybaze-Yoroi ZLlab, Operation Transparent Tribe, Pakistan, India | |
| 295 | 21/02/2020 | ? | Multiple targets | Researchers from Cofense discover an uptick in phishing attempts using a fake and badly created Office 365 credentials update form. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense, Office 365 | |
| 296 | 21/02/2020 | ? | Endeavor Energy Resources | Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack on January 14. | Account Hijacking | D Electricity gas steam and air conditioning supply | CC | US | Endeavor Energy Resources | |
| 297 | 21/02/2020 | ? | Moses Lake School District | The Moses Lake School District is hit by a ransomware attack. | Malware | P Education | CC | US | Moses Lake School District, ransomware | |
| 298 | 21/02/2020 | ? | Jackson Public Schools | Jackson Public Schools is hit with a ransomware attack. | Malware | P Education | CC | US | Jackson Public Schools, ransomware | |
| 299 | 22/02/2020 | ? | Major cryptovalues investor | An unknown investor claims to have lost reported $45 million worth of cryptovalues In a SIM Swapping attack. | Account Hijacking | V Fintech | CC | N/A | SIM Swapping, Crypto | |
| 300 | 22/02/2020 | ? | Single Individuals | Security research collective MalwareHunterTeam discover a 3-page Coronavirus-themed Microsoft Office document containing malicious macros, pretending to be from the Center for Public Health of the Ministry of Health of Ukraine, and designed to drop a backdoor malware with clipboard stealing, keylogging, and screenshot capabilities. | Malware | X Individual | CC | UA | MalwareHunterTeam, Coronavirus, COVID-19, Center for Public Health of the Ministry of Health of Ukraine | |
| 301 | 23/02/2020 | ? | Mexico’s economy ministry | Mexico’s economy ministry detects a cyber attack on some of its servers. | Unknown | O Public administration and defence, compulsory social security | CC | MX | Mexico’s economy ministry | |
| 302 | 23/02/2020 | ? | Prince Edward Island | Prince Edward Island reveals it was hit with a Maze ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | CA | Prince Edward Island, ransomware, Maze | |
| 303 | 23/02/2020 | ? | Total Quality Logistics (TQL) | Total Quality Logistics confirms it was the victim of a data breach. | Unknown | N Administrative and support service activities | CC | US | Total Quality Logistics, TQL | |
| 304 | 24/02/2020 | ? | German PayPal users | According to multiple reports, a critical PayPal vulnerability is behind thefts over recent days from numerous German PayPal users (fraudulent transactions with U.S. stores). | Vulnerability | K Financial and insurance activities | CC | DE | PayPal | |
| 305 | 24/02/2020 | Magecart 12 | 40 websites | Security Researcher Max Kersten publishes a list of 40 websites targeted by the Magecart 12 group. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Max Kersten, Magecart 12 | |
| 306 | 24/02/2020 | ? | Ordnance Survey | A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. The breach occurred on January this year. | Unknown | O Public administration and defence, compulsory social security | CC | UK | Ordnance Survey | |
| 307 | 24/02/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover Mozart, a malware using DNS to communicate with its command and control and evade detection. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Mozart, DNS | |
| 308 | 24/02/2020 | ? | Portuguese Banking users. | A new campaign carried out via the Lampion malware in disguise of a DPD email, is discovered targeting Portuguese users. | Malware | K Financial and insurance activities | CC | PT | Lampion, DPD | |
| 309 | 24/02/2020 | ? | Pacific Specialty Insurance | Pacific Specialty Insurance notifies plan members of a phishing attack that occurred in March, 2019 | Account Hijacking | K Financial and insurance activities | CC | US | Pacific Specialty Insurance | |
| 310 | 24/02/2020 | ? | Grayson County | Grayson County is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Grayson County | |
| 311 | 24/02/2020 | ? | Transavia | The data of 80,000 Transavia passengers are compromised after a phishing attack. | Account Hijacking | H Transportation and storage | CC | NL | Transavia | |
| 312 | 24/02/2020 | ? | Transmit Security | Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data. | Unknown | M Professional scientific and technical activities | CC | IL | Transmit Security | |
| 313 | 25/02/2020 | ? | Multiple targets | Google releases a Chrome update to address three security bugs, including CVE-2020-6418, a zero-day vulnerability actively exploited in the wild. | Vulnerability | Y Multiple Industries | CC | >1 | Google, Chrome, CVE-2020-6418 | |
| 314 | 25/02/2020 | ? | La Salle County | La Salle County is hit with a PwndLocker ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | La Salle County, ransomware, PwndLocker | |
| 315 | 25/02/2020 | ? | Single Individuals | Researchers from Cybaze/Yoroi ZLab discover a new campaign exploiting the Coronavirus theme to distribute the Remcos RAT. | Malware | X Individual | CC | >1 | Cybaze/Yoroi ZLab, Remcos, Coronavirus, COVID-19 | |
| 316 | 25/02/2020 | ? | Reprint Mint | Researchers from Sanguine Security reveal that attackers successfully implanted multiple skimmers, for 30 months on Reprint Mint photo store. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Sanguine Security, Reprint Mint | |
| 317 | 25/02/2020 | tonyredball solarsalvador1234 | Vulnerable Wordpress sites | Other Cybercriminals are taking advantage of the security flaws reported recently in popular WordPress plugins (ThemeGrill Demo Importer, Profile Builder, and Duplicator). | Vulnerability | Y Multiple Industries | CC | >1 | WordPress, ThemeGrill Demo Importer, Profile Builder, Duplicator, tonyredball, solarsalvador1234 | |
| 318 | 25/02/2020 | ? | NRC Health | NRC Health discloses that it was hit by a ransomware attack that took place on February 11. | Malware | M Professional scientific and technical activities | CC | US | NRC Health, ransomware | |
| 319 | 25/02/2020 | ? | Undisclosed target | Researchers from Sophos reveal the details of Cloud Snooper, a sophisticated malware hiding in the cloud, probably backed by an advanced state sponsored actor. | Unknown | Z Unknown | CE | N/A | Cloud Snooper, Sophos | |
| 320 | 25/02/2020 | Overlake Medical Center & Clinics | Overlake Medical Center & Clinics reveals to have been hit by a phishing attack from Dec. 6 to 9, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Overlake Medical Center & Clinics | ||
| 321 | 25/02/2020 | ? | Advocate Aurora Health | The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign. | Account Hijacking | Q Human health and social work activities | CC | US | Advocate Aurora Health | |
| 322 | 25/02/2020 | ? | Gadsden Independent School District (GISD) | Gadsden Independent School District (GISD) shuts down its internet and communication systems, after a RYUK ransomware attack. | Malware | P Education | CC | US | Gadsden Independent School District, GISD, ransomware | |
| 323 | 25/02/2020 | ? | Hutt Valley High School | Hutt Valley High School reveals that it was hit with a cyber attack. | Unknown | P Education | CC | NZ | Hutt Valley High School | |
| 324 | 26/02/2020 | ? | Clearview AI | Clearview AI discloses to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. | Misconfiguration | M Professional scientific and technical activities | CC | US | Clearview AI | |
| 325 | 26/02/2020 | ? | Bretagne Télécom | Cloud services provider Bretagne Télécom is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781. | Malware | M Professional scientific and technical activities | CC | FR | Bretagne Télécom, DoppelPaymer, Ransomware, CVE-2019-19781 | |
| 326 | 26/02/2020 | ? | Multiple targets | Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution. | Vulnerability | Y Multiple Industries | CC | >1 | Microsoft Exchange, CVE-2020-0688 | |
| 327 | 26/02/2020 | ? | Multiple targets | Researchers from Malwarebytes discover Magecart actors cloaking their credit card skimmers using fake content delivery network domains. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Malwarebytes, Magecart | |
| 328 | 26/02/2020 | ? | Southern Water | British utility Southern Water is the victim of a phishing attack, resulting in a shutdown of some of the company's systems. | Account Hijacking | D Electricity gas steam and air conditioning supply | CC | UK | Southern Water | |
| 329 | 26/02/2020 | Cobalt Ulster (AKA MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten) | Governmental organizations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. | Researchers from Secureworks reveal the details of the latest cyber espionage campaign carried out by the Iranian state-sponsored actor Cobalt Ulster | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Cobalt Ulster, MuddyWater, Seedworm, TEMP.Zagros, Static Kitten, Secureworks, Iran | |
| 330 | 26/02/2020 | ? | Rady’s Children’s Hospital | Rady’s Children’s Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020. | Unknown | Q Human health and social work activities | CC | US | Rady’s Children’s Hospital | |
| 331 | 27/02/2020 | ? | Barbara Corcoran | Barbara Corcoran, a renowned real-estate broker and business expert, admits she lost $380,000 via a BEC scam. | Business Email Compromise | L Real estate activities | CC | US | Barbara Corcoran | |
| 332 | 27/02/2020 | ? | Kenneth Cole Productions | The operators behind the Sodinokibi Ransomware (AKA Revil) publish the download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from Kenneth Cole Productions. | Malware | C Manufacturing | CC | US | Kenneth Cole Productions, Sodinokibi, Revil, ransomware | |
| 333 | 27/02/2020 | ? | Single Individuals | Researchers from Malwarebytes and X-Force discover an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. | Malware | X Individual | CC | >1 | Malwarebytes, IBM X-Force, Nemty, Ransomware | |
| 334 | 27/02/2020 | ? | Multiple targets | Researchers from Palo Alto discover a new phishing campaign installing the NetSupport Manager RAT via a Fake Norton LifeLock document. | Malicious Spam | Y Multiple Industries | CC | >1 | Palo Alto, NetSupport Manager RAT, Norton LifeLock | |
| 335 | 27/02/2020 | ? | BGR.in tradinggame.au.com S3 Production | Hackers share three SQL databases from S3 buckets, one dump belonging to the BGR tech news site in India. | Misconfiguration | Y Multiple Industries | CC | >1 | BGR.in, tradinggame.au.com, S3 Production | |
| 336 | 27/02/2020 | ? | Democratic National Committee | The Democratic National Committee warns its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns. | Account Hijacking | S Other service activities | CE | US | Democratic National Committee, Bernie Sanders | |
| 337 | 27/02/2020 | ? | Jordan Health | Jordan Health is hit with a ransomware attack. | Malware | P Education | CC | US | Jordan Health | |
| 338 | 28/02/2020 | ? | 130,000 Asus routers | An unknown criminal manages to breach as many as 130,000 Asus routers, and sells the access to them for few dollars. | Vulnerability | Y Multiple Industries | CC | >1 | Asus | |
| 339 | 28/02/2020 | ? | Multiple targets | Researchers from Morphisec discover a widespread campaign using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap adopted by TrickBot for delivery. | Malware | Y Multiple Industries | CC | >1 | Morphisec, ActiveX, Word, Windows 10, TrickBot | |
| 340 | 28/02/2020 | ? | Vulnerable Wordpress sites | Researchers from Defiant discover that attackers took over tens of thousands of WordPress sites by exploiting multiple zero-days in the following plugins: Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite. | Vulnerability | Y Multiple Industries | CC | >1 | Wordpress, Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite, Defiant | |
| 341 | 28/02/2020 | ? | Munson Healthcare Group | Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Munson Healthcare Group | |
| 342 | 29/02/2020 | ? | Epiq Global | Legal services giant Epiq Global is hit by a ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Epiq Global, ransomware | |
| 343 | 29/02/2020 | ? | RailWorks Corporation | RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack. | Malware | C Manufacturing | CC | US | RailWorks Corporation, ransomware | |
| 344 | 29/02/2020 | ? | Vulnerable Apache Tomcat servers | Security researchers detect ongoing scans for Apache Tomcat servers unpatched against the Ghostcat (CVE-2020-1938) vulnerability. | Vulnerability | Y Multiple Industries | CC | >1 | Apache Tomcat, Ghostcat, CVE-2020-1938 | |
| 345 | 29/02/2020 | ? | Loqbox | Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers. | Unknown | V Fintech | CC | UK | Loqbox, Crypto | |
| 346 | 15/02/2020 | ? | EMCOR Group | EMCOR Group, a Fortune 500 company specialized in engineering and industrial construction services, discloses a Ryuk ransomware incident that took down some of its IT systems. | Malware | C Manufacturing | CC | US | EMCOR Group, Ryuk, ransomware | |
| 347 | 21/02/2020 | ? | Coinhako | Coinhako is hit by a sophisticated attack. | Unknown | V Fintech | CC | SG | Coinhako, Crypto | |
| 348 | 27/02/2020 | ? | Okex and Bitfinex | Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS) | DDoS | V Fintech | CC | US HK | Okex, Bitfinex, Coinhako | |
| 349 | 27/02/2020 | Kimsuky | South Korean officials | Researchers from IssueMakersLab reveal that a group of North Korean hackers embedded malware inside documents detailing South Korea's response to the COVID-19 epidemic. The embedded malware is BabyShark a backdoor previously utilized by a North Korean hacker group known as Kimsuky. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | IssueMakersLab, COVID-19, Kimsuky, BabyShark | |
| 350 | 29/02/2020 | Digileaker | Digitex | A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users. | Unknown | V Fintech | CC | SC | Digitex, Digileaker | |
| 351 | 01/03/2020 | ? | Visser Precision | Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack. | Malware | C Manufacturing | CC | US | Visser Precision, DoppelPaymer, ransomware | |
| 352 | 01/03/2020 | ? | Community Development Bank | Community Development Bank becomes the latest victim of the Maze ransomware team. | Malware | K Financial and insurance activities | CC | US | Community Development Bank, Maze, Ransomware | |
| 353 | 02/03/2020 | ? | City of Novi Sad | The City of Novi Sad in Serbia is hit by the PwndLocker ransomware. | Malware | O Public administration and defence, compulsory social security | CC | RS | Novi Sad, Serbia, PwndLocker, ransomware | |
| 354 | 02/03/2020 | ? | Spartanburg School District One | Spartanburg School District One is hit with a ransomware attack. | Malware | P Education | CC | US | Spartanburg School District One | |
| 355 | 02/03/2020 | APT34 | Lebanon Government | Researchers from Cybaze-Yoroi ZLab discover a new campaign targeting the Lebanon government via the Karkoff implant. | Targeted Attack | O Public administration and defence, compulsory social security | CE | LB | Cybaze-Yoroi ZLab, Lebanon, Karkoff | |
| 356 | 02/03/2020 | ? | Large number of French critical infrastructure firms | A large number of French critical infrastructure firms appear to have been hacked as part of an extended malware campaign. | Malware | D Electricity gas steam and air conditioning supply | CC | FR | France | |
| 357 | 02/03/2020 | Egypt? India? | Saudi Arabia UAE | Facebook removes hundreds of accounts and pages used in "Operation Red Card", a deceptive campaign that appears to be from Egyptian and Indian marketing firms, to post anti-Saudi and anti-Emirati content. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CW | SA AE | Operation Red Card, Facebook, India, Egypt | |
| 358 | 02/03/2020 | ? | Tesco | Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack. | Credential Stuffing | G Wholesale and retail trade | CC | UK | Tesco | |
| 359 | 02/03/2020 | ? | Android users | Google addresses a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices, and which has an exploit already circulating in the wild. | Vulnerability | X Individual | CC | >1 | Google, Android, Mediatek, CVE-2020-0032 | |
| 360 | 03/03/2020 | CIA? | Chinese companies and government agencies | The Chinese company Qihoo 360 publishes a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years (from 2008 to 1019). | Targeted Attack | O Public administration and defence, compulsory social security | CE | CN | Qihoo 360, CIA | |
| 361 | 03/03/2020 | Molerats (AKA Gaza Hackers Team and Gaza Cybergang) | Eight organizations in six different countries in the government, telecommunications, insurance and retail industries | Researchers from Palo Alto Unit 42 observe multiple instances of phishing attacks likely related to the threat group Molerats targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries | Targeted Attack | Y Multiple Industries | CE | >1 | Molerats, Gaza Hackers Team, Gaza Cybergang, Palo Alto, Unit 42 | |
| 362 | 03/03/2020 | ? | J.Crew | Clothing giant J.Crew says an unknown number of customers had their online accounts accessed “by an unauthorized party" in or around April 2019. | Credential Stuffing | G Wholesale and retail trade | CC | US | J.Crew | |
| 363 | 03/03/2020 | Kimsuky | South Korea | Researchers from Cybaze-Yoroi ZLab discover a new campaign by the North Korea-linked APT group, Kimsuky, targeting South Korea. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | Cybaze-Yoroi ZLab, Kimsuky | |
| 364 | 03/03/2020 | ? | Four Queens Hotel and Casino and Binion’s Casino | Four Queens Hotel and Casino and Binion’s Casino are hit with a ransomware attack. | Malware | R Arts entertainment and recreation | CC | US | Four Queens Hotel and Casino, Binion’s Casino, ransomware | |
| 365 | 04/03/2020 | ? | T-Mobile | US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees." | Account Hijacking | J Information and communication | CC | US | T-Mobile | |
| 366 | 04/03/2020 | ? | Australian Defence | The Australian Signals Directorate (ASD reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details. | Vulnerability | O Public administration and defence, compulsory social security | CE | AU | Australian Signals Directorate, ASD, Citrix, Australian Defence, CVE-2019-19781 | |
| 367 | 04/03/2020 | ? | Boots | Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords. | Password-spraying | G Wholesale and retail trade | CC | UK | Boots | |
| 368 | 04/03/2020 | ? | Single Individuals | Researchers from Fortinet discover a new campaign delivering the Lokibot malware and exploiting the COVID-19 fear. | Malware | X Individual | CC | >1 | Fortinet, Lokibot, COVID-19, Coronavirus | |
