As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
As always, be aware that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.
And please support my work, sharing the content and following me on Twitter and Linkedin for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
02/01/2020
Chuckling Squad
Adam Sandler's Twitter account
Adam Sandler's Twitter account is hacked and used to post offensive messages against Mariah Carey, President Obama, and President Trump.
Account Hijacking
R Arts entertainment and recreation
CC
US
Adam Sandler, Twitter, Mariah Carey, President Obama, President Trump, Chuckling Squad
2
02/01/2020
?
Klamath County Veterans Service Office
Klamath County Veterans Service Office notifies a phishing attack occurred on September 19, 2019
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Klamath County Veterans Service Office
3
03/01/2020
?
Alomere Health
The personal and medical information of 49,351 patients is exposed following a security incident involving two employees' email accounts.
Account Hijacking
Q Human health and social work activities
CC
US
Alomere Health
4
03/01/2020
?
Contra Costa County Library System
The Contra Costa County Library System is hit by ransomware
Malware
O Public administration and defence, compulsory social security
CC
US
The Contra Costa County Library System, ransomware
5
03/01/2020
?
Native American Rehabilitation Association
Native American Rehabilitation Association announces that it experienced an Emotet attack on November 4-5, 2019.
Malware
Q Human health and social work activities
CC
US
Native American Rehabilitation Association, Emotet
6
04/01/2020
?
Austria's foreign ministry
Austria's foreign ministry is targeted by a cyber-attack that is suspected to have been conducted by a foreign country.
Targeted attack
O Public administration and defence, compulsory social security
CE
AT
Austria
7
04/01/2020
Iran cyber security group hackers
U.S. Federal Depository Library Program
The homepage for the U.S. Federal Depository Library Program is briefly altered to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face.
Defacement
O Public administration and defence, compulsory social security
CW
US
FDLP, U.S. Federal Depository Library Program, Iran, Iran cyber security group hackers
8
04/01/2020
Shield Iran
Sierra Leone Commercial Bank (slcb.com)
For the same reason, a group of Iranian hackers dubbed "Shield Iran" defaces the Sierra Leone Commercial Bank
Defacement
K Financial and insurance activities
CW
SL
Shield Iran, Sierra Leone Commercial Bank, slcb.com
9
04/01/2020
?
Multiple targets
Researchers from Fortinet report that a ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme.
Malware
Y Multiple Industries
CC
>1
Fortinet, ransomware, DeathRansom
10
04/01/2020
?
Saskatchewan’s eHealth
Hackers make through the first level of security for Saskatchewan’s eHealth records system, locking the government out of some systems and asking for a ransom.
Unknown
Q Human health and social work activities
CC
US
Saskatchewan’s eHealth
11
06/01/2020
Iranian Hacker
Texas Department of Agriculture
The Texas Department of Agriculture is hit with a cyberattack that defaces its website with an image of Gen. Qassem Soleimani, the top Iranian commander who was killed in a U.S. strike the previous week.
Defacement
O Public administration and defence, compulsory social security
CW
US
Texas Department of Agriculture, Qassem Soleimani, Iranian Hacker
12
06/01/2020
SideWinder APT Group
Military entities
Researchers from Trend Micro discover the first example of a malicious app in the Google Play Market, exploiting the recently patched CVE-2019-2215 zero-day vulnerability.
Targeted attack
O Public administration and defence, compulsory social security
CE
>1
Trend Micro, Google Play Market, CVE-2019-2215
13
06/01/2020
?
Canyon
Canyon announces it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group".
Unknown
C Manufacturing
CC
DE
Canyon
14
06/01/2020
?
Focus Camera
Researchers from Juniper Threat Labs reveal that the website of popular photography and imaging retailer Focus Camera got hacked late in December 2019 by MageCart attackers to inject malicious code that stole customer payment card details.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Focus Camera, Magecart, Juniper Threat Labs
15
06/01/2020
?
Single Individuals
Researchers from Fortinet discover a new campaign of the "Predator the Thief" malware.
Malware
X Individual
CC
>1
Fortinet, Predator the Thief
16
06/01/2020
?
Multiple targets
UK Security Researcher Kevin Beaumont warns that the attackers behind REvil ransomware (AKA Sodinokibi) are now targeting unpatched Pulse Secure VPN servers
Vulnerability
Y Multiple Industries
CC
>1
Kevin Beaumont, Revil, Sodinokibi, Pulse Secure, CVE-2019-11510
17
06/01/2020
?
Pittsburg Unified School District
Students in the Pittsburg Unified School District of Pennsylvania are left without internet access as the result of a ransomware attack.
Malware
P Education
CC
US
Pittsburg Unified School District
18
06/01/2020
?
Hamden Schools
Public schools in Hamden are taken down by a malware attack.
Malware
P Education
CC
US
Hamden Schools
19
06/01/2020
?
Wallace State Community College
The Wallace State Community College is hit by a cyber attack.
Malware
P Education
CC
US
Wallace State Community College
20
07/01/2020
?
City of Las Vegas
The City of Las Vegas is hit by a cyber attack via a malicious email.
Targeted attack
O Public administration and defence, compulsory social security
N/A
US
City of Las Vegas
21
07/01/2020
?
Unpatched routers (D-Link, Netgear, and Linksys)
Researchers from BitDefender reveal the details of LiquorBot, a cryptomining botnet attacking unpatched routers since at least May 2019
A new phishing campaign tries to take advantage of the Iran cyber attack scare.
Account Hijacking
X Individual
CC
>1
Iran
23
07/01/2020
Master X
Multiple targets
Researchers from AppRiver reveal that a hacker with the handle “Master X” is leveraging a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” to deliver either the Lokibot info stealer or Azorult remote access trojan.
Malware
Y Multiple Industries
CC
>1
AppRiver, Master X, Drake, Lokibot, Azorult
24
07/01/2020
?
Enloe Medical Center
Enloe Medical Center is hit by a ransomware attack that causes the hospital to reschedule some elective procedures.
Malware
Q Human health and social work activities
CC
US
Enloe Medical Center, ransomware
25
07/01/2020
?
City of Bend
The City of Bend is the latest victim of the Click2Gov breach.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
City of Bend
26
08/01/2020
?
US financial entity
The FBI says that unidentified threat actors have used the CVE-2019-11510 Pulse Secure VPN flaw "to exploit a notable US financial entity’s research network since August 2019.
Vulnerability
K Financial and insurance activities
CC
US
FBI, CVE-2019-11510, Pulse Secure VPN
27
08/01/2020
?
US municipal government
The FBI says that also a US municipal government was breached via the CVE-2019-11510 Pulse Secure VPN flaw.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
FBI, CVE-2019-11510, Pulse Secure VPN
28
08/01/2020
?
Well-known personalities in Korea
A recent report from South Korean media claims that Samsung Galaxy smartphones of many well-known personalities in Korea were hacked. According to the report, the hacker extorts cash from its victims. If the victim fails to pay the ransom, the hacker threatens to disclose all data.
Account Hijacking
X Individual
CC
KR
Samsung, South Korea
29
08/01/2020
?
Multiple targets
Security researchers observe ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781.
A new ransomware called Snake emerges in the threat landscape.
Malware
Y Multiple Industries
CC
>1
Snake, Ransomware
31
08/01/2020
Lazarus Group
Cryptocurrency businesses
Researchers from Kaspersky reveal the details of a new wave of attacks linked to Operation AppleJeus, and targeting cryptocurrency business in multiple countries including UK, Poland, Russia and China.
Targeted attack
V Fintech
CC
>1
Kaspersky, Operation AppleJeus, Lazarus Group
32
08/01/2020
?
Firefox users
Mozilla warns Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability is indexed as CVE-2019-17026.
Targeted attack
X Individual
CC
>1
Mozilla, Firefox
33
09/01/2020
Iranian state-sponsored hackers
Bapco
Multiple sources reveal that Iranian state-sponsored hackers have deployed Dustman, a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The attack occurred on December 29, 2019.
Malware
D Electricity gas steam and air conditioning supply
CW
BH
Dustman, Bapco, Iran
34
09/01/2020
?
Albany International Airport
Albany International Airport's staff announces that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.
Malware
H Transportation and storage
CC
US
Albany International Airport, Ransomware, Sodinokibi
35
09/01/2020
Magnallium AKA APT33, Refined Kitten, or Elfin
American Electric Utilities
Researchers from Dragos reveal that a state-sponsored group affiliated to Iran called Magnallium has been probing American electric utilities for the past year.
Password-spraying
D Electricity gas steam and air conditioning supply
The same report details the activities of three additional groups targeting the American Electric Utilities.
Targeted attack
D Electricity gas steam and air conditioning supply
CW
US
Xenotyme, Dymalloy, Electrum, Dragos
37
09/01/2020
?
Android users
Google reveals to have removed roughly 1,700 applications infected with the Joker Android malware (also known as Bread) since the company started tracking it in early 2017.
Malware
X Individual
CC
>1
Android, Bread, Joker, Google
38
09/01/2020
?
Multiple targets
A new ransomware dubbed Ako emerges in the threat landscape.
Malware
Y Multiple Industries
CC
>1
Ako, Ransomware
39
09/01/2020
?
Multiple targets
Researchers at Sentinel One reveal that the Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets.
Malware
Y Multiple Industries
CC
>1
Sentinel One, TrickBot, PowerTrick
40
09/01/2020
?
City of Dunwoody
The City of Dunwoody reveals to have been hit by a cyber attack during the Christmas Eve.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Dunwoody
41
09/01/2020
?
btyDental
btyDental notifies patients after suffering a ransomware attack discovered on November 2019.
Malware
Q Human health and social work activities
CC
US
btyDental, ransomware
42
09/01/2020
?
Bartlett Public Library District
The Bartlett Public Library District’s computer systems recovers from a ransomware attack occurred on Saturday, November 30.
Malware
O Public administration and defence, compulsory social security
CC
US
Bartlett Public Library District, ransomware
43
09/01/2020
?
City of Dawson Creek
The City of Dawson Creek says its computer systems were hacked in an apparent ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Dawson Creek, Ransomware
44
10/01/2020
?
Manor Independent School District
Manor Independent School District announces that email scammers had fleeced the District out of $2.3 million.
Business Email Compromise
P Education
CC
US
Manor Independent School District
45
10/01/2020
?
European websites for Perricone MD
Researchers from RapidSpike reveal that multiple european websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Perricone MD, RapidSpike, Magecart
46
10/01/2020
?
Multiple targets in the US
The US Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit the CVE-2019-11510 remote code execution (RCE) vulnerability.
Vulnerability
Y Multiple Industries
CC
>1
US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-11510, RCE
47
10/01/2020
?
Website collecting donations for the victims of the Australia bushfires
Researchers from Malwarebytes discover that attackers compromised a website collecting donations for the victims of the Australia bushfires and injected ATMZOW, a malicious script that steals the payment information of the donors.
Malicious Script Injection
Q Human health and social work activities
CC
AU
Magecart, Malwarebytes, ATMZOW
48
10/01/2020
?
Single Individuals
A malicious ad campaign is underway in Google Search results that leads users to fake Amazon support sites and tech support scams.
Search Engine Poisoning
X Individual
CC
>1
Google Search, Amazon
49
10/01/2020
?
High-profile Facebook pages
Facebook addresses a security issue that exposed page admin accounts, after the bug was exploited in attacks in the wild against several high-profile pages.