| 369 | 04/03/2020 | ? | Single Individuals | Researchers from Cofense discover an additional phishing campaign pushing fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.” | Account Hijacking | X Individual | CC | >1 | Cofense, CDC, Coronavirus, COVID-19, The Centers for Disease Control | |
| 370 | 04/03/2020 | ? | SIngle Individuals | Researchers from Cofense discover a phishing campaign, leveraging OneNote to bypass detection tools and download malware onto victims’ systems. | Account Hijacking | X Individual | CC | >1 | Cofense, OneNote | |
| 371 | 05/03/2020 | ? | Carnival Corp. | Carnival Corp. announces that two of its most popular lines, Holland America and Princess Cruises, were hit by a phishing attack between April 11 and July 23, 2019. | Account Hijacking | R Arts entertainment and recreation | CC | US | Carnival Corp., Holland America, Princess Cruises | |
| 372 | 05/03/2020 | ? | Communications & Power Industries (CPI) | Communications & Power Industries (CPI) is still down after a ransomware attack suffered in January. | Malware | C Manufacturing | CC | US | Communications & Power Industries, CPI | |
| 373 | 05/03/2020 | ? | EVRAZ | EVRAZ, one of the world's largest steel manufacturers and mining operations, has its North American activities taken down by a Ryuk ransomware attack. | Malware | C Manufacturing | CC | US | EVRAZ, Ryuk, ransomware | |
| 374 | 05/03/2020 | ? | Banking users in Italy | Researchers from Sophos discover a new campaign distributing the Trickbot malware in Italy and exploiting the COVID-19 outbreak. | Malware | K Financial and insurance activities | CC | IT | Sophos, Trickbot, COVID-19 | |
| 375 | 05/03/2020 | ? | Multiple targets | Researchers from Kaspersky discover a new campaign inviting victims to install malware in disguise of an expired certificate. | Malware | Y Multiple Industries | CC | >1 | Kaspersky | |
| 376 | 05/03/2020 | Tonto Team | Multiple targets in Russia, Japan, and South Korea | Researchers from Cisco Talos reveal the detail of a new cyber espionage campaign carried out by the Tonto Team via the Bisonal RAT. | Targeted Attack | Y Multiple Industries | CE | >1 | Cisco Talos, Tonto Team, Bisonal RAT | |
| 377 | 05/03/2020 | ? | Chrome Users | Researchers at MyCrypto discover a malicious Chrome extension able to steal Ledger wallet recovery seeds. | Malicious Browser Extension | V Fintech | CC | >1 | MyCrypto, Chrome, Ledger | |
| 378 | 06/03/2020 | ? | The City of Durham and Durham County | The City of Durham and Durham County are hit by a Ryuk ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Durham, Durham County, Ryuk. Ransomware | |
| 379 | 06/03/2020 | ? | Trident Crypto Fund | The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online. | Unknown | V Fintech | CC | MA | Trident Crypto Fund, Crypto | |
| 380 | 06/03/2020 | ? | Entercom | US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials. | Unknown | J Information and communication | CC | US | Entercom | |
| 381 | 06/03/2020 | ? | Koodo Mobile | Telus-owned Koodo Mobile suffers a data breach after their systems were hacked on February 13, 2020, and customer data from August and September 2017 was stolen by the attackers. | Account Hijacking | J Information and communication | CC | CA | Koodo Mobile | |
| 382 | 06/03/2020 | ? | Multiple targets | The US Federal Bureau of Investigation (FBI) warns private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks. | Business Email Compromise | Y Multiple Industries | CC | US | Federal Bureau of Investigation, FBI, Microsoft Office 365, Google G Suite | |
| 383 | 07/03/2020 | ? | SIngle Individuals | Researchers from MalwareHunterTeam discover another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO), and in reality distributing a malware downloader that installs the FormBook information-stealing Trojan. | Malicious Spam | X Individual | CC | >1 | MalwareHunterTeam, Coronavirus, COVID-19, World Health Organization, WHO, FormBook | |
| 384 | 07/03/2020 | ? | Six Southeast Asian countries, including Malaysia and Singapore | Researchers from Technisanct discover hundreds of thousands of credit card details from at least six Southeast Asian countries, leaked online. | Unknown | K Financial and insurance activities | CC | >1 | Malaysia, Singapore, Technisanct | |
| 385 | 08/03/2020 | ? | Multiple targets | Researchers from Volexity reveal that state-sponsored hacking groups are using a recently disclosed Microsoft Exchange vulnerability (CVE-2020-0688) to attack targets. The same warning is sent also by the NSA. | Vulnerability | Y Multiple Industries | CC | >1 | Volexity, Microsoft Exchange, CVE-2020-0688 | |
| 386 | 08/03/2020 | ? | University of Kentucky and UK HealthCare | The University of Kentucky and UK HealthCare discovers that is suffered a malware attack aimed to install cryptominers. | Malware | P Education | CC | US | University of Kentucky and UK HealthCare | |
| 387 | 09/03/2020 | ? | ENTSO-E | The European Network of Transmission System Operators for Electricity (ENTSO-E), says that its IT network had been compromised in a “cyber intrusion.” | Unknown | D Electricity gas steam and air conditioning supply | N/A | EU | ENTSO-E, European Network of Transmission System Operators for Electricity | |
| 388 | 09/03/2020 | ? | Russian users | Researchers from MalwareHunterTeam discover a new phishing scam targeting Russian victims, and utilizing a "customer service" chatbot. | Account Hijacking | X Individual | CC | RU | MalwareHunterTeam | |
| 389 | 09/03/2020 | ? | Single Individuals | Researchers from IBM X-Force Threat Intelligence discover a new sextortion campaign, luring victims with emails promising to give access to the nude extortion pics of a friend's girlfriend, and delivering the Raccoon malware. | Malicious Spam | X Individual | CC | >1 | IBM, X-Force, sextortion, Raccoon | |
| 390 | 09/03/2020 | ? | TrueFire | The popular online guitar tutoring website TrueFire suffers a ‘Magecart‘ attack that might have exposed customers’ personal information and payment card data. | Malicious Script Injection | S Other service activities | CC | US | TrueFire, Magecart | |
| 391 | 09/03/2020 | ? | Single Individuals | Researchers from security firm Reason discover a fake Coronavirus map, delivering the AZORult trojan. | Malware | X Individual | CC | >1 | Reason, COVID019, Coronavirus, AZORult | |
| 392 | 09/03/2020 | ? | Fort Worth Independent School District | The Fort Worth Independent School District is hit with a ransomware attack, | Malware | P Education | CC | US | Fort Worth Independent School District, ransomware | |
| 393 | 10/03/2020 | Mustang Panda | Targets in Vietnam | Vietnamese cyber-security firm VinCSS detects a Chinese state-sponsored group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister. | Targeted Attack | Y Multiple Industries | CE | VN | VinCSS, Mustang Panda, Coronavirus | |
| 394 | 10/03/2020 | ? | Multiple targets | Researchers from Cybereason discover a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. | Malware | Y Multiple Industries | CC | >1 | Cybereason, njRAT | |
| 395 | 10/03/2020 | ? | Undisclosed organization in Asia | Researchers from Lastline discover a new campaign spreading the Paradise ransomware via IQY files. | Malware | Z Unknown | CC | N/A | Lastline, Paradise, ransomware, IQY | |
| 396 | 10/03/2020 | ? | Undisclosed target | Researchers from Cofense discover a phishing campaigns using YouTube redirects to evade security controls. | Account Hijacking | Z Unknown | CC | N/A | YouTube | |
| 397 | 10/03/2020 | ? | Multiple targets | Attackers start to exploit a recently discovered vulnerability on ManageEngine Desktop Central. | Vulnerability | Y Multiple Industries | CC | >1 | ManageEngine Desktop Central, CVE-2020-10189 | |
| 398 | 10/03/2020 | ? | Wichita State University | Wichita State University notifies 1,762 individuals whose personal information was accessed by hackers between December 3, 2019 and December 5, 2019. | Unknown | P Education | CC | US | Wichita State University | |
| 399 | 10/03/2020 | ? | Undisclosed company | A global company with an office in Perth is attacked by criminals who demand a $30 million ransom to unlock its computer system in Australia. | Malware | Z Unknown | CC | AU | Perth | |
| 400 | 11/03/2020 | ? | Champaign-Urbana Public Health District | In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District is hit with a NetWalker ransomware attack. | Malware | Q Human health and social work activities | CC | US | Champaign-Urbana Public Health District, NetWalker, ransomware | |
| 401 | 11/03/2020 | ? | Global insurance, healthcare, and pharmaceutical organizations | Researchers from Proofpoint discover a new phishing campaign impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails. | Malicious Spam | Y Multiple Industries | CC | >1 | Proofpoint, Vanderbilt University Medical Center, HIV | |
| 402 | 11/03/2020 | ? | Northeast Radiology | Northeast Radiology announces that on January 11, 2020, unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (“PACS”), | Unknown | Q Human health and social work activities | CC | US | Northeast Radiology | |
| 403 | 12/03/2020 | ? | Facebook Users | Facebook, Twitter and Instagram remove multiple accounts and pages for a coordinated inauthentic behavior on behalf in Ghana and Nigeria on behalf of individuals in Russia, targeting primarily the United States. | Fake Social Network accounts/groups/pages | X Individual | CW | US | Facebook, Instagram, Twitter, Ghana, Nigeria, Russia, United States. | |
| 404 | 12/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover a new campaign distributing a malware cocktail consisting of the Coronavirus Ransomware and the Kpot information-stealing Trojan. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Coronavirus, Kpot | |
| 405 | 12/03/2020 | Vicious Panda | Public sector entity of Mongolia | Researchers from Check Point discover a campaign, dubbed Vicious Panda, carried out by a Chinese APT group on a public sector entity of Mongolia, leveraging the coronavirus pandemic. | Targeted Attack | O Public administration and defence, compulsory social security | CE | MN | Check Point, Mongolia, Coronavirus | |
| 406 | 12/03/2020 | ? | Open Exchange Rates | Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020. | Account Hijacking | M Professional scientific and technical activities | CC | US | Open Exchange Rates | |
| 407 | 12/03/2020 | Turla | Several high-profile Armenian websites | Researchers from ESET discover a watering hole operation targeting several high-profile Armenian websites via a fake Adobe Flash update, delivering two previously undocumented pieces of malware dubbed NetFlash and PyFlash. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AM | ESET, Turla, Adobe Flash, NetFlash, PyFlash | |
| 408 | 12/03/2020 | ? | Multiple targets | Researchers from IBM X-Force discover a new malware strain dubbed PXJ (AKA XVFXGW). | Malware | Y Multiple Industries | CC | >1 | IBM, X-Force, PXJ, XVFXGW | |
| 409 | 13/03/2020 | ? | The National | The National, a Scottish newspaper, is hit by a DDoS attack. | DDoS | J Information and communication | CC | UK | The National, DDoS | |
| 410 | 13/03/2020 | ? | Brno University Hospital | The Brno University Hospital, a COVID-19 testing center, is hit by a cyberattack right in the middle of a COVID-19 outbreak. | Malware | Q Human health and social work activities | CC | CZ | Brno University Hospital, COVID-19, Coronavirus | |
| 411 | 13/03/2020 | ? | Android users | Researchers from Domaintools reveal the details of Covidlock, a ransomware encrypting data on Android devices. | Malware | X Individual | CC | >1 | Domaintools, Covidlock, Android | |
| 412 | 13/03/2020 | Ancient Tortoise | Multiple targets | Researchers from Agari reveal that the Ancient Tortoise Group is now starting using coronavirus-themed scam emails that take advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts. | Business Email Compromise | Y Multiple Industries | CC | >1 | Agari, Ancient Tortoise | |
| 413 | 13/03/2020 | ? | Aerial Direct | Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years. | Unknown | J Information and communication | CC | UK | Aerial Direct | |
| 414 | 13/03/2020 | ? | Healthcare professionals | A new email scam targets healthcare professionals with phishing emails about "coronavirus awareness" - part of a wave of scams capitalizing on the pandemic. | Account Hijacking | Q Human health and social work activities | CC | >1 | Coronavirus, COVID-19 | |
| 415 | 13/03/2020 | ? | Randleman Eye Center | Randleman Eye Center discloses a malware attack occurred on January 13. | Malware | Q Human health and social work activities | CC | US | Randleman Eye Center | |
| 416 | 13/03/2020 | ? | Jay Public School District | The Jay Public School District is hit with a cyber attack. | Unknown | P Education | CC | US | Jay Public School District | |
| 417 | 14/03/2020 | ? | Facebook Android users | Researchers from Kaspersky discover the CookieThief malware, targeting the Facebook accounts of Android users. | Malware | X Individual | CC | >1 | Kaspersky, CookieThief, Facebook, Android | |
| 418 | 14/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover a new backdoor malware called BlackWater pretending to be a COVID-19 information while abusing Cloudflare Workers as an interface to the malware's command and control (C2) server. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, BlackWater, COVID-19, Cloudflare | |
| 419 | 14/03/2020 | ? | AffordaCare Urgent Care Clinic | AffordaCare Urgent Care Clinic is hit by the Maze ransomware team. | Malware | Q Human health and social work activities | CC | US | AffordaCare Urgent Care Clinic, ransomware, Maze | |
| 420 | 14/03/2020 | ? | Advanced Urgent Care of the Florida Keys | Advanced Urgent Care of the Florida Keys | Malware | Q Human health and social work activities | CC | US | Advanced Urgent Care of the Florida Keys, ransomware, Maze | |
| 421 | 15/03/2020 | ? | United States Health and Human Services Department | The United States Health and Human Services Department's web site is hit with a DDoS cyber attack in the middle of the Coronavirus outbreak. | DDoS | O Public administration and defence, compulsory social security | CC | US | United States Health and Human Services Department, Coronavirus | |
| 422 | 15/03/2020 | ? | Townhall of Marseille and the metropolis. | The townhall of Marseille is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | FR | Marseille, ransomware | |
| 423 | 02/03/2020 | ? | Vijay Sales | A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020. | Misconfiguration | G Wholesale and retail trade | CC | IN | Vijay Sales, AWS | |
| 424 | 02/03/2020 | ? | GeoCloud | A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information. | Misconfiguration | S Other service activities | CC | IL | GeoCloud, AWS | |
| 425 | 13/03/2020 | ? | Norwegian Cruise Line | Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records | Unknown | R Arts entertainment and recreation | CC | US | Dynarisk, Norwegian Cruise Line | |
| 426 | 14/03/2020 | Maze | Hammersmith Medicines Research (HMR) | Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | UK | Hammersmith Medicines Research, HMR, Maze, Coronavirus | |
| 427 | 14/03/2020 | ? | Energy, construction, and telecoms in the United States | Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool. | Malware | Y Multiple Industries | CC | US | Proofpoint, Coronavirus, COVID-19, Remcos | |
| 428 | 14/03/2020 | ? | Jamaica National Group | Jamaica National Group is hit with a ransomware attack. | Malware | K Financial and insurance activities | CC | JM | Jamaica National Group, ransomware | |
| 429 | 15/03/2020 | ? | Bluffton Township Fire District | Bluffton Township Fire District is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Bluffton Township Fire District, ransomware | |
| 430 | 16/03/2020 | APT36 | Indian government | Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN | APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes | |
| 431 | 16/03/2020 | ? | Single Individuals | Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails. | Malicious Spam | X Individual | CC | >1 | ESET, COVID-19, Coronavirus | |
| 432 | 16/03/2020 | TA505 | U.S. healthcare, manufacturing, and pharmaceuticals industries. | Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries. | Malware | Y Multiple Industries | CC | US | Proofpoint, TA505 | |
| 433 | 16/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19, CDC, WHO | |
| 434 | 16/03/2020 | ? | Multiple targets in the UK | The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. | >1 | Y Multiple Industries | CC | UK | National Cyber Security Centre, NCSC, Coronavirus, COVID-19 | |
| 435 | 16/03/2020 | ? | College of DuPage | College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach. | Unknown | P Education | CC | US | College of DuPage | |
| 436 | 16/03/2020 | ? | Android users | Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app. | Malware | X Individual | CC | >1 | Kaspersky, MonitorMinor, Android | |
| 437 | 17/03/2020 | ? | Multiple targets in the US | Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.” | Malware | Y Multiple Industries | CC | US | Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus | |
| 438 | 17/03/2020 | ? | Manufacturing and industrial targets in Spain and Portugal | Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader. | Malware | Y Multiple Industries | CC | ES PT | Proofpoint, COVID-19, Coronavirus, GuLoader | |
| 439 | 17/03/2020 | ? | Manufacturing, technology, and industrial companies in the Netherlands | Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials. | Account Hijacking | Y Multiple Industries | CC | NL | Proofpoint, COVID-19, Coronavirus | |
| 440 | 17/03/2020 | ? | Italian users | Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users. | Malware | X Individual | CC | IT | Cybaze-Yoroi Zlab, Ursnif | |
| 441 | 17/03/2020 | ? | Vimeo users | Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft. | Malware | X Individual | CC | >1 | Vimeo | |
| 442 | 17/03/2020 | ? | Town of Houlton Police | The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019. | Malware | O Public administration and defence, compulsory social security | CC | US | Town of Houlton Police | |
| 443 | 17/03/2020 | ? | Tandem Diabetes Care | Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020 | Account Hijacking | Q Human health and social work activities | CC | US | Tandem Diabetes Care | |
| 444 | 17/03/2020 | ? | Multiple targets | A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data. | Malware | Y Multiple Industries | CC | >1 | Ransomware, Nefilim, Nemty | |
| 445 | 18/03/2020 | ? | Multiple targets | Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products. | Vulnerability | Y Multiple Industries | CC | >1 | Trend Micro, CVE-2020-8467, CVE-2020-8468 | |
| 446 | 18/03/2020 | Molerats group (AKA Gaza CyberGang) | Arabic speakers interested in Palestine’s potential acceptance of the peace plan | Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan. | Targeted Attack | X Individual | CE | PS | IBM X-Force, EnigmaSpark, Middle East | |
| 447 | 18/03/2020 | ? | Telecommunications providers, universities and financial service | Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data. | Malware | Y Multiple Industries | CE | >1 | Bitdefender, Trickbot | |
| 448 | 18/03/2020 | ? | NutriBullet | Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks. | Malicious Script Injection | G Wholesale and retail trade | CC | US | RiskIQ, NutriBullet, Magecart | |
| 449 | 18/03/2020 | ? | Android users in Libya | Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals. | Targeted Attack | X Individual | CE | LY | Lookout, Android, COVID-19, Libya | |
| 450 | 18/03/2020 | ? | US retail companies | Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click. | Account Hijacking | G Wholesale and retail trade | CC | US | Proofpoint, COVID-19, Coronavirus | |
| 451 | 18/03/2020 | ? | Blizzard | Blizzard is hit with a DDoS attack. | DDoS | R Arts entertainment and recreation | CC | US | Blizzard | |
| 452 | 19/03/2020 | ? | Keen | Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis. | DDoS | G Wholesale and retail trade | CC | US | Keen, COVID-19, Coronavirus | |
| 453 | 19/03/2020 | ? | Brooks International | The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom. | Malware | M Professional scientific and technical activities | CC | PK | Sodinokibi, ransomware, Brooks International | |
| 454 | 19/03/2020 | ? | Single Individuals | Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets". | Malicious Spam | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 455 | 19/03/2020 | ? | Single Individuals | The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington. | Malicious Spam | X Individual | CC | US | FBI, coronavirus, COVID-19, California, New York, Washington | |
| 456 | 19/03/2020 | ? | Android users | Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask. | Malware | X Individual | CC | >1 | Zscaler, Android, Coronavirus, Covid-19, Corona Safety Mask | |
| 457 | 19/03/2020 | ? | US Mobile users | According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil. | Malicious Spam | X Individual | CC | US | AdaptiveMobile, COVID-19, CBD oil | |
| 458 | 19/03/2020 | ? | Single Individuals | Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. | Malware | X Individual | CC | >1 | IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye | |
| 459 | 19/03/2020 | APT28, AKA Fancy Bear, Sednit, and Pawn Storm | Multiple targets | Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019. | Targeted Attack | Y Multiple Industries | CE | >1 | Trend Micro, APT28, Fancy Bear, Sednit, Pawn Storm | |
| 460 | 19/03/2020 | ? | Single Individuals | A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake [email protected] app that installs Redline, an information-stealing malware. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus, [email protected], Redline | |
| 461 | 19/03/2020 | ? | Takeaway | The German food delivery service Takeaway is hit with a DDoS attack. | DDoS | I Accommodation and food service activities | CC | DE | Takeaway | |
| 462 | 19/03/2020 | Mespinoza/Pysa | Local government authorities in France | The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities. | Malware | O Public administration and defence, compulsory social security | CC | FR | Mespinoza, Pysa, ransomware | |
| 463 | 19/03/2020 | TA505 AKA Evil Corp | Businesses in Germany | Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives. | Malware | Y Multiple Industries | CC | DE | Prevailion, TA505, Evil Corp | |
| 464 | 20/03/2020 | ? | General Electric (GE) via Canon Business Process Services | General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February. | Account Hijacking | C Manufacturing | CC | US | General Electric, GE, Canon Business Process Services | |
| 465 | 20/03/2020 | Digital Revolution | InformInvestGroup CJSC | Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices. | Unknown | M Professional scientific and technical activities | CC | RU | Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT | |
| 466 | 20/03/2020 | ? | Finastra | Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack. | Malware | V Fintech | CC | UK | Finastra, ransomware | |
| 467 | 20/03/2020 | ? | Single Individuals in the US | FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. | Account Hijacking | X Individual | CC | US | FBI, Internet Crime Complaint Center, IC3 | |
| 468 | 20/03/2020 | ? | Zyxel devices | Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet. | Vulnerability | Y Multiple Industries | CC | >1 | Mukashi, Mirai, Zyxel, CVE-2020-9054 | |
| 469 | 20/03/2020 | ? | University of Utah Health | The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah Health | |
| 470 | 20/03/2020 | ? | Rotherham Council | Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field. | Account Hijacking | O Public administration and defence, compulsory social security | CC | UK | Rotherham Council | |
| 471 | 20/03/2020 | ? | Oregon Department of Human Services | The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Oregon Department of Human Services | |
| 472 | 20/03/2020 | ? | Golden Valley Health Centers | Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3. | Account Hijacking | Q Human health and social work activities | CC | US | Golden Valley Health Centers | |
| 473 | 21/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Coronavirus, NetWalker, COVID-19 | |
| 474 | 21/03/2020 | ? | Lilin devices | Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks. | Vulnerability | Y Multiple Industries | CC | >1 | Lilin | |
| 475 | 21/03/2020 | ? | Bitcoin users | It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks. | Account Hijacking | V Fintech | CC | >1 | Bitcoin, Crypto, QR-Code gernerator | |
| 476 | 23/03/2020 | ? | World Health Organization | Reuters reveal that hackers tried to break into the World Health Organization earlier this month | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | INT | Reuters, World Health Organization, WHO | |
| 477 | 23/03/2020 | ? | Multiple targets | Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix. | Targeted Attack | Y Multiple Industries | CC | >1 | Microsoft, ADV200006 | |
| 478 | 23/03/2020 | ? | 538 million users of Chinese social network Weibo | The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online. | Unknown | X Individual | CC | CN | ||
| 479 | 23/03/2020 | ? | SIngle Individuals | Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 480 | 23/03/2020 | ? | Single Individuals | Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme. | Malware | X Individual | CC | >1 | MalwareHunterTeam, MBRLocker, Coronavirus, COVID-19 | |
| 481 | 23/03/2020 | ? | Single Individuals | Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet. | Malware | X Individual | CC | >1 | Malwarebytes, Coronavirus, COVID-19 | |
| 482 | 23/03/2020 | ? | Single Individuals | An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails. | Malware | X Individual | CC | US | HHS, COVID-19, Coronavirus | |
| 483 | 23/03/2020 | ? | 118 118 Money | 118 118 Money writes to personal loans and credit card customers to notify an intrusion. | Unknown | K Financial and insurance activities | CC | UK | 118 118 Money | |
| 484 | 23/03/2020 | ? | LTI Power System | LTI Power System is hit with a ransomware attack. | Malware | C Manufacturing | CC | US | LTI Power System, ransomware | |
| 485 | 24/03/2020 | ? | Industrial-related entities in the Middle East | Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan. | Targeted Attack | Y Multiple Industries | CC | >1 | Kaspersky, WildPressure, Milum | |
| 486 | 24/03/2020 | ? | Android users | Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net. | Malware | X Individual | CC | >1 | Check Point, Tekya, Haken | |
| 487 | 24/03/2020 | ? | Banking users in Spain | Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app. | Malware | K Financial and insurance activities | CC | ES | Kaspersky, Ginp, Coronavirus Finder | |
| 488 | 24/03/2020 | TwoSail Junk | iOS Users in Hong Kong | Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy. | Targeted Attack | X Individual | CE | HK | Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk | |
| 489 | 24/03/2020 | ? | Netflix users | Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Netflix, Coronavirus, COVID-19 | |
| 490 | 24/03/2020 | ? | Bank customers in Germany | Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction. | Malware | K Financial and insurance activities | CC | DE | IBM X-Force, TrickMo, Android, TrickBot | |
| 491 | 24/03/2020 | ? | Twitter users | Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Twitter, coronavirus, COVID-19 | |
| 492 | 24/03/2020 | ? | PropTiger | Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018. | Unknown | L Real estate activities | CC | IN | PropTiger | |
| 493 | 25/03/2020 | APT41 | Multiple targets | Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe. | Targeted Attack | Y Multiple Industries | CE | >1 | FireEye, APT41 | |
| 494 | 25/03/2020 | ? | Tupperware | Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Tupperware, Magecart, Malwarebytes | |
| 495 | 25/03/2020 | ? | Daniel's Hosting | The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases. | Unknown | S Other service activities | CC | DE | Daniel's Hosting | |
| 496 | 25/03/2020 | Palesa | AMD | AMD admits that a hacker has stolen files related to some of its graphics products. | Unknown | C Manufacturing | CC | US | AMD, Palesa | |
| 497 | 25/03/2020 | ? | Linksys Routers | Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer. | Malware | Y Multiple Industries | CC | >1 | Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19 | |
| 498 | 25/03/2020 | ? | Single Individuals | Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome. | Malware | X Individual | CC | >1 | Doctor Web, Google Chrome | |
| 499 | 25/03/2020 | ? | Websites using Wordpress | The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site. | Malicious Wordpress Plugin | Y Multiple Industries | CC | >1 | WordPress, WP-VCD, Coronavirus, COVID-19 | |
| 500 | 25/03/2020 | ? | Town of Jupiter | The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Jupiter, REvil, Sodinokibi, ransomware | |
| 501 | 26/03/2020 | China | North Korea | Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | China, North Korea, Google | |
| 502 | 26/03/2020 | Maze | Chubb | Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack. | Malware | K Financial and insurance activities | CC | CH | Chubb, Maze, ransomware | |
| 503 | 26/03/2020 | DoppelPaymer | Kimchuk | Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware | Malware | C Manufacturing | CC | US | Kimchuk, DoppelPaymer, ransomware | |
| 504 | 26/03/2020 | FIN7 | Multiple targets | The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor. | Targeted Attack | K Financial and insurance activities | CC | US | FIN7, GRIFFON , FBI | |
| 505 | 26/03/2020 | Ryuk | US health care provider | A US health care provider is hit with the Ryuk ransomware. | Malware | Q Human health and social work activities | CC | US | Ryuk, ransomware | |
| 506 | 26/03/2020 | ? | Undisclosed US hospitality provider | Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack. | Malware | Q Human health and social work activities | CC | US | Trustwave, BadUSB | |
| 507 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update. | Account Hijacking | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 508 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new spam campaign exploiting COVID-19. | Malicious Spam | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 509 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections. | Malware | X Individual | CC | IT | Forcepoint, COVID-19, Coronavirus | |
| 510 | 27/03/2020 | Silence and TA505 | At least two companies operating in pharmaceutical and manufacturing sectors have been affected | Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322 | Targeted Attack | C Manufacturing | CC | EU | Group-IB, TA505, Silence, CVE-2019-1405, CVE-2019-1322 | |
| 511 | 27/03/2020 | ? | Social Bluebook | Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked. | Unknown | J Information and communication | CC | US | Social Bluebook | |
| 512 | 27/03/2020 | ? | U.S. Small Businesses | Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). | Malware | Y Multiple Industries | CC | US | IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA | |
| 513 | 27/03/2020 | ? | Multiple targets in Australia | The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity. | Account Hijacking | Y Multiple Industries | CC | AU | Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus | |
| 514 | 28/03/2020 | ? | 4.9 million Georgian citizens | The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum. | Unknown | O Public administration and defence, compulsory social security | CC | GE | Georgia | |
| 515 | 28/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member. | Malicious Spam | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 516 | 28/03/2020 | Two malicious groups | Multiple targets | Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. | Vulnerability | Y Multiple Industries | CC | >1 | Qihoo 360, DrayTek | |
| 517 | 28/03/2020 | ? | Teaching Council | A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared. | Account Hijacking | P Education | CC | IE | Teaching Council | |
| 518 | 29/03/2020 | Saudi Arabia? | Saudi citizens in the US | Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US. | Vulnerability | X Individual | CE | SA | Saudi Arabia | |
| 519 | 29/03/2020 | ? | Single Individuals | A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 520 | 30/03/2020 | ? | Major banks from the US, Canada, and Australia | Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan. | Malware | K Financial and insurance activities | CC | >1 | IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus | |
| 521 | 30/03/2020 | ? | Multiple targets | FBI warns about Zoom bombing as hijackers take over school and business video conferences. | Misconfiguration | Y Multiple Industries | CC | >1 | FBI, Zoom bombing | |
| 522 | 30/03/2020 | ? | Multiple targets in the US | The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign. | Targeted Attack | Y Multiple Industries | CE | US | FBI, Kwampirs | |
| 523 | 30/03/2020 | ? | YouTuber users | A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates. | Account Hijacking | X Individual | CC | >1 | YouTube, Ponzi scam, Bill Gates. | |
| 524 | 30/03/2020 | ? | GoDaddy.com | A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com. | Account Hijacking | J Information and communication | CC | US | GoDaddy.com, escrow.com. | |
| 525 | 30/03/2020 | "Samaneye Shekar” meaning “Hunting system” | 42 million Iranian citizens | The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online. | Unknown | X Individual | CC | IR | HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system | |
| 526 | 31/03/2020 | ? | Marriott | Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February. | Account Hijacking | I Accommodation and food service activities | CC | US | Marriott | |
| 527 | 31/03/2020 | ? | Specific Asian religious and ethnic group | Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group. | Targeted Attack | X Individual | CE | >1 | Kaspersky, Holy Water | |
| 528 | 31/03/2020 | ? | Multiple targets | Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. | Malware | Y Multiple Industries | CC | >1 | Mimecast, LimeRAT, Excel | |
| 529 | 31/03/2020 | ? | Single Individuals | Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear. | Account Hijacking | X Individual | CC | >1 | Cofense, COVID-19, Coronavirus | |
| 530 | 16/03/2020 | ? | Avalon Health Care Management | Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Avalon Health Care Management | |
| 531 | 26/03/2020 | Bassterlord | Indian State Tax Office | A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum, | Unknown | O Public administration and defence, compulsory social security | CC | IN | Bassterlord | |
| 532 | 26/03/2020 | ? | Meadville Medical Center | Meadville Medical Center is hit with a malware attack. | Malware | Q Human health and social work activities | CC | US | Meadville Medical Center | |
| 533 | 27/03/2020 | ? | SBTech | SBTech is hit with a ransomware infection | Malware | R Arts entertainment and recreation | CC | MA | SBTech, ransomware | |
| 534 | 27/03/2020 | ? | Brandywine Urology Consultants | Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27. | Malware | Q Human health and social work activities | CC | US | Brandywine Urology Consultants, ransomware | |
| 535 | 30/03/2020 | Maze | BetUS | Online gambling operator BetUS is the latest target of the Maze ransomware gang. | Malware | R Arts entertainment and recreation | CC | CW | BetUS, Maze, ransomware | |
| 536 | 31/03/2020 | Nefilim | Cosan | The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy. | Malware | C Manufacturing | CC | BR | Nefilim, Cosan, ransomware | |
| 537 | 31/03/2020 | ? | Android users | Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware. | Malware | X Individual | CC | >1 | Bitdefender, Android, Zoom | |
| 538 | 08/04/2020 | ? | Vulnerable IoT devices | Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks. | Vulnerability | Y Multiple Industries | CC | >1 | Bitdefender, Dark_Nexus | |
| 539 | 08/04/2020 | ? | Bisq | Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users. | Vulnerability | V Fintech | CC | N/A | Bisq, Crypto | |
| 540 | 08/04/2020 | ? | Cisco Webex users | Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. | Account Hijacking | X Individual | CC | >1 | Cofense, Cisco Webex, COVID-19, Coronavirus | |
| 541 | 08/04/2020 | ? | Multiple targets | Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks. | Account Hijacking | Y Multiple Industries | CC | >1 | Microsoft, Coronavirus, COVID-19 | |
| 542 | 09/04/2020 | ? | Government of North Rhine-Westphalia | The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid. | Account Hijacking | O Public administration and defence, compulsory social security | CC | DE | North Rhine-Westphalia, COVID-19 | |