Vulnerability
X Individual
CC
>1
Facebook
50
10/01/2020
?
Android users
Researchers from Malwarebytes discover that the UMX U686CL, an Android phone subsidized by the US government for low-income users comes preinstalled with malware (Android/Trojan.HiddenAds.WRACT).
The popular Boing Boing blog is hacked by an unknown party who plants malicious code into the site’s WordPress theme. Users visiting the site from desktop computers are redirected to a fake download page for an Adobe Flash update.
Account Hijacking
J Information and communication
CC
US
Boing Boing, Adobe Flash
52
10/01/2020
?
The Center for Facial Restoration
The Center for Facial Restoration reveals to have been victim of hack back in November 2019, with the attackers threatening to release the patients' data.
Unknown
Q Human health and social work activities
CC
US
The Center for Facial Restoration
53
10/01/2020
?
Los Angeles County
Los Angeles County confirms it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data.
Account Hijacking
P Education
CC
US
Los Angeles County
54
11/01/2020
?
Android users
Researchers from Kaspersky reveal that an Android malware, dubbed Trojan-Dropper.AndroidOS.Shopper.a, camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.
Malware
X Individual
CC
>1
Kaspersky, Android, Trojan-Dropper.AndroidOS.Shopper.a, Google Play Protect
55
13/01/2020
?
Multiple targets
Researchers from Cofense reveal that after almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.
Malicious Spam
X Individual
CC
>1
Cofense, Emotet
56
13/01/2020
?
UNIX Systems
The security team at npm takes down a malicious package, discovered by the Microsoft Vulnerability Research team and named 1337qq-js, caught stealing sensitive information from UNIX systems.
Malware
Y Multiple Industries
CC
>1
npm, Microsoft Vulnerability Research team, 1337qq-js,UNIX
57
13/01/2020
?
Android users
An Android banking Trojan dubbed Faketoken has recently been observed by security researchers from Kaspersky while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world.
Malware
K Financial and insurance activities
CC
>1
Android, Faketoken, Kaspersky
58
13/01/2020
?
Account receivable specialists
Researchers from Agari discover a new group called Ancient Tortoise targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages.
Business Email Compromise
K Financial and insurance activities
CC
>1
Agari, Ancient Tortoise
59
13/01/2020
?
Company in the medical tech sector
Researchers from Guardicore reveal the details of an attack targeting a company in the medical tech sector via a malware hiding its modules in WAV audio files and spreading to vulnerable Windows 7 machines on the network via EternalBlue.
Malware
C Manufacturing
CC
N/A
Guardicore, WAV, EternalBlue, Crypto
60
14/01/2020
Fancy Bear AKA APT28
Burisma
Researchers from Area 1 reveal that Russian spies from GRU are suspected of trying to hack into Burisma, the Ukrainian gas company with whom Hunter Biden worked.
Targeted attack
D Electricity gas steam and air conditioning supply
CE
UA
Area 1, Burisma, GRU, Hunter Biden, Russia, APT28, Fancy Bear
61
14/01/2020
Omnichorus
LimeLeads
49 million user records extracted from a misconfigured Elasticsearch database by US data broker LimeLeads are put up for sale online.
Misconfiguration
M Professional scientific and technical activities
CC
US
Elasticsearch, LimeLeads, Omnichorus
62
14/01/2020
?
Single Individuals
The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new ransomware named 5ss5c.
Malware
X Individual
CC
>1
Satan, ransomware, 5ss5c
63
14/01/2020
?
Single Individuals
Researchers from Bitdefender discover 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads.
Malware
X Individual
CC
>1
Bitdefender, Google Play
64
14/01/2020
?
New Mexico Public Regulation Commission
The New Mexico Public Regulation Commission is "hacked by an outside source"
Unknown
O Public administration and defence, compulsory social security
CC
US
New Mexico Public Regulation Commission
65
15/01/2020
?
United Nations
The United Nations is hit by a cyberattack through the malware Emotet.
Malware
U Activities of extraterritorial organizations and bodies
CC
N/A
United Nations,Emotet
66
15/01/2020
?
P&N Bank
P&N Bank in Western Australia informs its customers that hackers may have accessed personal information stored on its systems following a cyber attack on December 12, during an upgrade at a third-party hosting company.
Unknown
K Financial and insurance activities
CC
AU
P&N Bank
67
15/01/2020
?
PlanetDrugsDirect
Canadian online pharmacy PlanetDrugsDirect emails customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. 400,000 individuals are potentially compromised.
Unknown
Q Human health and social work activities
CC
CA
PlanetDrugsDirect
68
15/01/2020
?
Single Individuals
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.
Malware
X Individual
CC
>1
Oski
69
06/01/2020
?
Twitter account of former Australian cricket coach Darren Lehmann
The Twitter account of former Australian cricket coach Darren Lehmann is hacked by a Donald Trump supporter.
Account Hijacking
X Individual
H
AU
Twitter, Darren Lehmann, Donald Trump
70
08/01/2020
?
Kuwait State News Agency
Kuwait state news agency says its Twitter was hacked to spread misinformation about US withdrawal.
Account Hijacking
J Information and communication
H
KW
Kuwait State News Agency
71
10/01/2020
?
PIH Health
PIH Health notifies almost 200,000 patients whose protected health information was in employee email accounts that were compromised.
Account Hijacking
Q Human health and social work activities
CC
US
PIH Health
72
10/01/2020
?
Panama-Buena Vista Union School
Panama-Buena Vista Union School District is hit with a ransomware attack.
Malware
P Education
CC
US
Panama-Buena Vista Union School, ransomware
73
10/01/2020
Anonymous Iran
City of Ozark
Hackers from Anonymous Iran claim to have defaced the website of city of Ozark.
Defacement
O Public administration and defence, compulsory social security
H
US
Anonymous Iran, City of Ozark
74
13/01/2020
?
St. Louis Community College
More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing scam.
Account Hijacking
P Education
CC
US
St. Louis Community College
75
15/01/2020
?
Town of Colonie
The Albany County town of Colonie is hit by a cyber-attack that takes the town's computer system and email offline.
Unknown
O Public administration and defence, compulsory social security
CC
US
Town of Colonie
76
16/01/2020
?
Vulnerable Citrix Systems
Researchers from FireEye discover a malicious actor deploying a previously-unseen payload called NOTROBIN on vulnerable Citrix Systems. The actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts, establishing a backdoor for subsequent campaigns.
Vulnerability
Y Multiple Industries
CC
>1
FireEye, NOTROBIN, Citrix, CVE-2019-19781
77
16/01/2020
TA542
Pharmaceutical companies in the US, Canada and Mexico
Researchers from Proofpoint discover a new Emotet campaign targeting pharmaceutical companies in the US, Canada and Mexico
Malware
M Professional scientific and technical activities
CC
US
CA
MX
Proofpoint, Emotet
78
16/01/2020
?
Targets in Middle East
Researchers from Cisco Talos discover a new campaign selectively attacking targets in Middle East via a Remote Access Trojan (RAT), dubbed JhoneRAT, and abusing cloud services.
Targeted attack
Y Multiple Industries
CE
>1
Cisco Talos, RAT, JhoneRAT
79
16/01/2020
?
Multiple targets
Researchers from Zscaler discover a new version of the FTCODE ransomware with password-stealing capabilities.
Malware
Y Multiple Industries
CC
>1
Zscaler, FTCODE, ransomware
80
16/01/2020
?
Rudolf and Stephanie Hospital in Benešov
The Rudolf and Stephanie Hospital in Benešov is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
CZ
The Rudolf and Stephanie Hospital, Benešov, Ryuk, Ransomware
81
16/01/2020
?
Georgia election server (Center for Election Systems at Kennesaw State University)
Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
Georgia, Shellshock, Center for Election Systems at Kennesaw State University
82
16/01/2020
?
US Government and Military
A new research from Cisco Talos discover a new Emotet campaign affecting the United States of America's government and military.
Malware
O Public administration and defence, compulsory social security
CC
US
Talos, Emotet
83
16/01/2020
?
City of Detroit
The City of Detroit officials warn data breach exposed city workers and residents after several email accounts were compromised.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
City of Detroit
84
17/01/2020
?
Multiple targets
Microsoft publishes a security advisory containing mitigation measures for CVE-2020-0674, an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.
Targeted attack
Y Multiple Industries
N/A
>1
Microsoft, CVE-2020-0674
85
17/01/2020
Phoenix’s Helmets (Anka Neferler Tim)
Several Greek government websites
Several Greek government websites are taken down by Turkish hackers. Targets include the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry.
DDoS
O Public administration and defence, compulsory social security
H
GR
Phoenix’s Helmets, Anka Neferler Tim
86
17/01/2020
?
ADP Users
In proximity of the tax season, cybercriminals launch a phishing campaign targeting some ADP users.
Account Hijacking
X Individual
CC
US
ADP
87
17/01/2020
?
Sunset Cardiology
Sunset Cardiology is hit with a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Sunset Cardiology, Maze, ransomware
88
18/01/2020
?
Temple Har Shalom Synagogue
The Temple Har Shalom Synagogue is hit with a Sodinokibi Ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
US
Temple Har Shalom Synagogue, Sodinokibi, Ransomware
89
18/01/2020
Anonymous Greece
Top Channel 24 TV
Anonymous Greece responds to the ongoing attacks of Turkish hackers by attacking the Turkish channel Top Channel 24 TV.
DDoS
J Information and communication
H
TR
Anonymous Greece, Top Channel 24 TV
90
18/01/2020
?
New Orleans Ernest N. Morial Convention Center
The New Orleans Ernest N. Morial Convention Center is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
New Orleans, Ernest N. Morial Convention Center, ransomware
91
18/01/2020
?
Adventist Health
Adventist Health notifies 2,653 patients after suffering a phishing incident.
Account Hijacking
Q Human health and social work activities
CC
US
Adventist Health
92
19/01/2020
?
Single Individuals
A new sextortion scam leverages the insecurity of connected devices to trick the victims.
Malicious Spam
X Individual
CC
>1
Sextortion
93
19/01/2020
?
Multiple targets
A hacker publishes a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.
Misconfiguration
Y Multiple Industries
CC
>1
Telnet, IoT
94
19/01/2020
?
Kamaru Usman Twitter account
UFC champion Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor
Account Hijacking
X Individual
CC
US
UFC, Kamaru Usman, Twitter, Conor McGregor
95
19/01/2020
?
Oman United Insurance
Oman United Insurance, one among the largest insurers in the country discloses a “ransomware attack” on the company’s data centre early this month.
Malware
K Financial and insurance activities
CC
OM
Oman United Insurance, ransomware
96
20/01/2020
Tick (China)
Mitsubishi Electric
Mitsubishi Electric discloses a security breach that might have caused the leak of personal and confidential corporate information. The breach was detected on June 28, 2019.
Targeted attack
C Manufacturing
CE
JP
Mitsubishi Electric, Tick
97
20/01/2020
?
Hanna Andersson
US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Hanna Andersson, Magecart
98
21/01/2020
Saudi Arabia
Jeff Bezos
An investigation reveals that Jeff Bezos' phone exfiltrated a massive amounts of personal information after receiving a WhatsApp-attached video file sent by the future king of Saudi Arabia, Prince Mohammed bin Salman on May 1, 2018.
Targeted attack
X Individual
CE
US
Jeff Bezos, WhatsApp, Prince Mohammed bin Salman
99
21/01/2020
?
Volusia County Public Library (VCPL
600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9
Unknown
O Public administration and defence, compulsory social security
CC
US
Volusia County Public Library, VCPL
100
21/01/2020
?
Vulnerable Wordpress sites
Researchers from Sucuri reveal that over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites. The campaign was possible because of two vulnerable plugins ("CP Contact Form with PayPal" and "Simple Fields").
Vulnerability
Y Multiple Industries
CC
>1
Sucuri, Wordpress, "CP Contact Form with PayPal", "Simple Fields"
101
21/01/2020
?
100 UPS Store Locations
Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020.
Account Hijacking
G Wholesale and retail trade
CC
US
UPS Store
102
21/01/2020
Threat Actors from Iran
Multiple targets in the US
The FBI Cyber Division issues a flash security alert related to the recent defacement attacks operated by Iranian threat actors.
Defacement
Y Multiple Industries
CW
US
FBI, Iran
103
21/01/2020
?
Single Individuals
Researchers from Malwarebytes reveal the details of a large high-profile malvertising campaign distributing browser lockers.
Malvertising
X Individual
CC
>1
Malwarebytes
104
21/01/2020
?
Citibank customers
Researchers discover q new Citibank phishing scam that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily trick their victims.
Account Hijacking
K Financial and insurance activities
CC
US
Citibank
105
21/01/2020
?
Multiple targets
Researchers from Microsoft discover a new version of the sLoad malware downloader, dubbed Starslord.
Malware
Y Multiple Industries
CC
>1
Microsoft, sLoad, Starslord
106
21/01/2020
?
PayPal customers
Researchers from ZeroFOX discover a new version of the 16Shop phishing campaign targeting PayPal customers.
Account Hijacking
G Wholesale and retail trade
CC
>1
ZeroFOX, 16Shop, PayPal
107
21/01/2020
?
Vulnerable internet routers running the Tomato firmware
Researchers from Palo Alto Networks reveal that internet routers running the Tomato alternative firmware are under active attack by the Muhstik botnet, searching for devices using default credentials.
Misconfiguration
Y Multiple Industries
CC
>1
Palo alto Networks, Muhstik, Tomato
108
21/01/2020
?
Multiple targets
Researchers from Cisco Talos discover a new large-scale cryptomining campaign, dubbed Vivin, acting since more than two years.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Vivin, Crypto
109
22/01/2020
?
Tillamook County
Tillamook County is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Tillamook County, ransomware
110
22/01/2020
?
Greenville Water
Greenville Water is hit by a cyber attack.
Unknown
E Water supply, sewerage waste management, and remediation activities
CC
US
Greenville Water
111
22/01/2020
?
FedEx customers
FedEx warns of a new text message phishing scam that at first glance looks to be about a FedEx package delivery.
Account Hijacking
X Individual
CC
US
FedEx
112
22/01/2020
?
Android users
Researchers from Dr.Web discover a new campaign targeting Android users via the Android.Xiny mobile trojan.
Malware
X Individual
CC
>1
Dr.Web, Android, Android.Xiny
113
23/01/2020
?
Gedia Automotive Group
Parts manufacturer Gedia Automotive Group shuts down its network after being hit with a Sodinokibi ransomware attack.
Malware
C Manufacturing
CC
DE
Gedia Automotive Group, ransomware, Sodinokibi
114
23/01/2020
?
Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics
The sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics (olympictickets2020[.]com), are the victims of a magecart attack.
Malicious Script Injection
R Arts entertainment and recreation
CC
N/A
Magecart, Euro Cup, Tokyo Summer Olympics, olympictickets2020[.]com
115
23/01/2020
APT33?
European energy sector organization
Researchers from Recorded Future discover a cyber espionage campaign with suspected ties to Iran, targeting the European energy sector in a reconnaissance campaign via the PupyRAT software.
Targeted attack
D Electricity gas steam and air conditioning supply
CE
EU
APT33, PupyRAT, Recorded Future
116
23/01/2020
?
Bitcoin Gold
Bitcoin Gold experiences a 51% attack. A total amount of over $70,000 is double-spent
51% Attack
V Fintech
CC
N/A
Bitcoin Gold
117
23/01/2020
?
Ben Gurion International Airport
As Israel hosted dozens of world leaders last week for the World Holocaust Forum, the country’s cyber defense system fended off hundreds of cyberattacks targeting the country’s international airport and the planes of the world leaders.
>1
H Transportation and storage
>1
IL
Ben Gurion International Airport
118
24/01/2020
?
City of Potsdam
The City of Potsdam severs the administration servers' Internet connection following a ransomware attack carried out exploiting the CVE-2019-1978 vulnerability.
Malware
O Public administration and defence, compulsory social security
CC
DE
City of Potsdam, ransomware, CVE-2019-1978
119
24/01/2020
Konni Group
U.S. government agency
Researchers at Palo Alto Networks' Unit 42 discover a new campaign dubbed "Fractured Statue", carried out via a malware called CARROTBALL, used in targeted attacks, against a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.
Targeted attack
O Public administration and defence, compulsory social security
CE
US
Palo Alto Networks, Unit 42, CARROTBALL, North Korea, Konni Group, Fractured Statue
120
24/01/2020
?
Targets in the government, military, and financial sector
A new version of the Ryuk Stealer malware is discovered. This version allows to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
Malware
Y Multiple Industries
CC
>1
Ryuk, ransomware
121
24/01/2020
Turkish hackers
Several Government websites in Greece
A new DDoS attack hits the official state websites of the Greek prime minister, the national police and fire service and other ministries.
DDoS
O Public administration and defence, compulsory social security
H
GR
Turkey, Greece
122
24/01/2020
?
Tampa Bay Times
The Tampa Bay Times suffers a Ryuk ransomware attack.
Malware
J Information and communication
CC
US
Tampa Bay Times, Malware
123
26/01/2020
?
Bird Construction
Bird Construction acknowledges to have been recently hit with a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Bird Construction, Maze, ransomware
124
26/01/2020
?
SuperCasino
The online gambling platform SuperCasino experiences a data breach that exposes sensitive information belonging to its customers.
Unknown
R Arts entertainment and recreation
CC
MT
SuperCasino
125
27/01/2020
State-sponsored Turkish hackers
At least 30 organizations
Turkish hackers allegedly acting in the interest of the Turkish government are believed to have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups
DNS hijacking
Y Multiple Industries
CE
>1
Turkey
126
27/01/2020
OurMine
Twitter accounts of over a dozen popular American football teams, the NFL, the UFC, and ESPN.
The OurMine collective hacks hijacks the Twitter accounts of over a dozen popular American football teams, including the San Francisco 49ers and Kansas City Chiefs, who competed in the Super Bowl Final, the NFL, the UFC, and ESPN.
Account Hijacking
R Arts entertainment and recreation
CC
US
OurMine, Twitter, San Francisco 49ers, Kansas City Chiefs, Super Bowl, NFL, UFC, ESPN
127
27/01/2020
Aggah
Some Italian companies operating in the Retail sector
Researchers from Yoroi-Cybaze ZLab discover a new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign.
Targeted attack
G Wholesale and retail trade
CC
IT
Aggah, Yoroi-Cybaze Zlab
128
27/01/2020
?
Royal Yachting Association
The Royal Yachting Association (RYA) forces a password reset for all online users after warning that some that their data may have been compromised by a third party.
Unknown
S Other service activities
CC
US
Royal Yachting Association
129
28/01/2020
?
Vulnerable Citrix ADC servers
A new ransomware called Ragnarok is detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
Malware
Y Multiple Industries
CC
>1
Ragnarok, Citrix, CVE-2019-19781, Ransomware
130
28/01/2020
?
Red Kite Community Housing
Red Kite Community Housing announces to have fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.
Domain Spoofing
S Other service activities
CC
UK
Red Kite Community Housing
131
28/01/2020
?
Tissue Regenix Group PLC
Tissue Regenix Group PLC says that its computer systems and a third-party IT service provider in the United States were accessed without authorization.
Unknown
C Manufacturing
CC
US
Tissue Regenix Group PLC
132
28/01/2020
?
Personal Touch Home Care of Greater Portsmouth.
Personal Touch Home Care of Greater Portsmouth notifies a Maze ransomware attack occurred on December 1, 2019.
Malware
S Other service activities
CC
US
Personal Touch Home Care of Greater Portsmouth, Maze, Ransomware
133
29/01/2020
?
United Nations
A leaked report reveals that the European network of the United Nations were compromised during the Summer of 2019
Targeted attack
U Activities of extraterritorial organizations and bodies
CE
N/A
United Nations
134
29/01/2020
?
Electronic Warfare Associates (EWA)
Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, is hit with the Ryuk ransomware.
A new campaign is discovered distributing the Emotet malware in Japan, and leveraging the scare of Coronavirus.
Malicious Spam
X Individual
CC
JP
Emotet, Coronavirus
136
29/01/2020
?
Multiple targets
The attackers behind the Maze ransomware publish a list of 25 victims with small data sets leaked as a proof of the hack.
Malware
Y Multiple Industries
CC
>1
Maze
137
29/01/2020
?
LiveRamp
Facebook reveals that back in October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account -- allowing them to run ads using other people's money.
Account Hijacking
M Professional scientific and technical activities
CC
US
Facebook, LiveRamp
138
30/01/2020
NEC
NEC confirms to have been hit with a cyberattack since 2018 that resulted in unauthorized access to its internal network and the exposure of 28,000 files.
Targeted attack
C Manufacturing
CE
JP
NEC
139
30/01/2020
APT34 AKA Oilrig (Iran government-backed)
US Government workers
Researchers from Intezer Lab reveal the details of a spear-phishing campaign, mimicking Westat surveys, a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, since at least 16 years.
Targeted attack
O Public administration and defence, compulsory social security
CE
US
APT34, Oilrig, Iran, Intezer Lab, Westat
140
30/01/2020
TA505
Multiple targets
Researchers from Microsoft and Prevailion reveal a new campaign by TA505, weaponizing Excel documents.
Targeted attack
Y Multiple Industries
CC
>1
Microsoft, Prevailion, TA 505, Excel
141
30/01/2020
?
Undisclosed Canadian Insurance company
A Canadian insurance company paid nearly $1 million USD (about $1.3 million CAD) following a ransomware attack.
Malware
K Financial and insurance activities
CC
CA
Ransomware
142
30/01/2020
?
Users in the US
Multiple Coronavirus Phishing Campaigns are discovered, actively targeting US users.
Account Hijacking
X Individual
CC
US
Coronavirus
143
30/01/2020
?
Single Individuals
Researchers discover a new phishing campaign distributing malware, pretending to be from the Spamhaus Project.
Malicious Spam
X Individual
CC
>1
Spamhaus
144
30/01/2020
?
Rijksmuseum Twenthe
Hackers posing as a veteran London art dealer trick Rijksmuseum Twenthe, a Dutch museum, buying a John Constable painting into paying 2.4 million pounds ($3.1 million) to a fraudulent bank account.
Business Email Compromise
S Other service activities
CC
NL
Rijksmuseum Twenthe, John Constable
145
30/01/2020
?
UK Taxpayers
Cybersecurity company Mimecast discover an uptick in scams using the promise of tax refunds as a way to entice the victims into giving up private information including their name, address, phone number and card details.