| 543 | 09/04/2020 | ? | Android users | Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues. | Malware | X Individual | CC | >1 | Check Point, coronavirus, COVID-19, Android | |
| 544 | 09/04/2020 | ? | E-Commerce sites powered by WordPress | Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Sucuri, Javascript, WooCommerce | |
| 545 | 09/04/2020 | ? | Single Individuals | A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam. | Malicious Spam | X Individual | CC | >1 | Extortion | |
| 546 | 09/04/2020 | ? | Single Individuals | Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump. | Account Hijacking | X Individual | CC | US | Inky, White House, Mike Pence, Coronavirus, COVID-19 | |
| 547 | 09/04/2020 | ? | DESMI | DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack. | Malware | C Manufacturing | CC | DK | DESMI, ransomware | |
| 548 | 09/04/2020 | ? | Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com | Someone is selling personal details of 45,000 Iranians on the dark web. | Unknown | X Individual | CC | IR | Niazpardaz[.]ir, Arzi24[.]com | |
| 549 | 10/04/2020 | ? | Mediterranean Shipping Co (MSC) | Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack. | Malware | H Transportation and storage | CC | CH | Mediterranean Shipping Co, (MSC) | |
| 550 | 10/04/2020 | Protag | Quidd | Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums. | Unknown | R Arts entertainment and recreation | CC | US | Quidd | |
| 551 | 10/04/2020 | Nefilim | MAS Holdings | The Nefilim ransomware group operators leak the data of MAS Holdings. | Malware | C Manufacturing | CC | LK | Nefilim, Mas Holdings, ransomware | |
| 552 | 10/04/2020 | ? | Single Individuals | Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials. | Credential Stuffing | X Individual | CC | >1 | IntSights, Zoom | |
| 553 | 10/04/2020 | ? | Saint Francis Ministries | An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019. | Account Hijacking | S Other service activities | CC | US | Saint Francis Ministries | |
| 554 | 10/04/2020 | ? | Single Individuals | Researchers from Sophos reveal a surge in sextortion emails. | Malicious Spam | X Individual | CC | >1 | Sophos, Sextortion | |
| 555 | 10/04/2020 | ? | 115 million Pakistani mobile users | Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data. | Unknown | X Individual | CC | PK | Rewterz, Pakistan | |
| 556 | 11/04/2020 | ? | Monte dei Paschi | Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30. | Account Hijacking | K Financial and insurance activities | CC | IT | Monte dei Paschi | |
| 557 | 11/04/2020 | ? | Lafayette Regional Rehabilitation Hospital | Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months. | Account Hijacking | Q Human health and social work activities | CC | US | Lafayette Regional Rehabilitation Hospital | |
| 558 | 12/04/2020 | ? | Single Individuals | A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers. | Malware | X Individual | CC | >1 | Ransomware | |
| 559 | 12/04/2020 | ? | New York State | New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States. | Vulnerability | O Public administration and defence, compulsory social security | CE | US | New York State | |
| 560 | 12/04/2020 | ? | Doctors based in the US | A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. | Unknown | Q Human health and social work activities | CC | US | ||
| 561 | 13/04/2020 | ? | Single Individuals | Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums. | Credential Stuffing | X Individual | CC | >1 | Cyble, 500,000, Zoom | |
| 562 | 13/04/2020 | ? | Hartford HealthCare | Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year. | Account Hijacking | Q Human health and social work activities | CC | US | Hartford HealthCare | |
| 563 | 13/04/2020 | ? | Government agencies involved in the procurement of personal protective equipment and other supplies | The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic. | Business Email Compromise | O Public administration and defence, compulsory social security | CC | US | FBI, COVID-19, Coronavirus | |
| 564 | 13/04/2020 | ? | Accounts of banking customers in Spain | Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. | Malware | K Financial and insurance activities | CC | ES | Kaspersky, Grandoreiro, Chrome | |
| 565 | 13/04/2020 | ? | Doctors Community Medical Center | Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January. | Account Hijacking | Q Human health and social work activities | CC | US | Doctors Community Medical Center | |
| 566 | 14/04/2020 | Ragnar Locker | Energias de Portugal (EDP) | Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). | Malware | D Electricity gas steam and air conditioning supply | CC | PT | Energias de Portugal (EDP), | |
| 567 | 14/04/2020 | ? | Chrome Users | Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort. | Malicious Browser Extension | X Individual | CC | >1 | Google, Chrome, MyCrypto, PhishFort, crypto | |
| 568 | 14/04/2020 | ? | Single Individuals | Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads. | Server-Side Ad Insertion (SSAI) Hijacking | X Individual | CC | >1 | White Ops, ICEBUCKET, Smart TVs | |
| 569 | 14/04/2020 | ? | Canadian government healthcare organization | Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic. | Malware | Q Human health and social work activities | CC | CA | Palo Alto Networks, ransomware, COVID-19, Coronavirus | |
| 570 | 14/04/2020 | ? | Canadian medical research facility | Researchers from Palo Alto discover a ransomware attack against a Canadian medical research facility exploiting the COVID-19 pandemic. | Malware | Q Human health and social work activities | CC | CA | Palo Alto Networks, ransomware, COVID-19, Coronavirus | |
| 571 | 14/04/2020 | ? | Medical organizations and medical research facilities located in Japan and Canada | Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware. | Malware | Q Human health and social work activities | CC | CA JP | Palo Alto, AgentTesla, COVID-19, Coronavirus | |
| 572 | 14/04/2020 | ? | GitHub users | GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes. | Account Hijacking | Y Multiple Industries | CC | >1 | GitHub, Sawfish | |
| 573 | 14/04/2020 | ? | Individuals in the US | Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails. | Malware | X Individual | CC | US | Fortinet, NetWire, IRS, COVID-19, Coronavirus | |
| 574 | 14/04/2020 | TA505 | Multiple targets | Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT. | Malware | Y Multiple Industries | CC | >1 | IBM X-Force, TA505, SDBbot | |
| 575 | 14/04/2020 | ? | Two Manitoba law firms | Two Manitoba law firms are hit with a ransomware attack. | Malware | M Professional scientific and technical activities | CC | CA | Manitoba, ransomware | |
| 576 | 14/04/2020 | ? | Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia. | Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app. | Malware | Y Multiple Industries | CE | >1 | Trend Micro, Project Spy, COVID-19 | |
| 577 | 15/04/2020 | Syrian Electronic Army (SEA) | Single Individuals in Syria | Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens. | Malware | X Individual | CE | SY | Lookout, COVID-19, Coronavirus | |
| 578 | 15/04/2020 | International Union of Virtual Media (IUVM) (linked to Iran) | Social Network users | Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter. | Fake Social Network accounts/groups/pages | X Individual | CW | >1 | Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM | |
| 579 | 15/04/2020 | Satan | Mercantile Communications Pvt Ltd | A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd. | DNS Hijacking | J Information and communication | CC | NP | Mercantile Communications Pvt Ltd, Satan | |
| 580 | 15/04/2020 | ? | Valorant players | Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys. | Malware | R Arts entertainment and recreation | CC | >1 | Valorant | |
| 581 | 15/04/2020 | ? | Single Individuals | Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19 | Business Email Compromise | X Individual | CC | US | Trustwave, COVID-19, Coromnavirus | |
| 582 | 15/04/2020 | ? | Wappalyzer | Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20. | Misconfiguration | M Professional scientific and technical activities | CC | AU | Wappalyzer | |
| 583 | 15/04/2020 | ? | Customers of the main Portuguese banks | A new Android Trojan-Banker targets customers of the main Portuguese banks. | Malware | K Financial and insurance activities | CC | PT | Android, Trojan-Banker | |
| 584 | 15/04/2020 | ? | Single Individuals | Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak. | Account Hijacking | X Individual | CC | >1 | Mimecast, COVID-19, Coronavirus | |
| 585 | 15/04/2020 | Hidden Cobra | US and western financial institutions | The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions. | Targeted Attack | K Financial and insurance activities | CC | >1 | DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA | |
| 586 | 15/04/2020 | ? | Applications Software Technologies | Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account. | Account Hijacking | M Professional scientific and technical activities | CC | US | Applications Software Technologies | |
| 587 | 15/04/2020 | ? | EA Sports | EA Sports is hit by a DDoS attack | DDoS | R Arts entertainment and recreation | CC | US | EA Sports | |
| 588 | 15/04/2020 | ? | South African Department for Women, Youth, and Persons with Disabilities | The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack. | Zoom bombing | O Public administration and defence, compulsory social security | CC | ZA | South African Department for Women, Youth, and Persons with Disabilities, Zoom | |
| 589 | 03/04/2020 | ? | Vulnerable ZyXEL routers | Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. | Vulnerability | Y Multiple Industries | CC | >1 | Palo Alto Networks, Hoaxcalls, ZyXEL, Grandstream, DrayTek | |
| 590 | 15/04/2020 | ? | Vulnerable Wordpress servers | Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. | Vulnerability | Y Multiple Industries | CC | >1 | Sucuri, WordPress, OneTone | |
| 591 | 15/04/2020 | ? | Vulnerable IoT devices | Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices. | Malware | Y Multiple Industries | CC | >1 | NetLab 360, Moobot, Mirai | |
| 592 | 16/04/2020 | Foreign government hackers | Companies conducting research into treatments for COVID-19 | The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19. | Targeted Attack | Q Human health and social work activities | CE | US | FBI, COVID-19 | |
| 593 | 16/04/2020 | ? | Azerbaijan government and utility companies | Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AZ | Cisco Talos, PoetRAT, COVID-19 | |
| 594 | 16/04/2020 | ? | Ruby Users | Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards. | Malware | Y Multiple Industries | CC | >1 | ReversingLabs, RubyGems, Ruby | |
| 595 | 16/04/2020 | ? | Single Individuals | Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer. | Malvertising | X Individual | CC | >1 | Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0 | |
| 596 | 17/04/2020 | ? | Aptoide | A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications. | SQL Injection | J Information and communication | CC | PT | Aptoide, Android | |
| 597 | 17/04/2020 | Trickbot | Multiple targets | Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message. | Malware | Y Multiple Industries | CC | >1 | Microsoft, Trickbot, COVID-19, Coronavirus | |
| 598 | 17/04/2020 | Clop | ExecuPharm | U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom. | Malware | Q Human health and social work activities | CC | US | ExecuPharm, Clop | |
| 599 | 17/04/2020 | ? | Organizations in Italy | Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy. | Malware | Y Multiple Industries | CC | IT | Cybaze-Yoroi ZLab, Ursnif | |
| 600 | 17/04/2020 | ? | PrimoHoagies | PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020. | Malicious Script Injection | I Accommodation and food service activities | CC | US | PrimoHoagies | |
| 601 | 17/04/2020 | ? | Banking users | Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan. | Malware | K Financial and insurance activities | CC | >1 | Trustwave, Excel, COVID-19, Gozi | |
| 602 | 17/04/2020 | ? | Aurora Medical Center Bay Area | Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Aurora Medical Center Bay Area | |
| 603 | 17/04/2020 | ? | Olean City | Olean City is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Olean City. Ransomware | |
| 604 | 18/04/2020 | ? | Cognizant | Information technologies services giant Cognizant is hit by the Maze Ransomware. | Malware | M Professional scientific and technical activities | CC | US | Cognizant, Maze | |
| 605 | 18/04/2020 | ? | Webkinz World, | A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz. | SQL Injection | R Arts entertainment and recreation | CC | CA | Webkinz World, Ganz | |
| 606 | 19/04/2020 | ? | Uniswap | Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful. | Vulnerability | V Fintech | CC | US | Uniswap, Crypto | |
| 607 | 19/04/2020 | ? | Lendf.me | The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught. | Vulnerability | V Fintech | CC | N/A | Lendf.me, crypto | |
| 608 | 19/04/2020 | ? | Facebook users | Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums. | Misconfiguration | X Individual | CC | >1 | Cyble, Facebook | |
| 609 | 19/04/2020 | ? | UniCredit | Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack. | SQL Injection | K Financial and insurance activities | CC | IT | UniCredit | |
| 610 | 19/04/2020 | ? | Energy, manufacturing, and business services in the United States | Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account. | Account Hijacking | Y Multiple Industries | CC | US | Proofpoint, Zoom, COVID-19 | |
| 611 | 19/04/2020 | TA4562 | Manufacturing industrial, marketing/advertising, technology, IT and construction companies | Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations. | Malware | Y Multiple Industries | CC | >1 | Proofpoint, Zoom, COVID-19, TA4562 | |
| 612 | 19/04/2020 | ? | Danish Agro | Danish Agro is hit with a ransomware attack. | Malware | S Other service activities | CC | DK | Danish Agro, ransomware | |
| 613 | 20/04/2020 | Winnti (aka APT41, BARIUM, Blackfly). | Gravity | Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game. | Targeted Attack | R Arts entertainment and recreation | CE | KR | QuoIntelligence, QuoINT, Winnti, APT41, BARIUM, Blackfly, Gravity, Ragnarok | |
| 614 | 20/04/2020 | ? | Believr | Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr. | Zoom Bombing | S Other service activities | CC | US | Zoom, Believr | |
| 615 | 20/04/2020 | ? | Chartered Institute for Securities and Investments (CISI) | The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website. | Malicious Script Injection | S Other service activities | CC | UK | Chartered Institute for Securities and Investments, CISI | |
| 616 | 20/04/2020 | ? | Brandywine Counseling and Community Services | Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020. | Malware | Q Human health and social work activities | CC | US | Brandywine Counseling and Community Services, ransomware | |
| 617 | 21/04/2020 | ? | Nintendo users | Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system. | Account Hijacking | R Arts entertainment and recreation | CC | JP | Nintendo, Nintendo Network ID, NNID | |
| 618 | 21/04/2020 | ? | China's Uyghur minority | Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority. | Targeted Attack | X Individual | CE | CN | Volexity, Insomnia, iOS, Uyghur | |
| 619 | 21/04/2020 | ? | Zoom users in corporate environments | Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Zoom, COVID-19 | |
| 620 | 21/04/2020 | DoppelPaymer | City of Torrance | The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | The City of Torrance, DoppelPaymer | |
| 621 | 21/04/2020 | ? | US healthcare providers | The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. | Malware | Q Human health and social work activities | CC | US | FBI, COVID-19 | |
| 622 | 21/04/2020 | ? | Single Individuals | A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds. | Malware | X Individual | CC | >1 | CoronaLocker, COVID-19 | |
| 623 | 21/04/2020 | ? | Oil and gas industries in multiple countries | Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | >1 | Bitdefender, Agent Tesla | |
| 624 | 21/04/2020 | ? | Parkview Medical Center | Parkview Medical Center is hit with a ransomware attack. | Malware | Q Human health and social work activities | CC | US | Parkview Medical Center, ransomware | |
| 625 | 21/04/2020 | ? | Single Individuals | Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp. | Account Hijacking | X Individual | CC | >1 | ZeroFOX, WhatsApp, COVID-19 | |
| 626 | 21/04/2020 | ? | Whisky Auctioneer | An online auction of rare whiskies is postponed indefinitely following a DDoS attack. | DDoS | R Arts entertainment and recreation | CC | US | Whisky Auctioneer | |
| 627 | 21/04/2020 | ? | Banking users in Spain, Portugal, Brazil and other parts of Latin America | Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. | Malware | K Financial and insurance activities | CC | >1 | BM X-Force, Banking.BR | |
| 628 | 22/04/2020 | State-sponsored actor | Multiple targets | Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018. | Targeted Attack | Y Multiple Industries | CE | >1 | ZecOps, iPhone, iPad | |
| 629 | 22/04/2020 | ? | Valve | The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked | Unknown | R Arts entertainment and recreation | CC | US | Valve | |
| 630 | 22/04/2020 | Government-backed attackers | US government workers | Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials. | Account Hijacking | O Public administration and defence, compulsory social security | CE | US | Google's Threat Analysis Group, TAG, Gmail | |
| 631 | 22/04/2020 | Tag Barnakle | Vulnerable AD servers | Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware. | Malvertising | Y Multiple Industries | CC | >1 | Confiant, Tag Barnakle, Revive | |
| 632 | 22/04/2020 | ? | Multiple targets | A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network. | Account Hijacking | Y Multiple Industries | CC | >1 | Phishing | |
| 633 | 22/04/2020 | ? | SIngle Individuals | Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months. | Malicious Spam | X Individual | CC | >1 | Sophos | |