Account Hijacking
X Individual
CC
UK
Mimecast, HMRC
146
30/01/2020
?
Multiple targets
Researchers from Lastline discover a large-scale spam campaign spreading info-stealing malware (Agent Tesla and LokiBot) and using advanced obfuscation techniques.
Malicious Spam
Y Multiple Industries
CC
>1
Lastline, Agent Tesla, LokiBot
147
31/01/2020
?
Bouygues Construction
French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.
Malware
M Professional scientific and technical activities
CC
FR
Bouygues Construction, Maze, Ransomware
148
31/01/2020
?
Hong Kong Universities
Researchers from ESET discover a new campaign of the Winnti group targeting some Hong Kong universities via the ShadowPad backdoor.
Targeted attack
P Education
CE
HK
ESET, Winnti. Hong Kong, ShadowPad
149
31/01/2020
?
TVEyes
TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, is hit with a ransomware attack.
Malware
J Information and communication
CC
US
TVEyes, ransomware
150
31/01/2020
?
Single Individuals
A new extortion campaign leverages the Ashley Madison breach
Malicious Spam
X Individual
CC
>1
Ashley Madison
151
31/01/2020
?
City of Racine
The city of Racine is hit with a ransomware attack that knocks most of its non-emergency computer services offline.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Racine, malware
152
28/01/2020
?
Laurentian Bank
Police investigate after thieves hack three banking machines in the greater Montreal area, making off with an estimated $55,000.
Unknown
K Financial and insurance activities
CC
CA
Laurentian Bank
153
30/01/2020
?
Grundy County Courthouse
The Grundy County Courthouse experiences a "cybersecurity breach".
Unknown
O Public administration and defence, compulsory social security
CC
US
Grundy County Courthouse
154
30/01/2020
?
Mountain View Los Altos High School (MVLA)
Mountain View Los Altos High School is hit with a cyber attack.
Unknown
P Education
CC
US
Mountain View Los Altos High School, MVLA
155
31/01/2020
?
US Department of Defense (DOD)
A security researcher discovers a cryptocurrency-mining botnet inside a web server operated by the US Department of Defense (DOD).
Vulnerability
O Public administration and defence, compulsory social security
CC
US
US Department of Defense, DOD
156
31/01/2020
?
Dundee and Angus College
Dundee and Angus College is apparently hit with a ransomware attack.
Malware
P Education
CC
UK
Dundee and Angus College, Ransomware
157
31/01/2020
?
Everton Fan Services Twitter account
The Everton Fan Services Twitter account is allegedly hacked.
Account Hijacking
R Arts entertainment and recreation
CC
UK
Everton Fan Services, Twitter
158
31/01/2020
?
Fondren Orthopedic Group
Fondren Orthopedic Group notifies patients after a malware incident occurred on November 21, 2019, destroyed patient records.
Malware
Q Human health and social work activities
CC
US
Fondren Orthopedic Group, ransomware
159
31/01/2020
?
Belvidere City Hall
Belvidere City Hall is the victim of a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
US
Belvidere City Hall
160
01/02/2020
?
More than 2,300 Nortek Security & Control (NSC) Linear eMerge E3 building access systems
Researchers from SonicWall reveal that attackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting CVE-2019-7256.
Vulnerability
Y Multiple Industries
CC
>1
Nortek Security & Control, NSC, Linear eMerge E3
161
01/02/2020
?
Five U.S. Law Firms
Five U.S. law firms are among the companies and organizations targeted by a new round of ransomware attacks.
Malware
M Professional scientific and technical activities
CC
US
Ransomware
162
01/02/2020
?
Confederation College
Confederation College suffers a malware attack.
Malware
P Education
CC
US
Confederation College
163
03/02/2020
?
Toll Group
Toll Group announces that to have experienced a "cybersecurity incident", and shuts down a number of IT systems at multiple sites across Australia in a bid to resolve the issue. The attack is allegedly caused by the Kokoklock (or Mailto) ransomware.
Malware
M Professional scientific and technical activities
CC
AU
Toll Group, ransomware, Kokoklock, Mailto
164
03/02/2020
?
Multiple targets
Researchers from Dragos reveal the details of EKANS, a new malware strain able to encrypt data and stop applications used in industrial control systems.
Malware
Y Multiple Industries
CC
>1
Dragos, EKANS
165
03/02/2020
?
Government targets in Middle East
Researchers from Palo Alto Networks discover a new wave of campaigns exploiting CVE-2019-0604 against Middle East government targets.
Targeted attack
O Public administration and defence, compulsory social security
CE
>1
Palo Alto Networks
166
03/02/2020
?
Credit Union National Association (CUNA)
Systems of the Credit Union National Association are knocked offline following a “cyber incident.”
Malware
K Financial and insurance activities
CC
US
Credit Union National Association, CUNA, ransomware
167
03/02/2020
?
Twitter users
Twitter discloses a security incident during which third-parties exploited the company's official API to match phone numbers with Twitter usernames.
API Exploit
X Individual
CC
>1
Twitter
168
03/02/2020
?
Multiple targets
Security researchers discover a new wave of domains injected with Magecart skimmers hosted on opendoorcdn[.]com.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
opendoorcdn[.]com, Magecart
169
03/02/2020
?
Business account holders of the larger banks in Brazil
Researchers from IBM X-Force reveal the details of a new campaign of the Camubot malware targeting business account holders of the larger banks in Brazil.
Targeted attack
K Financial and insurance activities
CC
BR
IBM X-Force, Camubot
170
03/02/2020
?
Multiple targets
A new malicious spam campaign distributes the AZORult trojan and uses three levels of encryption to avoid detection.
Malicious Spam
Y Multiple Industries
CC
>1
AZORult
171
04/02/2020
?
Undisclosed state-level voter registration and information site
The US Federal Bureau of Investigation (FBI) warns of a potential DDoS attack that targeted a state-level voter registration and information site.
DDoS
O Public administration and defence, compulsory social security
CC
US
FBI
172
04/02/2020
?
Single Individuals
The Emotet Trojan gets ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms.
Malicious Spam
X Individual
CC
>1
Emotet, W-9
173
04/02/2020
?
Customers of financial institutions in multiple countries.
Researchers from Fortinet discover a new Metamorfo variant targeting customers of financial institutions in multiple countries.
Malware
K Financial and insurance activities
CC
>1
Fortinet, Metamorfo
174
04/02/2020
?
Ukrainian ISP
Ukrainian police arrest a 16-year-old from the city of Odessa for attempting to extort a local ISP into sharing data on one of its subscribers.
DDoS
M Professional scientific and technical activities
CC
UA
Ukraine
175
04/02/2020
?
North Miami Beach Police Department
The North Miami Beach Police Department determines to have been impacted by ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
North Miami Beach Police Department
176
04/02/2020
?
Golden Entertainment
Golden Entertainment notifies customers, employees, and vendors of a phishing attack occurred between May and October 2019.
Account Hijacking
R Arts entertainment and recreation
CC
US
Golden Entertainment
177
04/02/2020
?
St. Louis Community College
More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing attack discovered on January 13.
Account Hijacking
P Education
CC
US
St. Louis Community College
178
04/02/2020
?
Eastern Virginia Medical School
Eastern Virginia Medical School discloses a phishing attack that could have exposed employees’ personal information, including bank accounts and Social Security numbers.
Account Hijacking
Q Human health and social work activities
CC
US
Eastern Virginia Medical School
179
05/02/2020
?
Credit card holders from India
Researchers from Group-IB discover a database containing over 460,000 payment card records uploaded to Joker's Stash, one of the most popular darknet cardshops.
Unknown
K Financial and insurance activities
CC
IN
Group-IB, Joker's Stash
180
05/02/2020
?
Single Individuals
Researchers from Cybereason discover an active campaign distributing an arsenal of malware that is able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world. The payloads observed in this campaign originated from different accounts in code repository platform Bitbucket, which was abused as part of the attackers delivery infrastructure.
Malware
X Individual
CC
>1
Cybereason, Bitbucket
181
05/02/2020
?
Altsbit
Altsbit announces to have been hit with a devastating hack. Criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000.
Unknown
V Fintech
CC
IT
Altsbit, Crypto
182
05/02/2020
Charming Kitten
Journalists, political and human rights activists
Researchers from Certfa Lab identify a new series of phishing attacks from Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services, targeting journalists, political and human rights activists.
Account Hijacking
X Individual
CE
>1
Charming Kitten
183
05/02/2020
?
Single Individuals
Another phishing campaign, claiming to be sent from the World Health Organization (WHO), leverages the fear of the Coronavirus.
Account Hijacking
X Individual
CC
>1
World Health Organization, WHO, Coronavirus
184
05/02/2020
APT40
Malaysian government officials
Malaysia's Computer Emergency Response Team (MyCERT) reveal the details of a campaign carried out by APT40, targeting local government officials using malicious documents exploiting CVE-2014-6352 and CVE-2017-0199.
Targeted attack
O Public administration and defence, compulsory social security
Financial services organizations in the United States
Researchers from FireEye continue to observe multiple targeted phishing campaigns designed to download and deploy a backdoor tracked as MINEBRIDGE.
Targeted attack
K Financial and insurance activities
CE
US
FireEye, MINEBRIDGE
186
05/02/2020
Gamaredon
Ukrainian military and security institutions
Researchers from SentinelOne reveal an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.
Targeted attack
O Public administration and defence, compulsory social security
CE
UA
Gamaredon, SentinelOne, SentinelLabs
187
05/02/2020
?
Mississippi Center for Legal Services and North Mississippi Rural Legal Services
Mississippi Center for Legal Services and North Mississippi Rural Legal Services warn to have been hit with a Ryuk ransomware attack on Christmas Eve.
Malware
K Financial and insurance activities
CC
US
Mississippi Center for Legal Services, North Mississippi Rural Legal Services, ransomware, Ryuk
188
05/02/2020
?
Educational Enrichment Systems
Educational Enrichment Systems discloses a phishing attack occurred between May and July 2019.
Account Hijacking
P Education
CC
US
Educational Enrichment Systems
189
05/02/2020
?
All About Potential Family Chiropractic
All About Potential Family Chiropractic is hit with a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
All About Potential Family Chiropractic, Ransomware, Maze
190
06/02/2020
?
Android users
Researchers from Cofense discover a new phishing campaign targeting Android users, infecting their devices with the Anubis banking Trojan, embedded in more than 250 banking and shopping applications.
Malware
X Individual
CC
>1
Cofense, Android, Anubis
191
06/02/2020
?
Pasco Corporation
Japanese defense contractor Pasco Corporation (Pasco) discloses a security breach that happened in May 2018.
Targeted attack
C Manufacturing
CE
JP
Pasco Corporation
192
06/02/2020
?
Kobe Steel (Kobelco)
Japanese defense contractor Kobe Steel (Kobelco) discloses a security breach that happened in June 2015/August 2016.
Targeted attack
C Manufacturing
CE
JP
Kobe Steel, Kobelco
193
06/02/2020
?
Two undisclosed victims
Researchers from Sophos investigate two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers and install the RobbinHood ransomware. The signed driver is part of a deprecated software package published by Gigabyte, with a known vulnerability tracked as CVE-2018-19320.
Researchers from Kaspersky discover more than 20 phishing websites and 925 malicious files presented disguised as early released copy of the Oscar movies.
Malware
X Individual
CC
>1
Kaspersky, Oscar
195
06/02/2020
?
Banks and financial institutions in the US and the UK
Researchers from Menlo Security reveal the details of a new Emotet campaign targeting banks and financial institutions in the US and the UK.
Malware
K Financial and insurance activities
CC
US
UK
Menlo Security, Emotet
196
06/02/2020
Gorgon Group
Multiple targets
Researchers from Prevailion reveal the details of a new campaign carried out by the Gorgon Group through spoofed login portals.
Account Hijacking
Y Multiple Industries
CC
>1
Gorgon Group, Prevailion
197
06/02/2020
?
Idaho Central Credit Union
Idaho Central Credit Union informs some customers of two data breaches that impacted the financial institution
Account Hijacking
K Financial and insurance activities
CC
US
Idaho Central Credit Union
198
06/02/2020
?
Single Individuals
Researchers from Dr.Web discover a campaign using the CNET website to spread malware through its software download section, via a download link of a popular video player, VSDC.
Malware
X Individual
CC
>1
CNET, VSDC, Dr.Web
199
07/02/2020
?
Multiple targets
Researchers from Binary Defense discover a new variant of Emotet spreading via Wi-Fi networks.
Malware
Y Multiple Industries
CC
>1
Binary Defense, Emotet
200
07/02/2020
OurMine
Facebook's Twitter and Instagram accounts
Hackers from the OurMine collective claim to have taken over Facebook's Twitter and Instagram accounts.
Account Hijacking
M Professional scientific and technical activities
CC
US
OurMine, Facebook, Twitter, Instagram
201
07/02/2020
?
Single Individuals
Security researchers from Kaspersky discover a phishing campaign that poses as an email from the United States’ CDC (Centers of Disease Control).
Account Hijacking
X Individual
CC
US
Kaspersky, Coronavirus, CDC, Centers of Disease Control
202
07/02/2020
?
Rockdale County
Some Rockdale County services are impacted after multiple county servers were are by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rockdale County
203
07/02/2020
LulzSec ITA
Universities of Basilicata, Napoli and Roma 3
The Italian hacktivist collective LulzSec ITA claims via Twitter to have hacked three Italian universities: Basilicata, Napoli and Roma 3.
SQL Injection
P Education
H
IT
LulzSec ITA, Basilicata, Napoli, Roma 3
204
07/02/2020
?
Allegheny Intermediate Unit school system
The Allegheny Intermediate Unit school system is hit with a ransomware attack.
Malware
P Education
CC
US
Allegheny Intermediate Unit school system, ransomware
205
07/02/2020
?
Shields Health Solutions
Shields Health Solutions notifies its patients after an the email account of an employee is hacked between October 22 and October 24 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Shields Health Solutions
206
08/02/2020
?
Redcar and Cleveland Council
Redcar and Cleveland Council is hit with a ransomware cyber-attack.
Malware
O Public administration and defence, compulsory social security
CC
UK
Redcar and Cleveland Council, ransomware
207
08/02/2020
?
50 sites of three of the world’s largest manufacturers of IoT devices in the Middle East, North America, and Latin America
Researchers from TrapX discover a malware campaign targeting 50 sites of three of the world’s largest manufacturers of IoT devices to install a variant of the Lemon_Duck cryptominer.
Malware
C Manufacturing
CC
>1
TrapX, Lemon_Duck crypto
208
09/02/2020
?
Iran Internet infrastructure
Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet.
DDoS
J Information and communication
CW
IR
Iran
209
10/02/2020
Outlaw
Linux-based enterprise systems
Researchers from Trend Micro reveal a new campaign by the group known as Outlaw. This the time the group infiltrates Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin Monero (XMR).
Malware
Y Multiple Industries
CC
>1
Outlaw, Trend Micro, Crypto, Monero, XMR
210
10/02/2020
?
Havre Public Schools
Havre Public Schools are hit with a ransomware attack.
Malware
P Education
CC
US
Havre Public Schools, ransomware
211
10/02/2020
?
Wilson Elser Moskowitz Edelman & Dicker
The law firm Wilson Elser Moskowitz Edelman & Dicker is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Wilson Elser Moskowitz Edelman & Dicker, ransomware
212
10/02/2020
?
US Supply chain software providers
The FBI has warns the US private sector about an ongoing hacking campaign that's targeting supply chain software providers with the Kwampirs malware.
Malware
Y Multiple Industries
CC
US
FBI, Kwampirs
213
10/02/2020
?
Managing Service Providers
A new ransomware called Ragnar Locker emerges, specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.
Malware
M Professional scientific and technical activities
CC
>1
Ragnar Locker, Ransomware
214
10/02/2020
?
Single Individuals
Researchers from Kaspersky spot a new malware called KBOT, a virus that spreads by injecting malicious code into Windows executable files, the first "living" virus in recent years spotted in the wild.
Malware
X Individual
CC
>1
KBOT, Kaspersky
215
10/02/2020
?
City of Garrison
The City of Garrison is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Garrison, Malware
216
10/02/2020
?
Vernon Schools
Vernon Schools shut down the internet after suffering a cyber attack.
Unknown
P Education
CC
US
Vernon Schools
217
10/02/2020
?
Industries susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic
Proofpoint researchers uncover new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping, and aim to distribute the AZORult trojan.
Malicious Spam
Y Multiple Industries
CC
>1
Coronavirus, AZORult
218
11/02/2020
?
Nacogdoches Independent School District
A ransomware attack affects some computers at Nacogdoches Independent School District.
Malware
P Education
CC
US
Nacogdoches Independent School District, ransomware
219
11/02/2020
?
College of Family Physicians of Canada
Doctors from the College of Family Physicians of Canada are the targets of a phishing campaign.
Account Hijacking
Q Human health and social work activities
CC
CA
College of Family Physicians of Canada
220
11/02/2020
?
Baker Wotring
The Baker Wotring law firm has its data exposed by the Maze gang, including fee agreements and diaries from personal injury cases.
Malware
M Professional scientific and technical activities
CC
US
Baker Wotring, Maze, ransomware
221
11/02/2020
?
Individuals in the U.S.
The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media.
Account Hijacking
X Individual
CC
US
U.S. Federal Trade Commission, FTC, Coronavirus
222
11/02/2020
?
American Express and Chase Customers
A clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate.
Account Hijacking
K Financial and insurance activities
CC
US
American Express, Chase
223
11/02/2020
?
The Pediatric Physicians’ Organization at Children’s (PPOC)
The Pediatric Physicians’ Organization at Children’s (PPOC) is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
The Pediatric Physicians’ Organization at Children’s, (PPOC), ransomware
224
11/02/2020
?
Carson City
Carson City is the latest victim of the Click2Gov breach.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
Carson City, Click2Gov
225
11/02/2020
?
Altice USA Inc.
Altice USA Inc. exposes the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, after a phishing attack in November 2019.
Account Hijacking
J Information and communication
CC
US
Altice USA Inc.
226
12/02/2020
?
Puerto Rico’s government
Puerto Rico’s government loses more than $2.6 million after falling for a Business Email Compromise Scam. The incident occurred on January 17.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
PR
Puerto Rico
227
12/02/2020
?
IOTA Foundation
IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, shuts down its entire network after hackers exploit a vulnerability in the IOTA wallet app to steal user funds.
Vulnerability
V Fintech
CC
DE
IOTA Foundation, Crypto
228
12/02/2020
?
Countries in South America and Central America, as well as the U.S.
Researchers from Cisco Talos discover a new campaign carried out through a new version of Loda, a remote access trojan written in AutoIT
Targeted attack
Y Multiple Industries
CE
>1
Cisco Talos, Loda
229
12/02/2020
?
Single Individuals
Researchers from Emisoft discover a new ransomware strain, dubbed Ransomwared, asking for explicit images are ransom.
Malware
X Individual
CC
>1
Emisoft, ransomware, Ransomwared,
230
12/02/2020
?
Central Kansas Orthopedic Group
Central Kansas Orthopedic Group notifies more than 17,000 patients to have suffered a ransomware attack on January 9, 2019.
Malware
Q Human health and social work activities
CC
US
Central Kansas Orthopedic Group, ransomware
231
12/02/2020
?
Palm Beach county's election office
it is reported that Palm Beach election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections.
Malware
O Public administration and defence, compulsory social security
CC
US
Florida, Ransomware
232
13/02/2020
?
Rutter's
Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information.
Malware
G Wholesale and retail trade
CC
US
Rutter's
233
13/02/2020
?
Nedbank
Nedbank discloses a security incident that impacts the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns.
Vulnerability
K Financial and insurance activities
CC
ZA
Nedbank
234
13/02/2020
MoleRATs (aka The Gaza Cybergang)
Entities and individuals in the Palestinian territories
Researchers from Cybereason discover two simultaneous campaigns (Spark and Pierogi) targeting entities and individuals in the Palestinian territories.
Targeted attack
X Individual
CE
PS
MoleRATs (aka The Gaza Cybergang)
235
13/02/2020
?
Chrome users
Security researchers discover and take down a malicious campaign dating back to 2017, using up to 500 malicious Chrome extensions.
Malicious Browser Extension
X Individual
CC
>1
Chrome
236
13/02/2020
?
Multiple targets
A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.
Malware
Y Multiple Industries
CC
>1
Parallax
237
13/02/2020
?
SIngle Individuals
Researchers from IBM X-Force discover a new Emotet-powered sextortion campaign.
Malicious Spam
X Individual
CC
>1
IBM X-Force, Emotet, Sextortion
238
13/02/2020
?
Relation Insurance
Relation Insurance discloses a phishing attack occurred on August 15, 2019.
Account Hijacking
K Financial and insurance activities
CC
US
Relation Insurance
239
14/02/2020
Hidden Cobra (AKA Lazarus Group)
Targets in the US
Multiple U.S. government agencies warn of a newly intensifying threat from North Korea.
Targeted attack
Y Multiple Industries
CE
US
Hidden Cobra, Lazarus Group
240
14/02/2020
?
Banks in the U.S. and Canada
Researchers from Lookout discover a phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada.
Account Hijacking
K Financial and insurance activities
CC
US
CA
Lookout, US, Canada
241
14/02/2020
?
27 companies
A targeted phishing attack using SLK attachments is underway against twenty-seven companies, with some of them being well-known brands, to gain access to their corporate networks.
Account Hijacking
Y Multiple Industries
CE
>1
Phishing
242
14/02/2020
?
Single Individuals
Researchers from Trend Micro discover a new LokiBot campaign attempting to infect users by impersonating the launcher for Epic Games.
Malware
X Individual
CC
>1
LokiBot, Trend Micro, Epic Games
243
14/02/2020
?
PSL Services
PSL Services notifies its clients of a phishing attack occurred on December 17, 2019.
Account Hijacking
M Professional scientific and technical activities
CC
US
PSL Services
244
14/02/2020
?
Charleston Lube Partners
Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019.
Malware
I Accommodation and food service activities
CC
US
Charleston Lube Partners
245
15/02/2020
?
Port Lavaca
The Port Lavaca City Hall is hit with a Ryuk ransomware attack,
Malware
O Public administration and defence, compulsory social security
CC
US
Port Lavaca, Ryuk, ransomware
246
15/02/2020
OurMine
FC Barcelona Twitter Account
Hackers from the OurMine collective claim to have hijacked the Twitter account of FC Barcelona.