| 634 | 23/04/2020 | Jerusalem Electronic Army (J.E.Army) | Water supply and treatment facilities in Israel | The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. | Unknown | E Water supply, sewerage waste management, and remediation activities | CE | IL | Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD | |
| 635 | 23/04/2020 | Ocean Lotus AKA APT32 | Wuhan government and Chinese Ministry of Emergency Management | Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic. | Targeted Attack | Y Multiple Industries | CE | CN | FireEye, Ocean Lotus, APT32, Wuhan, COVID-19, Coronavirus | |
| 636 | 23/04/2020 | ? | GoDaddy | GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. | Account Hijacking | J Information and communication | CC | US | GoDaddy | |
| 637 | 23/04/2020 | ? | US Universities | Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT. | Malware | P Education | CC | US | Hupigon RAT | |
| 638 | 23/04/2020 | Sodinokibi | SeaChange | SeaChange is hit with the Sodinokibi ransomware. | Malware | J Information and communication | CC | US | SeaChange, Sodinokibi, ransomware | |
| 639 | 23/04/2020 | ? | Multiple targets | The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells. | Web Shells | Y Multiple Industries | CC | US AU | National Security Agency, NSA, Australian Signals Directorate, ASD | |
| 640 | 23/04/2020 | ? | Multiple targets | Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense, Skype, COVID-19 | |
| 641 | 23/04/2020 | ? | Organizations in both public and private sectors, including financial institutions. | Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency. | Malware | Y Multiple Industries | CC | PE | ESET, VictoryGate, Crypto, Monero | |
| 642 | 23/04/2020 | Florentine Banker | Israeli and UK financial firms | Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions. | Business Email Compromise | K Financial and insurance activities | CC | IL UK | Florentine Banker, Check Point | |
| 643 | 24/04/2020 | ? | Small business owners | Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses. | Account Hijacking | Y Multiple Industries | CC | US | Abnormal Security, US Payroll Protection | |
| 644 | 24/04/2020 | ? | Multiple targets | A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks. | Account Hijacking | Y Multiple Industries | CC | >1 | BazarBackdoor, TrickBot | |
| 645 | 24/04/2020 | ? | US and South Korean financial organizations and banks | Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash. | Unknown | K Financial and insurance activities | CC | US KR | Group-IB, Joker's Stash | |
| 646 | 24/04/2020 | ? | Single Individuals | Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program. | Account Hijacking | X Individual | CC | US | Inky, U.S. Federal Reserve, COVID-19 | |
| 647 | 24/04/2020 | ? | Single Individuals | Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware. | Malware | X Individual | CC | US | NHS, COVID-19 | |
| 648 | 24/04/2020 | ? | Illinois Valley Community College | Illinois Valley Community College is hit with a ransomware attack. | Malware | P Education | CC | US | Illinois Valley Community College, ransomware | |
| 649 | 25/04/2020 | Asnarök | Vulnerable Sophos XG Firewalls | Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök. | SQL Injection | Y Multiple Industries | CC | >1 | Sophos, XG, Asnarök | |
| 650 | 25/04/2020 | THE0TIME | Huiying Medical Technology | Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data. | Unknown | C Manufacturing | CC | CN | Cyble, Huiying Medical Technology, COVID-19, THE0TIME | |
| 651 | 26/04/2020 | ? | Robert Dyas | Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March. | Malicious Script Injection | G Wholesale and retail trade | CC | UK | Robert Dyas | |
| 652 | 27/04/2020 | ? | Multiple targets | Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL. | Account Hijacking | Y Multiple Industries | CC | >1 | Kaspersky, COVID-19, FedEx, UPS, DHL | |
| 653 | 27/04/2020 | ? | Lumberton Township Public Schools in Burlington County | Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students. | Zoom Bombing | P Education | CC | US | Lumberton Township Public Schools, Burlington County, Zoom | |
| 654 | 27/04/2020 | Sodinokibi AKA Revil | CivicSmart | CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Sodinokibi, Revil, CivicSmart, Ransomware | |
| 655 | 28/04/2020 | Light | Zaha Hadid Architects | A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand. | Malware | M Professional scientific and technical activities | CC | UK | Zaha Hadid Architects, Light, ransomware | |
| 656 | 28/04/2020 | ? | Android users | Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action. | Malware | X Individual | CC | >1 | Check Point, Lucy, FBI, ransomware, Android | |
| 657 | 28/04/2020 | ? | Single Individuals | Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency. | Malware | X Individual | CC | >1 | Microsoft, torrent | |
| 658 | 28/04/2020 | ? | Vulnerable Wordpress servers | Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress | |
| 659 | 28/04/2020 | Ocean Lotus AKA APT32? | Android devices in countries including India, Vietnam, Bangladesh, and Indonesia. | Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data. | Malware | X Individual | CE | >1 | Kaspersky, PhantomLance, Google Play, Android | |
| 660 | 28/04/2020 | Outlaw Hacking Group | Multiple targets in Europe | Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations. | Malware | Y Multiple Industries | CC | >1 | Cybaze-Yoroi ZLab, Outlaw | |
| 661 | 28/04/2020 | ? | Banking users especially in Brazil, Mexico, Spain and Peru | Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru. | Malware | K Financial and insurance activities | CC | >1 | ESET, Grandoreiro, COVID-19 | |
| 662 | 28/04/2020 | ? | Organizations in Healthcare | Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare. | Malware | Q Human health and social work activities | CC | >1 | Microsoft, ransomware, COVID-19 | |
| 663 | 28/04/2020 | ? | Zoom users | Researchers at IntSights discover multiple Zoom databases on underground forums. | Credential stuffing | Y Multiple Industries | CC | >1 | IntSights, Zoom | |
| 664 | 29/04/2020 | ? | High-profile Estonian individuals | The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee. | Vulnerability | O Public administration and defence, compulsory social security | CE | EE | KaPo, Mail.ee. | |
| 665 | 29/04/2020 | ? | Chegg | Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers. | Unknown | M Professional scientific and technical activities | CC | US | Chegg | |
| 666 | 29/04/2020 | ? | Single Individuals | Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer. | Malware | X Individual | CC | >1 | TrendMicro, COVID-19, Coronavirus, RevCode, Zoom | |
| 667 | 29/04/2020 | ? | Multiple targets | Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic. | Brute-force | Y Multiple Industries | CC | >1 | Kaspersky, RDP, COVID-19, Coronavirus | |
| 668 | 29/04/2020 | ? | UseNeXT and Usenet.nl | UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company." | Unknown | J Information and communication | CC | DE NL | UseNeXT, Usenet.nl, Usenet | |
| 669 | 29/04/2020 | ? | Undisclosed Multinational conglomerate | Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server. | Malware | Z Unknown | CC | N/A | Check Point, Android, Cerberus, Ransomware | |
| 670 | 29/04/2020 | Aggah | Multiple targets | Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT | |
| 671 | 29/04/2020 | ? | PaperlessPay Corporation | PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers. | SQL Injection | M Professional scientific and technical activities | CC | US | PaperlessPay Corporation | |
| 672 | 30/04/2020 | PerSwaysion | High-ranking executives at more than 150 companies | Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies. | Account Hijacking | Y Multiple Industries | CE | >1 | Group-IB, PerSwaysion | |
| 673 | 30/04/2020 | ? | Vulnerable WebLogic servers | Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883. | Vulnerability | Y Multiple Industries | CC | >1 | Oracle, WebLogic, CVE-2020-2883. | |
| 674 | 30/04/2020 | ? | Banks and financial services across Europe | Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe | Malware | K Financial and insurance activities | CC | >1 | Cybereason, EventBot, Android | |
| 675 | 30/04/2020 | ? | Multiple targets | Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA). | Malware | K Financial and insurance activities | CC | US | Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19 | |
| 676 | 30/04/2020 | Netwalker | NWT Power Corporation | NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack | Malware | D Electricity gas steam and air conditioning supply | CC | CA | NWT Power Corporation, Northwest Territories Power Corporation | |
| 677 | 30/04/2020 | LockBit | Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia. | Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network. | Malware | Y Multiple Industries | CC | >1 | McAfee, Northwave Intelligent Security Operations, ransomware, LockBit | |
| 678 | 30/04/2020 | ? | Multiple targets | Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages. | Account Hijacking | Y Multiple Industries | CC | >1 | Barracuda Networks, reCAPTCHA, Microsoft | |
| 679 | 30/04/2020 | ? | Warwick University | The Warwick University reveals to have been breached last year (and tried to cover the breach). | Malware | P Education | CC | UK | Warwick University | |
| 680 | 30/04/2020 | ? | SWPS University of Humanities and Social Sciences (‘SWPS University’) | The Polish University of Humanities and Social Sciences is hit with a ransomware attack. | Malware | P Education | CC | PL | SWPS, University of Humanities and Social Sciences , ransomware | |
| 681 | 27/04/2020 | ? | Aeries Student Information System | Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019. | Unknown | M Professional scientific and technical activities | CC | US | Aeries Student Information System | |
| 682 | 18/04/2020 | ? | Etana Custody | Etana Custody states that its “client user interface was accessed by an unauthorized external party” | Unknown | V Fintech | CC | US | Etana Custody, Crypto | |
| 683 | 01/05/2020 | Maze | Banco BCR | Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. | Malware | K Financial and insurance activities | CC | CR | Maze, Banco BCR, ransomware | |
| 684 | 01/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams. | Account Hijacking | O Public administration and defence, compulsory social security | CC | >1 | Microsoft Teams, Abnormal Security, COVID-19 | |
| 685 | 01/05/2020 | ? | Single Individuals | A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. | Malware | X Individual | CC | >1 | LokiBot, Jigsaw, Ransomware | |
| 686 | 01/05/2020 | Maze | Nashville Plastic Surgery Institute, | Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware | |
| 687 | 01/05/2020 | Maze | Plastic Surgery Center Dr. Kristin Tarbet’s | Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware | |
| 688 | 01/05/2020 | Sodinokibi (AKA REvil) | MJ Payne | MJ Payne, a London accountancy firm, suffers a REvil ransomware attack. | Malware | K Financial and insurance activities | CC | UK | MJ Payne, REvil ransomware, Sodinokibi | |
| 689 | 02/05/2020 | ? | LineageOS | Hackers breach the main infrastructure of the LineageOS Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30. | Vulnerability | M Professional scientific and technical activities | CC | N/A | LineageOS, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 690 | 02/05/2020 | ? | PeroxyChem | PeroxyChem is hit by a Maze ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | PeroxyChem, Maze, ransomware | |
| 691 | 03/05/2020 | Shiny Hunters | Tokopedia | A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online. | SQL Injection | G Wholesale and retail trade | CC | ID | Tokopedia, Shiny Hunters | |
| 692 | 03/05/2020 | Shiny Hunters | Unacademy | Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users. | Unknown | P Education | CC | IN | Unacademy, Shiny Hunters | |
| 693 | 03/05/2020 | ? | Naughty Dog | A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket. | Misconfiguration | R Arts entertainment and recreation | CC | US | Naughty Dog, The Last of Us, Amazon S3 | |
| 694 | 03/05/2020 | ? | Ghost | The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer. | Vulnerability | J Information and communication | CC | US | Ghost, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 695 | 03/05/2020 | ? | Digicert | Digicert is compromised as a consequence of the Salt vulnerability. | Vulnerability | M Professional scientific and technical activities | CC | US | Digicert, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 696 | 03/05/2020 | ? | Xen Orchestra | Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability. | Vulnerability | M Professional scientific and technical activities | CC | US | Xen Orchestra, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 697 | 03/05/2020 | Sodinokibi (AKA REvil) | Harvest Sherwood Food Distributors | Food supplier Harvest Sherwood Food Distributors is hit by a REvil ransomware attack. | Malware | I Accommodation and food service activities | CC | US | Harvest Sherwood Food Distributors, Sodinokibi, Revil, ransomware | |
| 698 | 03/05/2020 | ? | Florida Gulf Coast University | A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack. | DDoS | P Education | CC | US | Florida Gulf Coast University | |
| 699 | 03/05/2020 | ? | Dakota Carrier Network | Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware. | Malware | M Professional scientific and technical activities | CC | US | Dakota Carrier Network, Maze, Ransomware | |
| 700 | 04/05/2020 | ? | Single individuals in France | A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders. | Malware | X Individual | CC | FR | VCrypt, ransomware | |
| 701 | 04/05/2020 | State-sponsored hackers from Russia, Iran, and China | UK universities and scientific facilities | The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research. | Targeted Attack | P Education | CE | UK | National Cyber Security Centre, NCSC, Russia, Iran, China | |
| 702 | 04/05/2020 | ? | Financial Organizations | The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations. | Account Hijacking | K Financial and insurance activities | CC | US | Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint | |
| 703 | 04/05/2020 | ? | Companies across different industries | Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure. | Malicious Spam | Y Multiple Industries | CC | >1 | REMCOS, COVID-19 | |
| 704 | 04/05/2020 | ? | Tarkett | French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result: | Malware | C Manufacturing | CC | FR | Tarkett | |
| 705 | 04/05/2020 | ? | Android users in Ukraine, Russia, Kazakhstan, Turkmenistan | Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app | Malware | X Individual | CC | >1 | COVID-19, Android, Bitdefender, SLocker | |
| 706 | 04/05/2020 | ? | Bukapalak | The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach. | Unknown | G Wholesale and retail trade | CC | ID | Bukapalak | |
| 707 | 04/05/2020 | ? | York University | York University suffers a "serious" cyber attack. | Unknown | P Education | CC | CA | York University | |
| 708 | 04/05/2020 | ? | CPC Corp., | Oil refiner Taiwan's CPC Corp., suffers a ransomware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | TW | CPC Corp., | |
| 709 | 05/05/2020 | ? | Individuals in UK | Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE. | Account Hijacking | X Individual | CC | UK | Cofense, EE | |
| 710 | 05/05/2020 | Government-backed hacking group | Organizations involved in international COVID-19 responses, healthcare, and essential services | A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups | Password-spraying | Q Human health and social work activities | CE | >1 | CISA, NCSC, COVID-19 | |
| 711 | 05/05/2020 | ? | Single Individuals | Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon. | Malicious Script Injection | X Individual | CC | >1 | Malwarebytes, JavaScript, Magecart | |
| 712 | 05/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Cisco Webex | |
| 713 | 05/05/2020 | ? | Mercedes-Benz Instagram account | Unknown hackers post swastikas on Mercedes-Benz Instagram account. | Account Hijacking | C Manufacturing | CC | DE | Mercedes-Benz, Instagram | |
| 714 | 05/05/2020 | ? | Algolia | Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure. | Vulnerability | M Professional scientific and technical activities | CC | US | Algolia, CVE-2020-11651, CVE-2020-11652 | |
| 715 | 05/05/2020 | ? | Linux-based servers and smart IoT devices | Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks. | Malware | Y Multiple Industries | CC | >1 | Kaiji | |
| 716 | 05/05/2020 | ? | BJC HealthCare | BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6. | Account Hijacking | Q Human health and social work activities | CC | US | BJC HealthCare | |
| 717 | 05/05/2020 | ? | Formosa Petrochemical Corp., | Formosa Petrochemical Corp., is hit by a malware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | TW | Formosa Petrochemical Corp., | |
| 718 | 06/05/2020 | Snake | Fresenius | Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems. | Malware | Q Human health and social work activities | CC | DE | Fresenius, Snake, Ransomware | |
| 719 | 06/05/2020 | Shiny Hunters | Microsoft | A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories | Unknown | M Professional scientific and technical activities | CC | US | Shiny Hunters, Microsoft, GitHub | |
| 720 | 06/05/2020 | ? | Vulnerable Wordpress sites | Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor | |
| 721 | 06/05/2020 | Lazarus group | Multiple organizations | Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. | Targeted Attack | Y Multiple Industries | CE | >1 | Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group | |
| 722 | 06/05/2020 | ? | Multiple E-Commerce servers | The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import). | Vulnerability | G Wholesale and retail trade | CC | >1 | FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import | |
| 723 | 06/05/2020 | Nefilim | Toll Group | For the second time in three months, Toll Group becomes the victim of a ransomware attack. | Malware | M Professional scientific and technical activities | CC | AU | Toll Group, Nefilim, ransomware | |
| 724 | 06/05/2020 | ? | 44 million Pakistani mobile subscribers | The details of 44 million Pakistani mobile subscribers are leaked online. | Unknown | X Individual | CC | PK | Pakistan | |
| 725 | 06/05/2020 | ? | Chrome users | 11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store. | Malicious browser extension | X Individual | CC | >1 | Chrome, Crypto | |
| 726 | 06/05/2020 | ? | Single Individuals in the US | Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks. | Account Hijacking | X Individual | CC | US | Secureworks Counter Threat Unit, CTU | |
| 727 | 06/05/2020 | ? | Multiple organizations | Researches from Prevailion discover a new variant of the EVILNUM malware. | Malware | Y Multiple Industries | CC | >1 | Researches from Prevailion discover a new variant of the EVILNUM malware. | |
| 728 | 07/05/2020 | Silver Terrier | Multiple organizations | Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response. | Business Email Compromise | Y Multiple Industries | CC | >1 | Silver Terrier, Palo Alto Networks, COVID-19 | |
| 729 | 07/05/2020 | Naikon APT | Several national government entities in the Asia Pacific (APAC) region | Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Check Point, Aria-body, Naikon APT | |
| 730 | 07/05/2020 | ? | Ruhr University Bochum (RUB) | The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7. | Malware | P Education | CC | DE | Ruhr University Bochum, RUB, ransomware | |
| 731 | 07/05/2020 | DonJuji | MobiFriends | The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019 | Unknown | R Arts entertainment and recreation | CC | ES | MobiFriends, DonJuji | |
| 732 | 07/05/2020 | ? | Web applications built on the ASP.NET | Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. | Vulnerability | Y Multiple Industries | CC | >1 | Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto | |
| 733 | 07/05/2020 | ? | Fitness class | A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage. | Zoom bombing | R Arts entertainment and recreation | CC | UK | Zoom | |
| 734 | 07/05/2020 | Maze | Sparboe Companies | The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack. | Malware | I Accommodation and food service activities | CC | US | Sparboe Companies, Maze | |
| 735 | 07/05/2020 | ? | Giannis Antetokounmpo's Twitter account | NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked. | Account Hijacking | X Individual | CC | US | Giannis Antetokounmpo, Twitter, Milwaukee Bucks | |
| 736 | 07/05/2020 | ? | StorEnvy | The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online. | Unknown | G Wholesale and retail trade | CC | US | StorEnvy | |
| 737 | 08/05/2020 | Sodinokibi (AKA REvil) | Grubman Shire Meiselas & Sacks (GSMLaw) | The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others. | Malware | N Administrative and support service activities | CC | US | Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross | |
| 738 | 08/05/2020 | Attackers linked to Iran | Gilead Sciences | Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus. | Targeted Attack | M Professional scientific and technical activities | CC | >1 | Iran, Gilead Sciences Inc, COVID-19 | |
| 739 | 08/05/2020 | Shiny Hunters | HomeChef | A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web. | Unknown | I Accommodation and food service activities | CC | US | HomeChef, Shiny Hunters | |
| 740 | 08/05/2020 | Shiny Hunters | ChatBooks | A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web. | Unknown | M Professional scientific and technical activities | CC | US | ChatBooks, Shiny Hunters | |
| 741 | 08/05/2020 | Shiny Hunters | Chronicle.com | Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records). | Unknown | J Information and communication | CC | US | Chronicle.com, Shiny Hunters | |
| 742 | 08/05/2020 | ? | Texas Office of Court Administration (OCA) | The Texas Office of Court Administration (OCA) is hit by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | Texas Office of Court Administration, Ransomware | |
| 743 | 08/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, DocuSign | |
| 744 | 08/05/2020 | ? | City Index | Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14. | Unknown | K Financial and insurance activities | CC | UK | City Index | |
| 745 | 09/05/2020 | ? | Stadler | International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. | Malware | C Manufacturing | CC | CH | Stadler | |
| 746 | 09/05/2020 | Shiny Hunters | Bhinneka | Bhinneka has 1.2 million records dumped by Shiny Hunters. | Unknown | G Wholesale and retail trade | CC | ID | Bhinneka, Shiny Hunters | |
| 747 | 09/05/2020 | Shiny Hunters | Minted | Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters. | Unknown | R Arts entertainment and recreation | CC | US | Minted, Shiny Hunters | |
| 748 | 09/05/2020 | Shiny Hunters | Styleshare | Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked. | Unknown | J Information and communication | CC | KR | Styleshare, Shiny Hunters | |
| 749 | 09/05/2020 | Shiny Hunters | Ggumim | Ggumim suffers 2 million records leaked by Shiny Hunters. | Unknown | Z Unknown | CC | KR | Shiny Hunters, Ggumim | |
| 750 | 09/05/2020 | Shiny Hunters | Mindful | 2 Million accounts from Mindful are leaked by the Shiny Hunters. | Unknown | Q Human health and social work activities | CC | US | Shiny Hunters, Mindful | |
| 751 | 09/05/2020 | Shiny Hunters | Star Tribune | 1 Million accounts from the Star Tribune are leaked by the Shiny Hunters. | Unknown | J Information and communication | CC | US | Shiny Hunters, Star Tribune | |
| 752 | 09/05/2020 | Shiny Hunters | Zoosk | The Shiny Hunters leak 30 million accounts from Zoosk. | Unknown | S Other service activities | CC | >1 | Shiny Hunters, Zoosk | |
| 753 | 09/05/2020 | ? | U.S. Marshals Service | A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019. | Unknown | O Public administration and defence, compulsory social security | CC | US | U.S. Marshals Service | |
| 754 | 10/05/2020 | ? | Port of Bandar Abbas | Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz. | Unknown | H Transportation and storage | CW | IR | Bandar Abbas, Strait of Hormuz | |
| 755 | 10/05/2020 | ? | MyBudget | MyBudget, one of Australia's largest debt-management services is taken down by malware. | Malware | K Financial and insurance activities | CC | AU | MyBudget | |
| 756 | 11/05/2020 | Maze | Pitney Bowes | Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files. | Malware | M Professional scientific and technical activities | CC | US | Pitney Bowes, Maze, Ransomware | |
| 757 | 11/05/2020 | ProLock | Diebold Nixdorf | Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations. | Malware | C Manufacturing | CC | US | Diebold Nixdorf, ProLock, ransomware | |
| 758 | 11/05/2020 | ? | WeLeakData.com | The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site. | Unknown | S Other service activities | CC | N/A | WeLeakData.com | |
| 759 | 11/05/2020 | ? | Banking users in Brazil | Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure. | Malware | K Financial and insurance activities | CC | BR | Cisco Talos, Astaroth | |
| 760 | 11/05/2020 | ? | Banking users | Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams. | Malware | K Financial and insurance activities | CC | >1 | IBM X-Force, Zeus Sphinx, COVID-19 | |
| 761 | 11/05/2020 | ? | Portuguese Banking users | A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight. | Malware | K Financial and insurance activities | CC | PT | Lampion, Vodafone Group, COVID-19 | |
| 762 | 11/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Zoom, Microsoft | |
| 763 | 12/05/2020 | ? | Magellan Health Inc | Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers. | Malware | Q Human health and social work activities | CC | US | Magellan Health Inc, ransomware | |
| 764 | 12/05/2020 | HIDDEN COBRA AKA Lazarus Group | US Companies | The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA. | Targeted Attack | Y Multiple Industries | CE | US | (FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group | |
| 765 | 12/05/2020 | Magecart | >1000 websites | Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Max Kersten, Magecart | |
| 766 | 12/05/2020 | ? | ESET | ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times. | DDoS | M Professional scientific and technical activities | CC | SK | ESET, Updates for Android, Google Play Store, Android | |
| 767 | 12/05/2020 | ? | Nikkei Inc., | Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack. | Malware | J Information and communication | CC | JP | Nikkei Inc. | |
| 768 | 12/05/2020 | Nefilim | W&T Offshore | The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc., | Malware | D Electricity gas steam and air conditioning supply | CC | US | W&T Offshore, Nefilim | |
| 769 | 13/05/2020 | Threat actors affiliated to the People’s Republic of China | US health care, pharmaceutical, and research industry sectors. | The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors. | Targeted Attack | Q Human health and social work activities | CE | US | FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19 | |
| 770 | 13/05/2020 | ? | Supercomputers across UK, Germany, Switzerland and Spain | Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions. | Malware | P Education | CC | >1 | Supercomputers | |
| 771 | 13/05/2020 | ? | Multiple organizations | Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan. | Malware | Y Multiple Industries | CC | >1 | Microsoft, COVID-19, LokiBot | |
| 772 | 13/05/2020 | ? | Multiple organizations | Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet. | Malware | Y Multiple Industries | CC | >1 | ESET, Ramsay | |
| 773 | 13/05/2020 | ? | Interserve | Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details. | Unknown | M Professional scientific and technical activities | CC | UK | Interserve, Ministry of Defence | |
| 774 | 13/05/2020 | ? | Bam Construct | Bam Construct is hit by a malware. | Malware | M Professional scientific and technical activities | CC | UK | Bam Construct | |
| 775 | 13/05/2020 | Russia | German Chancellor Angela Merkel | German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts. | Targeted Attack | O Public administration and defence, compulsory social security | CE | DE | Angela Merkel, Russia | |
| 776 | 13/05/2020 | ? | Single Individuals | Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification, | Account Hijacking | X Individual | CC | >1 | Sophos, DHL | |
| 777 | 13/05/2020 | ? | Wright County | Wright County notifies residents of a phishing attack occurred on January 31, 2019. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Wright County | |
| 778 | 13/05/2020 | AKO | North Shore Pain Management | North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang. | Malware | Q Human health and social work activities | CC | US | North Shore Pain Management, AKO, ransomware | |
| 779 | 14/05/2020 | ? | Norfund | Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million. | Business Email Compromise | K Financial and insurance activities | CC | NO | Norfund | |
| 780 | 14/05/2020 | ? | Multiple organizations | Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages. | Account Hijacking | Y Multiple Industries | CC | >1 | Microsoft, Azure AD, Office 365 | |
| 781 | 14/05/2020 | Turla APT? | European diplomatic entities | Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Kaspersky, COMpfun, Turla | |
| 782 | 14/05/2020 | RATicate | Industrial companies | Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. | Targeted Attack | Y Multiple Industries | CE | >1 | Sophos, RATicate | |
| 783 | 14/05/2020 | ? | Multiple organizations | A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury. | Malware | Y Multiple Industries | CC | US | Adwind, U.S. Department of the Treasury, COVID-19 | |
| 784 | 14/05/2020 | APT from China | Government entities, telecommunications firms, and the gas industry | A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017. | Targeted Attack | Y Multiple Industries | CE | >1 | ESET, Avast, China, Mikroceen | |
| 785 | 14/05/2020 | ? | Elexon | Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware). | Malware | D Electricity gas steam and air conditioning supply | CC | UK | Elexon, ransomware | |
| 786 | 14/05/2020 | ? | Service NSW | Service NSW reveals to have fallen victim to a phishing attack occurred on April 22. | Account Hijacking | O Public administration and defence, compulsory social security | CC | AU | Service NSW | |
| 787 | 14/05/2020 | ? | Multiple Organizations | Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. | Vulnerability | Y Multiple Industries | CC | >1 | Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec | |
| 788 | 14/05/2020 | ? | Multiple organizations | Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection. | Account Hijacking | Y Multiple Industries | CC | >1 | Armorblox, Symantec | |
| 789 | 14/05/2020 | ? | Saint Paulus Lutheran Church | Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse. | Zoom bombing | S Other service activities | CC | US | Saint Paulus Lutheran Church, Zoom | |
| 790 | 14/05/2020 | ? | Des Moines City Council | A Des Moines civil rights meeting is abandoned after being Zoombombed. | Zoom bombing | O Public administration and defence, compulsory social security | CC | US | Des Moines City Council, Zoom | |
| 791 | 15/05/2020 | ? | Online Shops | Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Sucuri, WordPress, WooCommerce, Magecart | |
| 792 | 15/05/2020 | ? | Texas Department of Transportation (TxDOT) | A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT). | Malware | O Public administration and defence, compulsory social security | CC | US | Texas Department of Transportation, TxDOT | |
| 793 | 15/05/2020 | ? | Car owners in Moscow | A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum. | Unknown | X Individual | CC | RU | Russia, Car owners | |
| 794 | 15/05/2020 | ? | BlueScope | BlueScope confirms it was the victim of a cyber incident. | Unknown | C Manufacturing | CC | AU | BlueScope | |
| 795 | 15/05/2020 | Tropic Trooper, AKA KeyBoy | Taiwanese and Philippine military | Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware. | Targeted Attack | O Public administration and defence, compulsory social security | CE | TW PH | Trend Micro, USBferry, Tropic Trooper, KeyBoy | |
| 796 | 04/05/2020 | ? | Healthcare, government entities, financial institutions, and retail | The FBI issues a security alert about a new ransomware strain named ProLock, deployed in intrusions at healthcare, government entities, financial institutions, and retail. | Malware | Y Multiple Industries | CC | US | FBI, ProLock, ransomware | |
| 797 | 08/05/2020 | ? | Nipissing First Nation | Nipissing First Nation is hit by a ransomware attack. | Malware | U Activities of extraterritorial organizations and bodies | CC | CA | Nipissing First Nation, ransomware | |
| 798 | 10/05/2020 | Powerful Greek Army | North Macedonia’s Ministry of Economy and Finance | A Greek group called Powerful Greek Army leaks dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica | Unknown | O Public administration and defence, compulsory social security | H | MK | Powerful Greek Army, North Macedonia’s Ministry of Economy and Finance, Strumica | |
| 799 | 11/05/2020 | ? | Bernards Township | Bernards Township is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Bernards Township, ransomware | |
| 800 | 14/05/2020 | ? | BlockFi | Crypto lending provider BlockFi reports that it suffered a data breach after, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees. | Account Hijacking | V Fintech | CC | US | BlockFi, Crypto | |
| 801 | 14/05/2020 | ? | Single Individuals in the US | Researchers from the advocacy group Abuse.ch discover a COVID-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan. | Account Hijacking | X Individual | CC | US | COVID-19, Abuse.ch, U.S. Treasury Department | |
| 802 | 14/05/2020 | ? | 9 million customers of the CDEK Express transportation service | Data belonging to nine million customers of the CDEK Express transportation service was is up for sale on the Web for 70 thousand rubles ($950). | Unknown | H Transportation and storage | CC | RU | CDEK Express | |
| 803 | 14/05/2020 | ? | Covve | Covve, the popular address book app, is identified as the source of a data breach that exposed the details of nearly 23 million individuals. | Unknown | J Information and communication | CC | CY | Covve | |
| 804 | 18/05/2020 | ? | Undisclosed Target | Researchers from Cofense discover a phishing tactic that leverages the OAuth2 framework and OpenID Connect (OIDC) protocol to access user data. | Account Hijacking | Z Unknown | CC | N/A | Cofense, OAuth2, OpenID Connect | |
| 805 | 18/05/2020 | NetWalker | Multiple organizations | Researchers at Trend Micro discover a new fileless version of the NetWalker ransomware. | Malware | Y Multiple Industries | CC | >1 | Trend Micro, NetWalker, Ransomware | |
| 806 | 19/05/2020 | ? | EasyJet | EasyJet admits that a "highly sophisticated cyber-attack" has affected approximately nine million customers. Email addresses and travel details have also been stolen and 2,208 customers had also their credit and debit card details "accessed". The attack was discovered on January. | Targeted Attack | H Transportation and storage | CC | UK | EasyJet | |
| 807 | 19/05/2020 | ? | Multiple organizations | Microsoft's Security Intelligence team warns of a "massive" COVID-19 themed phishing campaign that attempts to install NetSupport Manager, a remote access tool, by tricking users into opening email attachments containing malicious Excel 4.0 macros. | Malicious Spam | Y Multiple Industries | CC | >1 | Microsoft, COVID-19, NetSupport Manager, Excel | |
| 808 | 19/05/2020 | ? | Banking users | Researchers from Malwarebytes and HYAS reveal the details of Silent Night, a botnet distributed via the RIG exploit kit and COVID-19 spam. | Malware | K Financial and insurance activities | CC | >1 | Malwarebytes, HYAS, Silent Night, RIG exploit kit, COVID-19 | |
| 809 | 19/05/2020 | ? | Thai users of Whatsapp, Facebook Messenger | Researches from Cisco Talos reveal the details of WolfRAT, a new Trojan targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. | Malware | X Individual | CC | TH | Cisco Talos, WolfRAT, Whatsapp, Facebook Messenger | |
| 810 | 19/05/2020 | Scattered Canary | Single Individuals | Researchers from Agari discover Scattered Canary, a group of business email compromise (BEC) Nigerian scammers targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act. | Business Email Compromise | X Individual | CC | US | Agari, Scattered Canary, BEC, COVID-19, CARES Act | |
| 811 | 19/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the detail of a new campaign impersonating the collaboration software provider, LogMeIn. | Account Hijacking | Z Unknown | CC | N/A | Abnormal Security, LogMeIn | |