Account Hijacking
R Arts entertainment and recreation
CC
ES
OurMine, FC Barcelona, Twitter
247
15/02/2020
OurMine
The International Olympic Committee Twitter Account
The International Olympic Committee Twitter Account Twitter account is also hacked by OurMine
Account Hijacking
U Activities of extraterritorial organizations and bodies
CC
N/A
OurMine, International Olympic Committee, Twitter
248
15/02/2020
?
Interactive Medical Systems
Wake County notifies that 1,900 employees are affected by a phishing attack to Interactive Medical Systems, a former benefits administrator.
Account Hijacking
M Professional scientific and technical activities
CC
US
Wake County, Interactive Medical Systems
249
13/02/2020
?
Grand Est
The Grand Est region is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Grand Est, ransomware
250
14/02/2020
?
INA Group
A ransomware attack cripples some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain.
Malware
D Electricity gas steam and air conditioning supply
CC
HR
INA Group, ransomware
251
14/02/2020
?
BST
A Maze ransomware attack on BST, an accounting firm in December exposes the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm.
Malware
K Financial and insurance activities
CC
US
Maze, BST, Community Care Physicians
252
14/02/2020
?
Tennessee Orthopaedic Alliance
Tennessee Orthopaedic Alliance notifies more than 81,000 patients after discovering two employee email accounts had been compromised on October 18, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Tennessee Orthopaedic Alliance
253
15/02/2020
?
Neebs Gaming YouTube channel
Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers.
Account Hijacking
R Arts entertainment and recreation
CC
US
Neebs Gaming, YouTube, Coinbase Pro, Bitcoin
254
15/02/2020
?
Lodi School District
School officials in Lodi are investigating after student data is breached at two different schools: Bear Creek High and Ronald E. McNair High.
Unknown
P Education
CC
US
Lodi School District
255
16/02/2020
Fox Kitten
Companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors
Researchers from ClearSky reveal that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs to infiltrate and plant backdoors in companies all over the world.
Vulnerability
Y Multiple Industries
CE
>1
ClearSky, Fox Kitten, CVE-2019-11510, CVE-2018-13379, CVE-2019-1579, CVE-2019-19781
256
16/02/2020
APT-C-23
Israel Defense Force (IDF) soldiers
An IDF’s spokesperson reveals that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IL
Israel Defense Force, IDF, APT-C-23, ISA, Israel Security Agency
257
16/02/2020
?
Vulnerable Wordpress sites
Researchers from WebARX reveal the details of a currently exploited vulnerability targeting the ThemeGrill Demo Importer plugin that allows the attackers to completely wipe a Wordpress site.
Vulnerability
Y Multiple Industries
CC
>1
WebARX, ThemeGrill Demo Importer, Wordpress
258
16/02/2020
?
Butler County Community College
Butler County Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Butler County Community College, ransomware
259
17/02/2020
?
ISS World
A ransomware attack hits the major facilities company ISS World, which has half a million employees worldwide.
Malware
N Administrative and support service activities
CC
DK
ISS World
260
17/02/2020
?
More than 80 Turkish companies
Check Point researchers discover an evolving, ongoing malspam campaign targeting more than 80 Turkish companies, distributing the Adwind RAT.
Malicious Spam
Y Multiple Industries
CC
TR
Check Point, Adwind RAT
261
17/02/2020
?
Multiple targets
IBM X-Force Threat Intelligence researchers discover a phishing campaign distributing the Lokibot information stealer malware via emails designed to look like they're sent by the Ministry of Health of the People's Republic of China and containing emergency Coronavirus regulations in English.
Malware
Y Multiple Industries
CC
>1
IBM X-Force, Lokibot, Ministry of Health of the People's Republic of China, Coronavirus, COVID-19
262
17/02/2020
?
Single Individuals
The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.
Malicious Spam
X Individual
CC
>1
World Health Organization, WHO, Coronavirus, COVID-19
263
17/02/2020
?
Instagram users in Russia
A large-scale phishing campaign is running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business.
Account Hijacking
X Individual
CC
RU
Instagram
264
17/02/2020
?
Rabun County
The Rabun County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rabun County, ransomware
265
17/02/2020
?
East House
East House provide notices of a phishing attack occurred on July 25, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
East House
266
17/02/2020
?
Monroe County Hospital & Clinics
More than 7,000 patients of Monroe County Hospital & Clinics are notified that their personal information may have been leaked in a phishing attack occurred on December 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Monroe County Hospital & Clinics
267
18/02/2020
?
Undisclosed natural gas compression facility
The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, ransomware
268
18/02/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that a zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, ThemeREX Addons, WordPress
269
18/02/2020
?
ProtonVPN users
Researchers from Kaspersky discover a fake ProtonVPN website used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers.
Malware
X Individual
CC
>1
Kaspersky, ProtonVPN, AZORult
270
18/02/2020
?
Windows users in Italy
Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.
Malware
X Individual
CC
IT
Dharma, Ransomware
271
18/02/2020
?
Government Data Center in Rwanda
A Rwandan data centre that hosts servers related to the country’s government is taken down by hackers.
DDoS
O Public administration and defence, compulsory social security
CC
RW
Rwanda
272
19/02/2020
?
MGM Resorts
The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.
Misconfiguration
I Accommodation and food service activities
CC
US
MGM Resorts
273
19/02/2020
DRBControl
Gambling companies located in Southeast Asia, Europe and the Middle East
Researchers from Trend Micro and Talent-Jump reveal the details of DRBControl, a criminal organization focused on gambling companies.
Targeted Attack
R Arts entertainment and recreation
CC
>1
Trend Micro, Talent-Jump, DRBControl
274
19/02/2020
Exaggerated Lion
Thousands of U.S. companies
Researchers uncover a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams.
Business Email Compromise
Y Multiple Industries
CC
US
Agari, Exaggerated Lion
275
19/02/2020
?
US Taxpayers
Proofpoint researchers detect the first attacks in theme with the tax season carried out via tax-themed emails with malicious attachments, and legitimate tax-focused websites compromised to deliver malware
Malware
X Individual
CC
US
Proofpoint, Tax
276
19/02/2020
?
Swiss companies
Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) warns of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.
Malware
Y Multiple Industries
CC
CH
Switzerland’s Reporting and Analysis Centre for Information Assurance, MELANI, ransomware
277
19/02/2020
?
Multiple targets
Researchers from Prevailion reveal the details of "PHPs Labyrinth", a campaign active since 2017, infecting more than 20,000 WordPress sites via malicious plugins.
Malicious Wordpress Plugin
Y Multiple Industries
CC
>1
Prevailion, PHPs Labyrinth, WordPress
278
19/02/2020
?
Multiple targets
Security researcher Marco Ramilli discover a new batch of e-commerce sites compromised by a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Marco Ramilli, Magecart.
279
19/02/2020
?
Ministère de l’Éducation et de l’Enseignement Supérieur
The PII of at least 51,400, and possibly as many as 360,000 educators, in Quebec Province are exposed when a malicious actor obtained login credentials to the Ministère de l’Éducation et de l’Enseignement Supérieur network.
Unknown
O Public administration and defence, compulsory social security
CC
CA
Ministère de l’Éducation et de l’Enseignement Supérieur
280
19/02/2020
?
US Bank Customers
Researchers from IBM X-Force discover a new Emotet campaign spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
Malware
K Financial and insurance activities
CC
US
IBM, X-Force, Emotet, TrickBot
281
19/02/2020
?
Maroof International Hospital
Maroof International Hospital is hit with a severe ransomware attack
Malware
Q Human health and social work activities
CC
PK
Maroof International Hospital, ransomware
282
19/02/2020
?
City of Wayne
The city of Wayne is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Wayne, ransomware
283
19/02/2020
?
United Regional Health Care System
United Regional Health Care System discloses an incident that occurred last July when someone accessed an employee email account. 2,000 individuals are affected.
Account Hijacking
P Education
CC
US
United Regional Health Care System
284
20/02/2020
?
Defence Information Systems Agency (DISA)
The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019
Unknown
O Public administration and defence, compulsory social security
CC
US
Defence Information Systems Agency, DISA
285
20/02/2020
?
Targets in Southeast Asia
Researchers from Cisco Talos uncover a new campaign, carried out via a remote access tool dubbed ObliqueRAT, focused on targets in Southeast Asia.
Targeted Attack
Y Multiple Industries
CE
>1
Cisco Talos, ObliqueRAT
286
20/02/2020
?
IIT Madras
IIT Madras is hit with the GlobeImposter ransomware.
Malware
P Education
CC
IN
IIT Madras, GlobeImposter, ransomware
287
20/02/2020
?
Nine websites
Security researchers discover a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Magecart
288
20/02/2020
?
VibrantCare Rehabilitation
VibrantCare Rehabilitation notifies 1,655 patients after an employee’s email account is accessed.
Account Hijacking
Q Human health and social work activities
CC
US
VibrantCare Rehabilitation
289
20/02/2020
?
San Felipe Del Rio CISD
A business email compromise targets the San Felipe Del Rio CISD.
Business Email Compromise
P Education
CC
US
San Felipe Del Rio CISD
290
20/02/2020
?
South Adams Schools district
The South Adams Schools district is hit with a ransomware attack.
Malware
P Education
CC
US
South Adams Schools district, ransomware
291
21/02/2020
?
Android users
Security researchers from Check Point discover a new mobile threat called Haken, hidden in 8 applications.
Malware
X Individual
CC
>1
Check Point, Haken, Joker, Android
292
21/02/2020
Lynx
Slickwraps
Slickwraps suffers a data breach after an individual is able to access their systems and after receiving no response to emails, publicly discloses how the access to the site was gained and the data that was exposed.
Vulnerability
C Manufacturing
CC
US
Lynx, Slickwraps
293
21/02/2020
?
Reading Municipal Light Department (RMLD)
The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announces it was hit by a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Reading Municipal Light Department, RMLD, ransomware
294
21/02/2020
Pakistan?
Indian diplomats and military personnel in some embassies
Researchers from Cybaze-Yoroi ZLab discover that operation Transparent Tribe, allegedly carried out by Pakistan against Indian targets is back after four years.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
Cybaze-Yoroi ZLlab, Operation Transparent Tribe, Pakistan, India
295
21/02/2020
?
Multiple targets
Researchers from Cofense discover an uptick in phishing attempts using a fake and badly created Office 365 credentials update form.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Office 365
296
21/02/2020
?
Endeavor Energy Resources
Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack on January 14.
Account Hijacking
D Electricity gas steam and air conditioning supply
CC
US
Endeavor Energy Resources
297
21/02/2020
?
Moses Lake School District
The Moses Lake School District is hit by a ransomware attack.
Malware
P Education
CC
US
Moses Lake School District, ransomware
298
21/02/2020
?
Jackson Public Schools
Jackson Public Schools is hit with a ransomware attack.
Malware
P Education
CC
US
Jackson Public Schools, ransomware
299
22/02/2020
?
Major cryptovalues investor
An unknown investor claims to have lost reported $45 million worth of cryptovalues In a SIM Swapping attack.
Account Hijacking
V Fintech
CC
N/A
SIM Swapping, Crypto
300
22/02/2020
?
Single Individuals
Security research collective MalwareHunterTeam discover a 3-page Coronavirus-themed Microsoft Office document containing malicious macros, pretending to be from the Center for Public Health of the Ministry of Health of Ukraine, and designed to drop a backdoor malware with clipboard stealing, keylogging, and screenshot capabilities.
Malware
X Individual
CC
UA
MalwareHunterTeam, Coronavirus, COVID-19, Center for Public Health of the Ministry of Health of Ukraine
301
23/02/2020
?
Mexico’s economy ministry
Mexico’s economy ministry detects a cyber attack on some of its servers.
Unknown
O Public administration and defence, compulsory social security
CC
MX
Mexico’s economy ministry
302
23/02/2020
?
Prince Edward Island
Prince Edward Island reveals it was hit with a Maze ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Prince Edward Island, ransomware, Maze
303
23/02/2020
?
Total Quality Logistics (TQL)
Total Quality Logistics confirms it was the victim of a data breach.
Unknown
N Administrative and support service activities
CC
US
Total Quality Logistics, TQL
304
24/02/2020
?
German PayPal users
According to multiple reports, a critical PayPal vulnerability is behind thefts over recent days from numerous German PayPal users (fraudulent transactions with U.S. stores).
Vulnerability
K Financial and insurance activities
CC
DE
PayPal
305
24/02/2020
Magecart 12
40 websites
Security Researcher Max Kersten publishes a list of 40 websites targeted by the Magecart 12 group.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Max Kersten, Magecart 12
306
24/02/2020
?
Ordnance Survey
A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. The breach occurred on January this year.
Unknown
O Public administration and defence, compulsory social security
CC
UK
Ordnance Survey
307
24/02/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover Mozart, a malware using DNS to communicate with its command and control and evade detection.
Malware
Y Multiple Industries
CC
>1
MalwareHunterTeam, Mozart, DNS
308
24/02/2020
?
Portuguese Banking users.
A new campaign carried out via the Lampion malware in disguise of a DPD email, is discovered targeting Portuguese users.
Malware
K Financial and insurance activities
CC
PT
Lampion, DPD
309
24/02/2020
?
Pacific Specialty Insurance
Pacific Specialty Insurance notifies plan members of a phishing attack that occurred in March, 2019
Account Hijacking
K Financial and insurance activities
CC
US
Pacific Specialty Insurance
310
24/02/2020
?
Grayson County
Grayson County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Grayson County
311
24/02/2020
?
Transavia
The data of 80,000 Transavia passengers are compromised after a phishing attack.
Account Hijacking
H Transportation and storage
CC
NL
Transavia
312
24/02/2020
?
Transmit Security
Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data.
Unknown
M Professional scientific and technical activities
CC
IL
Transmit Security
313
25/02/2020
?
Multiple targets
Google releases a Chrome update to address three security bugs, including CVE-2020-6418, a zero-day vulnerability actively exploited in the wild.
Vulnerability
Y Multiple Industries
CC
>1
Google, Chrome, CVE-2020-6418
314
25/02/2020
?
La Salle County
La Salle County is hit with a PwndLocker ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
La Salle County, ransomware, PwndLocker
315
25/02/2020
?
Single Individuals
Researchers from Cybaze/Yoroi ZLab discover a new campaign exploiting the Coronavirus theme to distribute the Remcos RAT.
Malware
X Individual
CC
>1
Cybaze/Yoroi ZLab, Remcos, Coronavirus, COVID-19
316
25/02/2020
?
Reprint Mint
Researchers from Sanguine Security reveal that attackers successfully implanted multiple skimmers, for 30 months on Reprint Mint photo store.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Sanguine Security, Reprint Mint
317
25/02/2020
tonyredball
solarsalvador1234
Vulnerable Wordpress sites
Other Cybercriminals are taking advantage of the security flaws reported recently in popular WordPress plugins (ThemeGrill Demo Importer, Profile Builder, and Duplicator).
NRC Health discloses that it was hit by a ransomware attack that took place on February 11.
Malware
M Professional scientific and technical activities
CC
US
NRC Health, ransomware
319
25/02/2020
?
Undisclosed target
Researchers from Sophos reveal the details of Cloud Snooper, a sophisticated malware hiding in the cloud, probably backed by an advanced state sponsored actor.
Unknown
Z Unknown
CE
N/A
Cloud Snooper, Sophos
320
25/02/2020
Overlake Medical Center & Clinics
Overlake Medical Center & Clinics reveals to have been hit by a phishing attack from Dec. 6 to 9, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Overlake Medical Center & Clinics
321
25/02/2020
?
Advocate Aurora Health
The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign.
Account Hijacking
Q Human health and social work activities
CC
US
Advocate Aurora Health
322
25/02/2020
?
Gadsden Independent School District (GISD)
Gadsden Independent School District (GISD) shuts down its internet and communication systems, after a RYUK ransomware attack.
Malware
P Education
CC
US
Gadsden Independent School District, GISD, ransomware
323
25/02/2020
?
Hutt Valley High School
Hutt Valley High School reveals that it was hit with a cyber attack.
Unknown
P Education
CC
NZ
Hutt Valley High School
324
26/02/2020
?
Clearview AI
Clearview AI discloses to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.
Misconfiguration
M Professional scientific and technical activities
CC
US
Clearview AI
325
26/02/2020
?
Bretagne Télécom
Cloud services provider Bretagne Télécom is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781.
Malware
M Professional scientific and technical activities
Rady’s Children’s Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020.
Unknown
Q Human health and social work activities
CC
US
Rady’s Children’s Hospital
331
27/02/2020
?
Barbara Corcoran
Barbara Corcoran, a renowned real-estate broker and business expert, admits she lost $380,000 via a BEC scam.
Business Email Compromise
L Real estate activities
CC
US
Barbara Corcoran
332
27/02/2020
?
Kenneth Cole Productions
The operators behind the Sodinokibi Ransomware (AKA Revil) publish the download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from Kenneth Cole Productions.
Researchers from Malwarebytes and X-Force discover an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
Malware
X Individual
CC
>1
Malwarebytes, IBM X-Force, Nemty, Ransomware
334
27/02/2020
?
Multiple targets
Researchers from Palo Alto discover a new phishing campaign installing the NetSupport Manager RAT via a Fake Norton LifeLock document.
Malicious Spam
Y Multiple Industries
CC
>1
Palo Alto, NetSupport Manager RAT, Norton LifeLock
335
27/02/2020
?
BGR.in
tradinggame.au.com
S3 Production
Hackers share three SQL databases from S3 buckets, one dump belonging to the BGR tech news site in India.
Misconfiguration
Y Multiple Industries
CC
>1
BGR.in,
tradinggame.au.com,
S3 Production
336
27/02/2020
?
Democratic National Committee
The Democratic National Committee warns its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns.
Account Hijacking
S Other service activities
CE
US
Democratic National Committee, Bernie Sanders
337
27/02/2020
?
Jordan Health
Jordan Health is hit with a ransomware attack.
Malware
P Education
CC
US
Jordan Health
338
28/02/2020
?
130,000 Asus routers
An unknown criminal manages to breach as many as 130,000 Asus routers, and sells the access to them for few dollars.
Vulnerability
Y Multiple Industries
CC
>1
Asus
339
28/02/2020
?
Multiple targets
Researchers from Morphisec discover a widespread campaign using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap adopted by TrickBot for delivery.
Malware
Y Multiple Industries
CC
>1
Morphisec, ActiveX, Word, Windows 10, TrickBot
340
28/02/2020
?
Vulnerable Wordpress sites
Researchers from Defiant discover that attackers took over tens of thousands of WordPress sites by exploiting multiple zero-days in the following plugins: Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite.
Vulnerability
Y Multiple Industries
CC
>1
Wordpress, Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite, Defiant
341
28/02/2020
?
Munson Healthcare Group
Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Munson Healthcare Group
342
29/02/2020
?
Epiq Global
Legal services giant Epiq Global is hit by a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Epiq Global, ransomware
343
29/02/2020
?
RailWorks Corporation
RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack.
Malware
C Manufacturing
CC
US
RailWorks Corporation, ransomware
344
29/02/2020
?
Vulnerable Apache Tomcat servers
Security researchers detect ongoing scans for Apache Tomcat servers unpatched against the Ghostcat (CVE-2020-1938) vulnerability.
Vulnerability
Y Multiple Industries
CC
>1
Apache Tomcat, Ghostcat, CVE-2020-1938
345
29/02/2020
?
Loqbox
Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.
Unknown
V Fintech
CC
UK
Loqbox, Crypto
346
15/02/2020
?
EMCOR Group
EMCOR Group, a Fortune 500 company specialized in engineering and industrial construction services, discloses a Ryuk ransomware incident that took down some of its IT systems.
Malware
C Manufacturing
CC
US
EMCOR Group, Ryuk, ransomware
347
21/02/2020
?
Coinhako
Coinhako is hit by a sophisticated attack.
Unknown
V Fintech
CC
SG
Coinhako, Crypto
348
27/02/2020
?
Okex and Bitfinex
Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS)
DDoS
V Fintech
CC
US
HK
Okex, Bitfinex, Coinhako
349
27/02/2020
Kimsuky
South Korean officials
Researchers from IssueMakersLab reveal that a group of North Korean hackers embedded malware inside documents detailing South Korea's response to the COVID-19 epidemic. The embedded malware is BabyShark a backdoor previously utilized by a North Korean hacker group known as Kimsuky.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
IssueMakersLab, COVID-19, Kimsuky, BabyShark
350
29/02/2020
Digileaker
Digitex
A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users.
Unknown
V Fintech
CC
SC
Digitex, Digileaker
351
01/03/2020
?
Visser Precision
Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack.
Malware
C Manufacturing
CC
US
Visser Precision, DoppelPaymer, ransomware
352
01/03/2020
?
Community Development Bank
Community Development Bank becomes the latest victim of the Maze ransomware team.
Malware
K Financial and insurance activities
CC
US
Community Development Bank, Maze, Ransomware
353
02/03/2020
?
City of Novi Sad
The City of Novi Sad in Serbia is hit by the PwndLocker ransomware.
Malware
O Public administration and defence, compulsory social security
CC
RS
Novi Sad, Serbia, PwndLocker, ransomware
354
02/03/2020
?
Spartanburg School District One
Spartanburg School District One is hit with a ransomware attack.
Malware
P Education
CC
US
Spartanburg School District One
355
02/03/2020
APT34
Lebanon Government
Researchers from Cybaze-Yoroi ZLab discover a new campaign targeting the Lebanon government via the Karkoff implant.
Targeted Attack
O Public administration and defence, compulsory social security
CE
LB
Cybaze-Yoroi ZLab, Lebanon, Karkoff
356
02/03/2020
?
Large number of French critical infrastructure firms
A large number of French critical infrastructure firms appear to have been hacked as part of an extended malware campaign.
Malware
D Electricity gas steam and air conditioning supply
CC
FR
France
357
02/03/2020
Egypt?
India?
Saudi Arabia
UAE
Facebook removes hundreds of accounts and pages used in "Operation Red Card", a deceptive campaign that appears to be from Egyptian and Indian marketing firms, to post anti-Saudi and anti-Emirati content.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CW
SA
AE
Operation Red Card, Facebook, India, Egypt
358
02/03/2020
?
Tesco
Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
Credential Stuffing
G Wholesale and retail trade
CC
UK
Tesco
359
02/03/2020
?
Android users
Google addresses a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices, and which has an exploit already circulating in the wild.
Vulnerability
X Individual
CC
>1
Google, Android, Mediatek, CVE-2020-0032
360
03/03/2020
CIA?