| 812 | 20/05/2020 | Winnti Group | Massively multiplayer online (MMO) game developers located in South Korea and Taiwan | Cybersecurity firm ESET releases a report on the Winnti APT group, using PipeMon, a new, modular malware on the systems of several massively multiplayer online (MMO) game developers located in South Korea and Taiwan. | Targeted Attack | R Arts entertainment and recreation | CE | KR TW | ESET, Winnti, PipeMon | |
| 813 | 20/05/2020 | ShinyHunters | Wishbone | ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. | Unknown | M Professional scientific and technical activities | CC | US | ShinyHunters, Wishbone | |
| 814 | 20/05/2020 | ? | Banking users in the U.S., Canada, Germany, Poland, and Australia | Researchers from Proofpoint reveal the details of a new version of the ZLoader banking malware seen in more than 100 email campaigns since the beginning of the year. | Malware | K Financial and insurance activities | CC | >1 | Proofpoint, ZLoader | |
| 815 | 20/05/2020 | CyberWare | Scam companies | A group of hackers calling themselves CyberWare starts targeting scam companies with ransomware and DDoS attacks. | Malware | S Other service activities | CC | N/A | CyberWare | |
| 816 | 20/05/2020 | ? | Multiple organizations | The FBI issues a security alert about Zoom-bombing. | Zoom bombing | Y Multiple Industries | CC | US | FBI, Zoom bombing | |
| 817 | 21/05/2020 | ? | Multiple organizations | Researchers from Sophos reveal the details of RagnarLocker, a new ransomware installing virtual machines to avoid detection. | Malware | Y Multiple Industries | CC | >1 | Sophos, RagnarLocker, ransomware | |
| 818 | 21/05/2020 | Hackers of Savior | 2000 Israeli websites | More than 2000 Israeli websites are defaced to show an anti-Israeli message and with malicious code seeking permission to access visitors' webcams. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service. | Defacement | Y Multiple Industries | H | IL | uPress, Hackers of Savior | |
| 819 | 21/05/2020 | Ke3chang (AKA APT15, Vixen Panda, Playful Dragon, and Royal APT) | Multiple organizations | Researchers from Intezer discover a new operation from the Ke3chang APT, using a new malware dubbed Ketrum. | Targeted Attack | Y Multiple Industries | CE | >1 | Intezer, Ke3chang APT, Ketrum, APT15, Vixen Panda, Playful Dragon, Royal APT | |
| 820 | 21/05/2020 | ? | Multiple organizations | Researchers from Armorblox discover a new campaign in disguise of the Supreme Court, using a CAPTCHA page to evade security controls on Office 365. | Account Hijacking | Y Multiple Industries | CC | >1 | Armorblox, Supreme Court, CAPTCHA, Office 365 | |
| 821 | 21/05/2020 | Chafer APT | Governments in Kuwait and Saudi Arabia | Researchers from BitDefender reveal the details of the Iran-linked Chafer APT group, targeting governments in Kuwait and Saudi Arabia | Targeted Attack | O Public administration and defence, compulsory social security | CE | KW SA | Chafer APT, Iran, BitDefender | |
| 822 | 21/05/2020 | ? | Multiple organizations | Researchers from Trustwave uncover a new phishing campaigns, taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform. | Account Hijacking | Y Multiple Industries | CC | >1 | Trustwave, Google Cloud, Firebase | |
| 823 | 22/05/2020 | LulzSecITA | San Raffaele Hospital | Hackers from LulzSecITA leak sensitive data from the San Raffaele Hospital in Milan. Data includes personal details of patients, doctors, nurses, and various employees. The breach occurred two months ago. | SQL Injection | Q Human health and social work activities | H | IT | LulzSecITA, San Raffaele | |
| 824 | 22/05/2020 | ShinyHunters | Mathway | ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords. | Unknown | M Professional scientific and technical activities | CC | US | ShinyHunters, Mathway | |
| 825 | 22/05/2020 | ? | Multiple organizations | Researchers from Sentinel One discover a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers. | Malware | Y Multiple Industries | CC | >1 | Sentinel One, Sarwent, RDP, Remote Desktop Protocol | |
| 826 | 22/05/2020 | ? | 2 million Indonesians | A threat actor shares the 2014 voter information for close to 2 million Indonesians on a hacker forum. | Unknown | X Individual | CC | ID | Indonesia | |
| 827 | 22/05/2020 | ? | EduCBA | Online education site EduCBA starts notifying customers that they are resetting their passwords after suffering a data breach. | Unknown | P Education | CC | IN | EduCBA | |
| 828 | 22/05/2020 | ? | Italian companies operating in the manufacturing sector. | Researchers from ZLab discover a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. | Targeted Attack | C Manufacturing | CE | IT | ZLab | |
| 829 | 23/05/2020 | ? | Unknown resume aggregator | Researchers from Cyble discover a dump containing 29.1M Indian jobseekers personal details, offered for free in the hacking underground. | Unknown | M Professional scientific and technical activities | CC | IN | Cyble | |
| 830 | 23/05/2020 | ? | Multiple organizations | Researchers from Malwarebytes and HYAS publish a new report related to a new botnet, derived from Zeus, dubbed Silent Night Zeus. | Malware | Y Multiple Industries | CC | >1 | Malwarebytes, HYAS, Zeus, Silent Night Zeus. | |
| 831 | 23/05/2020 | DoubleGun | Multiple organizations in China | Researchers from NetLab 360 dismantle the infrastructure built by the DoubleGun Group, which had amassed hundreds of thousands of bots controlled via public cloud services, including Alibaba and Baidu Tieba. | Malware | Y Multiple Industries | CC | CN | NetLab 360, DoubleGun Group, Alibaba, Baidu Tieba | |
| 832 | 24/05/2020 | ? | Multiple Crypto wallets | The hacker that breached the Ethereum.org forum is allegedly selling the databases of several popular crypto hard wallets, including: Ledger, Trezor, and KeepKey. | Account Hijacking | V Fintech | CC | >1 | Ethereum.org, Ledger, Trezor, KeepKey, Crypto | |
| 833 | 24/05/2020 | ? | Discord users | A new version of the AnarchyGrabber Discord malware is released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service. | Malware | X Individual | CC | >1 | AnarchyGrabber, Discord | |
| 834 | 24/05/2020 | ? | Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online | Researchers from Cyble discover the databases of three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online | Unknown | S Other service activities | CC | N/A | Nulled.ch, Sinfulsite.com, suxx.to, Cyble | |
| 835 | 25/05/2020 | [F]Unicorn | Single individuals in Italy | The Agency for Digital Italy (AgID) discovers a new ransomware threat called [F]Unicorn, encrypting computers in Italy by tricking victims into downloading a fake COVID-19 contact tracing app. | Malware | X Individual | CC | IT | Agency for Digital Italy (AgID), [F]Unicorn, COVID-19 | |
| 836 | 25/05/2020 | ? | More than two dozen SQL databases | More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website (over 1.5 million rows). | Unknown | Y Multiple Industries | CC | >1 | SQL | |
| 837 | 26/05/2020 | Turla | Three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe | Security researchers from ESET have discovered new attacks carried out by Turla via the ComRAT backdoor, taking place in January 2020. The attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | ESET, Turla | |
| 838 | 26/05/2020 | ? | Arbonne International | Arbonne International exposes the personal information and credentials of thousands after its internal systems were breached by an unauthorized party. | Account Hijacking | M Professional scientific and technical activities | CC | US | Arbonne International | |
| 839 | 26/05/2020 | ? | Banking users in Portugal | A new version of the Grandoreiro malware is discovered In Portugal. | Malware | K Financial and insurance activities | CC | PT | Grandoreiro | |
| 840 | 27/05/2020 | NetWalker | City of Weiz | The Austrian City of Weiz is hit by the NetWalker Ransomware. | Malware | O Public administration and defence, compulsory social security | CC | AT | City of Weiz, ransomware, NetWalker | |
| 841 | 27/05/2020 | PonyFinal | Multiple Organizations | Microsoft's security team issues an advisory warning organizations around the globe to deploy protections against PonyFinal a new strain of ransomware that has been in the wild over the past two months. | Malware | Y Multiple Industries | CC | >1 | Microsoft, PonyFinal | |
| 842 | 27/05/2020 | ? | LiveJournal | Blogging platform LiveJournal appears to have suffered a security breach in 2014, and multiple hackers are selling the company's user database on the dark web and on hacking forums (26 million users). | Unknown | J Information and communication | CC | RU | LiveJournal | |
| 843 | 27/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the details of a new campaign impersonating AWS notifications. | Account Hijacking | Z Unknown | CC | N/A | AWS, Abnormal Security | |
| 844 | 27/05/2020 | ? | 47.5 million Indian Truecaller users | Researchers from Cyble discover the data of 47.5 million Indian users, apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller. | Unknown | X Individual | CC | IN | Cyble, Truecaller | |
| 845 | 27/05/2020 | "Hack-for-hire" groups operating in India | Employees at financial services, consulting and healthcare firms around the world | "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from employees at financial services, consulting and healthcare firms around the world, according to Google's Threat Analysis Group. | Account Hijacking | Y Multiple Industries | CC | >1 | Google's Threat Analysis Group | |
| 846 | 28/05/2020 | ? | Cisco Systems | Cisco discloses a security breach that impacted a small part of its backend infrastructure: hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers: | Vulnerability | J Information and communication | CC | US | Cisco Systems, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 847 | 28/05/2020 | ? | NTT | Nippon Telegraph & Telephone (NTT discloses a security breach. Hackers gained access to its internal network from Singapore and stole information on 621 customers from its communications subsidiary, NTT Communications. | Targeted Attack | J Information and communication | CE | JP | NTT, NTT Communications | |
| 848 | 28/05/2020 | ? | Github users | GitHub issues a security alert warning about Octopus Scanner, a new malware strain that's been spreading on its site via 26 boobytrapped Java projects. | Malware | Y Multiple Industries | CC | >1 | GitHub, Octopus Scanner | |
| 849 | 28/05/2020 | Sandworm AKA BlackEnergy | Multiple organizations | The US National Security Agency (NSA publishes a security alert warning of a new wave of cyberattacks against Exim email servers, exploiting CVE-2019-10149, conducted by Sandworm. | Targeted Attack | Y Multiple Industries | CE | US | US National Security Agency, NSA, Exim, CVE-2019-10149, Sandworm, BlackEnergy | |
| 850 | 28/05/2020 | ? | Multiple organizations | Researchers from Cybereason discover a new variant of the Valak malware targeting Microsoft Exchange. | Malware | Y Multiple Industries | CC | >1 | Valak, Cybereason, Microsoft Exchange | |
| 851 | 28/05/2020 | Netwalker | Michigan State University | The operators of the NetWalker (Mailto) ransomware announce that they've infected the network of Michigan State University | Malware | P Education | CC | US | NetWalker, Mailto, ransomware, Michigan State University | |
| 852 | 28/05/2020 | ? | Multiple organizations | Researchers at Palo Alto reveal the details of a new version of the Trickbot malware, providing a better method of evading detection. | Malware | Y Multiple Industries | CC | >1 | Palo Alto Networks, Unit 42, Trickbot | |
| 853 | 28/05/2020 | ? | Valorant Players | Researchers from Dr.Web discover fake Android and iOS Valorant apps, promoting scams. | Malware | R Arts entertainment and recreation | CC | >1 | Valorant, Dr.Web, iOS, Android | |
| 854 | 28/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the details of a new campaign impersonating the World Health Organization. | Account Hijacking | Z Unknown | CC | N/A | COVID-19, Abnormal Security, WHO, World Health organization | |
| 855 | 28/05/2020 | ? | City government systems in Minneapolis | City government systems in Minneapolis are taken down by a DDoS attack. | DDoS | O Public administration and defence, compulsory social security | H | US | Minneapolis | |
| 856 | 28/05/2020 | ? | Single Individuals in India | Security researchers from SonicWall discover fake malicious versions of Aarogya Setu, the Indian government’s coronavirus contact tracing mobile application. | Malware | X Individual | CC | IN | SonicWall, Aarogya Setu, COVID-19 | |
| 857 | 29/05/2020 | ? | Amtrak | The National Railroad Passenger Corporation (Amtrak) discloses a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020 and was carried out via compromised credentials. | Account Hijacking | H Transportation and storage | CC | US | Amtrak | |
| 858 | 29/05/2020 | ? | Organizations in Japan, Italy, Germany and the UK | Researchers from Kaspersky identify a series of attacks on organizations in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors. | Targeted Attack | M Professional scientific and technical activities | CC | >1 | Kaspersky | |
| 859 | 29/05/2020 | ? | Multiple organizations | Researchers at ZLab discover a new campaign using COVID-19 lures (FMLA: Family and Medical Leave Act) to spread Himera and Absent-Loader. | Malware | Y Multiple Industries | CC | >1 | ZLab, COVID-19, FMLA, Family and Medical Leave Act, Himera, Absent-Loader. | |
| 860 | 29/05/2020 | Toogod | Department of Household Registration (Taiwan) | Researchers from Cyble discover in the dark web a database containing details of over 20 Million Taiwanese citizens. | Unknown | O Public administration and defence, compulsory social security | CC | TW | Cyble, Department of Household Registration, Toogod | |
| 861 | 30/05/2020 | ? | Emirates customers | Emirates airline warned passengers about the latest phishing email scam warning that flights have been cancelled because of COVID-19. | Account Hijacking | H Transportation and storage | CC | UAE | Emirates | |
| 862 | 30/05/2020 | ? | Unpatched Wordpress sites | Researchers from Wordfence reveal that Hackers launched a massive campaign against WordPress websites, attacking old vulnerabilities in unpatched plugins to download configuration files. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress | |
| 863 | 30/05/2020 | Anonymous | Minneapolis Police Department | Anonymous takes down the Minneapolis Police Department website in retaliation for the murder of George Floyd. | DDoS | O Public administration and defence, compulsory social security | H | US | Anonymous, Minneapolis Police Department, George Floyd | |
| 864 | 30/05/2020 | ? | Single individuals in Italy | Researchers from D3Lab uncover a new COVID-19-themed phishing campaign targeting the users of the Italian National Institute for Social Security (INPS) and exploiting the COVID-19 measures. | Account Hijacking | X Individual | CC | IT | D3Lab, COVID-19, INPS | |
| 865 | 30/05/2020 | Sekhmet | Excis | Sekhmet ransomware operators claim to have hit an international IT firm, Excis. | Malware | M Professional scientific and technical activities | CC | UK | Excis, Sekhmet, ransomware | |
| 866 | 31/05/2020 | ? | Coincheck | Japanese cryptocurrency exchange Coincheck says hackers took control over its account at Oname.com, a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers. | Account Hijacking | V Fintech | CC | JP | Coincheck, Oname.com, Crypto | |
| 867 | 14/05/2020 | ? | Genworth Financial | Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20. | Account Hijacking | K Financial and insurance activities | CC | US | Genworth Financial | |
| 868 | 22/05/2020 | ? | Everett & Hurite Ophthalmic Association | Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Everett & Hurite Ophthalmic Association | |
| 869 | 01/06/2020 | ? | Kent Commercial Services | Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP. | Malware | N Administrative and support service activities | CC | UK | Kent Commercial Services, ransomware | |
| 870 | 01/06/2020 | ? | Multiple organizations | Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks. | Malware | Y Multiple Industries | CC | >1 | Panda Security, BazarBackdoor, TrickBot | |
| 871 | 02/06/2020 | ? | Minnesota Senate | The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials. | Unknown | O Public administration and defence, compulsory social security | CC | US | Minnesota Senate | |
| 872 | 02/06/2020 | ? | Kentucky Employees’ Health Plan (KEHP) | Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May. | Account Hijacking | Q Human health and social work activities | CC | US | Kentucky Employees’ Health Plan, KEHP | |
| 873 | 02/06/2020 | Sodinokibi AKA REvil | Agromart Group | The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group. | Malware | M Professional scientific and technical activities | CC | CA | Sodinokibi, Agromart Group, ransomware | |
| 874 | 03/06/2020 | Cycldek, Conimes, or Goblin Panda | Large organizations and government institutions in Vietnam | Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB. | Targeted Attack | O Public administration and defence, compulsory social security | CE | VN | Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda | |
| 875 | 03/06/2020 | Netwalker | Columbia College of Chicago | The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers. | Malware | P Education | CC | US | Columbia College of Chicago, Netwalker, Ransomware | |
| 876 | 03/06/2020 | Netwalker | University of California San Francisco (UCSF) | The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers. | Malware | P Education | CC | US | University of California San Francisco, UCSF, Netwalker, Ransomware | |
| 877 | 03/06/2020 | ? | Microsoft Office 365 customers | Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Microsoft Office 365, VPN, COVID-19 | |
| 878 | 03/06/2020 | ? | San Francisco Employees’ Retirement System (SFERS) | The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020. | Unknown | S Other service activities | CC | US | San Francisco Employees’ Retirement System, SFERS | |
| 879 | 03/06/2020 | DoppelPaymer | Digital Management Inc. (DMI) | The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor. | Malware | M Professional scientific and technical activities | CC | US | DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA | |
| 880 | 03/06/2020 | Maze | Westech International | The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor. | Malware | C Manufacturing | CC | US | Westech International, Maze, Ransomware | |
| 881 | 03/06/2020 | ? | Viva Republica Inc. | Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853). | Unknown | V Fintech | CC | KR | Viva Republica Inc., Toss | |
| 882 | 03/06/2020 | ? | Duluth School District | The Duluth School District reveals the details of a security breach involving 14 student accounts. | Account Hijacking | P Education | CC | US | Duluth School District | |
| 883 | 03/06/2020 | ? | Anti-racism organizations | Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd. | DDoS | U Activities of extraterritorial organizations and bodies | CC | >1 | Cloudflare, George Floyd | |
| 884 | 04/06/2020 | China and Iran APT Groups | Trump and Biden presidential campaigns | Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US | Google, Threat Analysis Group, TAG, Trump, Biden | |
| 885 | 04/06/2020 | Maze | Conduent | The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. | Malware | M Professional scientific and technical activities | CC | US | Conduent, Maze, Ransomware | |
| 886 | 04/06/2020 | ? | Chartered Professional Accountants of Canada (CPA) | Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders. | Unknown | S Other service activities | CC | CA | Chartered Professional Accountants of Canada, CPA | |
| 887 | 04/06/2020 | Tycoon | Small to medium size organizations in the software and education industries | Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019. | Malware | Y Multiple Industries | CC | >1 | Blackberry, KPMG, Tycoon, ransomware | |
| 888 | 04/06/2020 | ? | Multiple organizations | Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel. | Brute-Force | Y Multiple Industries | CC | >1 | Akamai, cPanel, Stealthworker | |
| 889 | 04/06/2020 | ? | Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more | Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages. | Account Hijacking | Y Multiple Industries | CC | >1 | Ironscale | |
| 890 | 04/06/2020 | ? | Banking users | Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV). | Malware | K Financial and insurance activities | CC | US | Check Point, Zloader | |
| 891 | 04/06/2020 | Higaisa | Multiple organizations | Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files. | Targeted Attack | Y Multiple Industries | CE | >1 | Malwarebytes, Higaisa, LNK | |
| 892 | 04/06/2020 | ? | Android users | Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA). | Malware | X Individual | CC | >1 | Trend Micro, Android, AndroidOS_HiddenAd.HRXJA | |
| 893 | 04/06/2020 | ? | San Beda University (SBU) | An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online. | Unknown | P Education | CC | PH | San Beda University, SBU | |
| 894 | 05/06/2020 | Maze | VT San Antonio Aerospace | The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020. | Malware | M Professional scientific and technical activities | CC | US | VT San Antonio Aerospace, Maze, Ransomware | |
| 895 | 05/06/2020 | "John Wick" and "Korean Hackers" | ZEE5 | A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets. | Unknown | J Information and communication | CC | IN | John Wick, Korean Hackers, ZEE5 | |
| 896 | 05/06/2020 | ? | Fitness Depot | Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month. | Malicious Script Injection | G Wholesale and retail trade | CC | CA | Fitness Depot, Magecart | |
| 897 | 05/06/2020 | Kupidon | Multiple organizations | A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data. | Malware | Y Multiple Industries | CC | >1 | Kupidon, Ransomware | |
| 898 | 05/06/2020 | eCh0raix | QNAP storage devices | The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices. | Malware | Y Multiple Industries | CC | >1 | eCh0raix, Ransomware, QNAP | |
| 899 | 05/06/2020 | ? | City of Florence | The city of Florence, Alabama, is hit by the DoppelPaymer ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Florence, Alabama | |
| 900 | 05/06/2020 | Maze | ST Engineering | The threat actors behind the Maze ransomware steal and leak the data of ST Engineering. | Malware | C Manufacturing | CC | SG | Maze, ransomware, ST Engineering. | |
| 901 | 05/06/2020 | ? | University of Utah | University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah | |
| 902 | 05/06/2020 | ? | Multiple organizations | Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers. | Targeted Attack | Y Multiple Industries | CE | IT | Yoroi ZLab, Netwire | |
| 903 | 05/06/2020 | ? | Multiple organizations | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796). | Vulnerability | Y Multiple Industries | CC | US | U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796 | |
| 904 | 06/06/2020 | ? | Single Individuals | A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab. | Malware | X Individual | CC | >1 | STOP Djvu, Ransomware, Zorab | |
| 905 | 07/06/2020 | EKANS (SNAKE) | Enel Group | The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network, | Malware | D Electricity gas steam and air conditioning supply | CC | IT | Enel Group, SNAKE, EKANS, ransomware | |
| 906 | 07/06/2020 | ? | University of the Philippines Cebu | Unknown attackers break into the evaluation portal of the University of the Philippines Cebu. | Unknown | P Education | CC | PH | University of the Philippines Cebu | |
| 907 | 07/06/2020 | ? | Hockley Medical Practice | Hockley Medical Practice have their records of nearly 9,000 patients hacked. | Unknown | Q Human health and social work activities | CC | UK | Hockley Medical Practice | |
| 908 | 08/06/2020 | EKANS (SNAKE) | Honda | Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack. | Malware | C Manufacturing | CC | JP | Honda, SNAKE, EKANS | |
| 909 | 08/06/2020 | Russia? | German multinational corporation | Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations). | Targeted Attack | C Manufacturing | CE | DE | IBM X-Force, COVID-19 | |
| 910 | 08/06/2020 | DoppelPaymer | Avon | Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware. | Malware | C Manufacturing | CC | UK | Avon, DoppelPaymer, ransomware | |
| 911 | 08/06/2020 | ? | Greenworks | Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Greenworks, RapidSpike, Magecart | |
| 912 | 08/06/2020 | ? | Bitcoin users | Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days. | Account Hijacking | X Individual | CC | >1 | YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX | |
| 913 | 08/06/2020 | TA410 | U.S. energy providers | Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | US | Proofpoint, FlowCloud | |
| 914 | 08/06/2020 | Avaddon | Single Individuals | Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide. | Malware | X Individual | CC | >1 | Appriver, Avaddon, Ransomware | |
| 915 | 09/06/2020 | Dark Basin | Environmental advocacy groups, journalists, and others | A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil. | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | >1 | Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto | |
| 916 | 09/06/2020 | ? | Lion | Australian beverage giant Lion is hit by a Ransomware attack. | Malware | I Accommodation and food service activities | CC | AU | Lion, Ransomware | |
| 917 | 09/06/2020 | ? | Multiple organizations | Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets. | Misconfiguration | Y Multiple Industries | CC | >1 | RiskIQ, Magecart, S3 | |
| 918 | 09/06/2020 | R3dr0x | Bharat Earth Movers Limited (BEML). | Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML) | Unknown | C Manufacturing | H | IN | Cyble, R3dr0x, Bharat Earth Movers Limited, BEML | |
| 919 | 09/06/2020 | ? | Vulnerable Microsoft SQL Servers | Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency. | Brute-Force | Y Multiple Industries | CC | >1 | Sophos, Kingminer, Microsoft SQL Servers, Crypto | |
| 920 | 09/06/2020 | ? | Slovak government | Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network. | Wiretapping | O Public administration and defence, compulsory social security | CC | SK | Slovakia | |
| 921 | 10/06/2020 | Maze | MaxLinear | U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24. | Malware | C Manufacturing | CC | US | MaxLinear, Ransomware, Maze | |
| 922 | 10/06/2020 | ? | Single Individuals | A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware. | Malware | X Individual | CC | >1 | Abuse.ch, Black Lives Matter, TrickBot | |
| 923 | 10/06/2020 | ? | Small businesses in the UK | Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government. | Account Hijacking | Y Multiple Industries | CC | UK | Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19 | |
| 924 | 10/06/2020 | ? | Multiple organizations | Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities. | Malware | Y Multiple Industries | CC | >1 | Thanos, Recorded Future, Ransomware | |
| 925 | 10/06/2020 | ? | Microsoft | Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them. | Misconfiguration | M Professional scientific and technical activities | CC | US | Microsoft, Azure | |
| 926 | 10/06/2020 | ? | Single Individuals | Researchers from Google report an increase in the number of COVID-19 related scams. | Account Hijacking | X Individual | CC | IN | Google, India, COVID-19 | |
| 927 | 10/06/2020 | ? | Small businesses in the UK | Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages. | Account Hijacking | Y Multiple Industries | CC | UK | Google, Small Business Grants Fund, SGF | |
| 928 | 10/06/2020 | ? | Single Individuals | Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users. | Account Hijacking | X Individual | CC | BR | Google, Brazil | |
| 929 | 10/06/2020 | ? | Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore. | Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore. | Malware | X Individual | CC | >1 | Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore. | |
| 930 | 10/06/2020 | ? | City of Keizer | The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Keizer, ransomware | |
| 931 | 11/06/2020 | ? | City of Knoxville | The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Knoxville, ransomware | |
| 932 | 11/06/2020 | ? | Customers of 36 US financial institutions | Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. | Malware | K Financial and insurance activities | CC | US | F5 Labs, Qbot | |
| 933 | 11/06/2020 | ? | TAIT Towers | TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees. | Account Hijacking | C Manufacturing | CC | US | TAIT Towers | |
| 934 | 11/06/2020 | Gamaredon (Primitive Bear) | Ukrainian institutions | Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts. | Targeted Attack | O Public administration and defence, compulsory social security | CE | UA | ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook | |
| 935 | 11/06/2020 | China, Russia, and Turkey | Twitter users | Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CC | >1 | Twitter, China, Russia, Turkey | |
| 936 | 11/06/2020 | ? | A1 Telekom | A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020. | Malware | J Information and communication | CC | AT | A1 Telekom | |
| 937 | 11/06/2020 | Earth Empusa, AKA POISON CARP/Evil Eye, | Uyghurs minority | Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy. | Targeted Attack | X Individual | CE | N/A | Trend Micro, Earth Empusa, POISON CARP/Evil Eye, Uyghurs, Android, ActionSpy | |
| 938 | 11/06/2020 | ? | Infinity Diagnostics Center | Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist. | Account Hijacking | Q Human health and social work activities | CC | US | Infinity Diagnostics Center | |
| 939 | 11/06/2020 | ? | eHealth Saskatchewan | eHealth Saskatchewan admits to have suffered a ransomware attack on December 20. | Malware | Q Human health and social work activities | CC | CA | eHealth Saskatchewan, ransomware | |
| 940 | 11/06/2020 | Sodinokibi AKA REvil | Activewear | Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020. | Malware | G Wholesale and retail trade | CC | AU | Activewear, Sodinokibi, REvil, ransomware | |
| 941 | 12/06/2020 | ? | University of Missouri Health Care (MU Health Care) | University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization. | Account Hijacking | Q Human health and social work activities | CC | US | University of Missouri Health Care, MU Health Care | |
| 942 | 12/06/2020 | ? | Portuguese users | A new malware called TroyStealer targets Portuguese users. | Malware | X Individual | CC | PT | TroyStealer | |
| 943 | 12/06/2020 | ? | NHS | The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020. | Account Hijacking | Q Human health and social work activities | CC | UK | NHS | |
| 944 | 12/06/2020 | m1x | puebla.gob.mx | A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers. | Unknown | O Public administration and defence, compulsory social security | CC | MX | m1x, puebla.gob.mx | |
| 945 | 12/06/2020 | ? | Electronic Waveform Lab, Inc. | Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020. | Malware | C Manufacturing | CC | US | Electronic Waveform Lab, Inc., ransomware | |
| 946 | 12/06/2020 | ? | Cano Health | Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018. | Account Hijacking | Q Human health and social work activities | CC | US | Cano Health | |
| 947 | 12/06/2020 | ? | www.indianblooddonors.com | A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums. | Unknown | Q Human health and social work activities | CC | IN | www.indianblooddonors.com | |
| 948 | 13/06/2020 | Black Kingdom | Multiple organizations | Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510. | Vulnerability | Y Multiple Industries | CC | >1 | REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware | |
| 949 | 13/06/2020 | ? | Rangely District Hospital (RDH) | Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020. | Malware | Q Human health and social work activities | CC | US | Rangely District Hospital, RDH, ransomware | |
| 950 | 13/06/2020 | ? | 3,500 Armenian citizens | Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts). | Unknown | X Individual | CC | AM | Azerbaijan, Armenia, COVID-19 | |
| 951 | 14/06/2020 | Maze | Threadstone Advisors LLP | The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A. | Malware | K Financial and insurance activities | CC | US | Maze, Threadstone Advisors LLP | |
| 952 | 14/06/2020 | ? | Sapiens International | Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers | Malware | M Professional scientific and technical activities | CC | IL | Sapiens International, Ransomware | |
| 953 | 14/06/2020 | ? | Bitcoin users | For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins. | Account Hijacking | V Fintech | CC | >1 | Privnotes.com, privnote.com, bitcoin, crypto | |
| 954 | 14/06/2020 | Anonymous USA (@AnonOpUSA) | Atlanta Police Department | The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org). | DDoS | O Public administration and defence, compulsory social security | H | US | Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org | |
| 955 | 15/06/2020 | ? | Foodora | The details of 727,000 Foodora accounts in 14 countries are leaked online. | Unknown | I Accommodation and food service activities | CC | DE | Foodora | |
| 956 | 15/06/2020 | ? | Geox | Geox, the Italian shoe maker is hit with a ransomware attack. | Malware | C Manufacturing | CC | IT | Geox, Ransomware | |
| 957 | 15/06/2020 | ? | Claire's | Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Claire's, Magecart, Sansec | |
| 958 | 15/06/2020 | ? | Single Individuals | A new campaign starts to push fake data breach notifications for big company names that really suffered a breach, to distribute malware and scams. | Malware | Y Multiple Industries | CC | >1 | Breach | |
| 959 | 15/06/2020 | ? | Single Individuals | Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab. | Targeted Attack | X Individual | CE | IN | Amnesty International, Citizen Lab | |
| 960 | 15/06/2020 | ? | Intersport | The website of Intersport, one of Europe's largest sporting goods retail chain, is hit by a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | CH | Intersport, Magecart | |
| 961 | 15/06/2020 | ? | Apple Mac Users | Researchers at Intego warn Apple Mac users of a new malware in disguise of an installer for Adobe Flash Player (a variant of OSX/Shlayer and OSX/Bundlore), distributed via Google search results. | Malware | X Individual | CC | >1 | Apple, Mac, Adobe Flash Player, OSX/Shlayer, OSX/Bundlore, Intego, Google | |
| 962 | 15/06/2020 | Vendetta | Multiple organizations | Researchers from ElevenPaths reveal the details of Vendetta, a threat actor targeting technological, business and government sectors that handle sensitive information | Targeted Attack | Y Multiple Industries | CE | >1 | ElevenPaths, Vendetta | |
| 963 | 08/06/2020 | ? | Preen.Me | Researchers from Risk Based Security reveal that personal data of an estimated 350,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me. | Unknown | M Professional scientific and technical activities | CC | IL | Preen.Me, Risk Based Security | |
| 964 | 09/06/2020 | ? | South Africa’s Life Healthcare | South Africa’s Life Healthcare says its southern African operation is hit by a cyber attack affecting its admissions systems, business processing systems and email servers. | Unknown | Q Human health and social work activities | CC | ZA | Life Healthcare | |
| 965 | 10/06/2020 | ? | Multiple organizations | Researchers from Cofense discover a massive keylogger distribution campaign dubbed Mass Logger. | Malware | Y Multiple Industries | CC | >1 | Cofense, Mass Logger | |
| 966 | 11/06/2020 | ? | University of the Philippines Visayas | The University of the Philippines Visayas confirmed on its official Facebook page that its website, upv.edu.ph, was defaced on Thursday, June 11. | Defacement | P Education | CC | PH | University of the Philippines Visayas, upv.edu.ph | |
| 967 | 16/06/2020 | ? | Countries across Europe and North America | Social media research group Graphika publishes a report unmasking a new Russian information operation codenamed Secondary Infektion, active since 2014, relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CW | >1 | Graphika, Russia, Secondary Infektion | |
| 968 | 16/06/2020 | ? | Single Individuals | Researchers from Morphisec discover a new campaign exploiting a DLL hijacking vulnerability in Apple’s Push Service (APSDaemon) to install a cryptocurrency miner and avoid detection. | Malware | X Individual | CC | >1 | Morphisec, Apple’s Push Service, APSDaemon, crypto | |
| 969 | 16/06/2020 | ? | Multiple organizations in New Zealand | The New Zealand's national computer emergency response team warns of a crime gang seeking "ransomware attack opportunities" against NZ organizations that use unpatched or poorly secured Citrix remote-access technology. | Misconfiguration |