Chinese companies and government agencies
The Chinese company Qihoo 360 publishes a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years (from 2008 to 1019).
Targeted Attack
O Public administration and defence, compulsory social security
CE
CN
Qihoo 360, CIA
361
03/03/2020
Molerats (AKA Gaza Hackers Team and Gaza Cybergang)
Eight organizations in six different countries in the government, telecommunications, insurance and retail industries
Researchers from Palo Alto Unit 42 observe multiple instances of phishing attacks likely related to the threat group Molerats targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries
Targeted Attack
Y Multiple Industries
CE
>1
Molerats, Gaza Hackers Team, Gaza Cybergang, Palo Alto, Unit 42
362
03/03/2020
?
J.Crew
Clothing giant J.Crew says an unknown number of customers had their online accounts accessed “by an unauthorized party" in or around April 2019.
Credential Stuffing
G Wholesale and retail trade
CC
US
J.Crew
363
03/03/2020
Kimsuky
South Korea
Researchers from Cybaze-Yoroi ZLab discover a new campaign by the North Korea-linked APT group, Kimsuky, targeting South Korea.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
Cybaze-Yoroi ZLab, Kimsuky
364
03/03/2020
?
Four Queens Hotel and Casino and Binion’s Casino
Four Queens Hotel and Casino and Binion’s Casino are hit with a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
Four Queens Hotel and Casino, Binion’s Casino, ransomware
365
04/03/2020
?
T-Mobile
US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees."
Account Hijacking
J Information and communication
CC
US
T-Mobile
366
04/03/2020
?
Australian Defence
The Australian Signals Directorate (ASD reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details.
Vulnerability
O Public administration and defence, compulsory social security
CE
AU
Australian Signals Directorate, ASD, Citrix, Australian Defence, CVE-2019-19781
367
04/03/2020
?
Boots
Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
Password-spraying
G Wholesale and retail trade
CC
UK
Boots
368
04/03/2020
?
Single Individuals
Researchers from Fortinet discover a new campaign delivering the Lokibot malware and exploiting the COVID-19 fear.
Malware
X Individual
CC
>1
Fortinet, Lokibot, COVID-19, Coronavirus
369
04/03/2020
?
Single Individuals
Researchers from Cofense discover an additional phishing campaign pushing fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.”
Account Hijacking
X Individual
CC
>1
Cofense, CDC, Coronavirus, COVID-19, The Centers for Disease Control
370
04/03/2020
?
SIngle Individuals
Researchers from Cofense discover a phishing campaign, leveraging OneNote to bypass detection tools and download malware onto victims’ systems.
Account Hijacking
X Individual
CC
>1
Cofense, OneNote
371
05/03/2020
?
Carnival Corp.
Carnival Corp. announces that two of its most popular lines, Holland America and Princess Cruises, were hit by a phishing attack between April 11 and July 23, 2019.
Account Hijacking
R Arts entertainment and recreation
CC
US
Carnival Corp., Holland America, Princess Cruises
372
05/03/2020
?
Communications & Power Industries (CPI)
Communications & Power Industries (CPI) is still down after a ransomware attack suffered in January.
Malware
C Manufacturing
CC
US
Communications & Power Industries, CPI
373
05/03/2020
?
EVRAZ
EVRAZ, one of the world's largest steel manufacturers and mining operations, has its North American activities taken down by a Ryuk ransomware attack.
Malware
C Manufacturing
CC
US
EVRAZ, Ryuk, ransomware
374
05/03/2020
?
Banking users in Italy
Researchers from Sophos discover a new campaign distributing the Trickbot malware in Italy and exploiting the COVID-19 outbreak.
Malware
K Financial and insurance activities
CC
IT
Sophos, Trickbot, COVID-19
375
05/03/2020
?
Multiple targets
Researchers from Kaspersky discover a new campaign inviting victims to install malware in disguise of an expired certificate.
Malware
Y Multiple Industries
CC
>1
Kaspersky
376
05/03/2020
Tonto Team
Multiple targets in Russia, Japan, and South Korea
Researchers from Cisco Talos reveal the detail of a new cyber espionage campaign carried out by the Tonto Team via the Bisonal RAT.
Targeted Attack
Y Multiple Industries
CE
>1
Cisco Talos, Tonto Team, Bisonal RAT
377
05/03/2020
?
Chrome Users
Researchers at MyCrypto discover a malicious Chrome extension able to steal Ledger wallet recovery seeds.
Malicious Browser Extension
V Fintech
CC
>1
MyCrypto, Chrome, Ledger
378
06/03/2020
?
The City of Durham and Durham County
The City of Durham and Durham County are hit by a Ryuk ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Durham, Durham County, Ryuk. Ransomware
379
06/03/2020
?
Trident Crypto Fund
The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.
Unknown
V Fintech
CC
MA
Trident Crypto Fund, Crypto
380
06/03/2020
?
Entercom
US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials.
Unknown
J Information and communication
CC
US
Entercom
381
06/03/2020
?
Koodo Mobile
Telus-owned Koodo Mobile suffers a data breach after their systems were hacked on February 13, 2020, and customer data from August and September 2017 was stolen by the attackers.
Account Hijacking
J Information and communication
CC
CA
Koodo Mobile
382
06/03/2020
?
Multiple targets
The US Federal Bureau of Investigation (FBI) warns private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks.
Business Email Compromise
Y Multiple Industries
CC
US
Federal Bureau of Investigation, FBI, Microsoft Office 365, Google G Suite
383
07/03/2020
?
SIngle Individuals
Researchers from MalwareHunterTeam discover another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO), and in reality distributing a malware downloader that installs the FormBook information-stealing Trojan.
Malicious Spam
X Individual
CC
>1
MalwareHunterTeam, Coronavirus, COVID-19, World Health Organization, WHO, FormBook
384
07/03/2020
?
Six Southeast Asian countries, including Malaysia and Singapore
Researchers from Technisanct discover hundreds of thousands of credit card details from at least six Southeast Asian countries, leaked online.
Unknown
K Financial and insurance activities
CC
>1
Malaysia, Singapore, Technisanct
385
08/03/2020
?
Multiple targets
Researchers from Volexity reveal that state-sponsored hacking groups are using a recently disclosed Microsoft Exchange vulnerability (CVE-2020-0688) to attack targets. The same warning is sent also by the NSA.
Vulnerability
Y Multiple Industries
CC
>1
Volexity, Microsoft Exchange, CVE-2020-0688
386
08/03/2020
?
University of Kentucky and UK HealthCare
The University of Kentucky and UK HealthCare discovers that is suffered a malware attack aimed to install cryptominers.
Malware
P Education
CC
US
University of Kentucky and UK HealthCare
387
09/03/2020
?
ENTSO-E
The European Network of Transmission System Operators for Electricity (ENTSO-E), says that its IT network had been compromised in a “cyber intrusion.”
Unknown
D Electricity gas steam and air conditioning supply
N/A
EU
ENTSO-E, European Network of Transmission System Operators for Electricity
388
09/03/2020
?
Russian users
Researchers from MalwareHunterTeam discover a new phishing scam targeting Russian victims, and utilizing a "customer service" chatbot.
Account Hijacking
X Individual
CC
RU
MalwareHunterTeam
389
09/03/2020
?
Single Individuals
Researchers from IBM X-Force Threat Intelligence discover a new sextortion campaign, luring victims with emails promising to give access to the nude extortion pics of a friend's girlfriend, and delivering the Raccoon malware.
Malicious Spam
X Individual
CC
>1
IBM, X-Force, sextortion, Raccoon
390
09/03/2020
?
TrueFire
The popular online guitar tutoring website TrueFire suffers a ‘Magecart‘ attack that might have exposed customers’ personal information and payment card data.
Malicious Script Injection
S Other service activities
CC
US
TrueFire, Magecart
391
09/03/2020
?
Single Individuals
Researchers from security firm Reason discover a fake Coronavirus map, delivering the AZORult trojan.
Malware
X Individual
CC
>1
Reason, COVID019, Coronavirus, AZORult
392
09/03/2020
?
Fort Worth Independent School District
The Fort Worth Independent School District is hit with a ransomware attack,
Malware
P Education
CC
US
Fort Worth Independent School District, ransomware
393
10/03/2020
Mustang Panda
Targets in Vietnam
Vietnamese cyber-security firm VinCSS detects a Chinese state-sponsored group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister.
Targeted Attack
Y Multiple Industries
CE
VN
VinCSS, Mustang Panda, Coronavirus
394
10/03/2020
?
Multiple targets
Researchers from Cybereason discover a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT.
Malware
Y Multiple Industries
CC
>1
Cybereason, njRAT
395
10/03/2020
?
Undisclosed organization in Asia
Researchers from Lastline discover a new campaign spreading the Paradise ransomware via IQY files.
Malware
Z Unknown
CC
N/A
Lastline, Paradise, ransomware, IQY
396
10/03/2020
?
Undisclosed target
Researchers from Cofense discover a phishing campaigns using YouTube redirects to evade security controls.
Account Hijacking
Z Unknown
CC
N/A
YouTube
397
10/03/2020
?
Multiple targets
Attackers start to exploit a recently discovered vulnerability on ManageEngine Desktop Central.
Vulnerability
Y Multiple Industries
CC
>1
ManageEngine Desktop Central, CVE-2020-10189
398
10/03/2020
?
Wichita State University
Wichita State University notifies 1,762 individuals whose personal information was accessed by hackers between December 3, 2019 and December 5, 2019.
Unknown
P Education
CC
US
Wichita State University
399
10/03/2020
?
Undisclosed company
A global company with an office in Perth is attacked by criminals who demand a $30 million ransom to unlock its computer system in Australia.
Malware
Z Unknown
CC
AU
Perth
400
11/03/2020
?
Champaign-Urbana Public Health District
In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District is hit with a NetWalker ransomware attack.
Malware
Q Human health and social work activities
CC
US
Champaign-Urbana Public Health District, NetWalker, ransomware
401
11/03/2020
?
Global insurance, healthcare, and pharmaceutical organizations
Researchers from Proofpoint discover a new phishing campaign impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails.
Malicious Spam
Y Multiple Industries
CC
>1
Proofpoint, Vanderbilt University Medical Center, HIV
402
11/03/2020
?
Northeast Radiology
Northeast Radiology announces that on January 11, 2020, unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (“PACS”),
Unknown
Q Human health and social work activities
CC
US
Northeast Radiology
403
12/03/2020
?
Facebook Users
Facebook, Twitter and Instagram remove multiple accounts and pages for a coordinated inauthentic behavior on behalf in Ghana and Nigeria on behalf of individuals in Russia, targeting primarily the United States.
Fake Social Network accounts/groups/pages
X Individual
CW
US
Facebook, Instagram, Twitter, Ghana, Nigeria, Russia, United States.
404
12/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover a new campaign distributing a malware cocktail consisting of the Coronavirus Ransomware and the Kpot information-stealing Trojan.
Malware
Y Multiple Industries
CC
>1
MalwareHunterTeam, Coronavirus, Kpot
405
12/03/2020
Vicious Panda
Public sector entity of Mongolia
Researchers from Check Point discover a campaign, dubbed Vicious Panda, carried out by a Chinese APT group on a public sector entity of Mongolia, leveraging the coronavirus pandemic.
Targeted Attack
O Public administration and defence, compulsory social security
CE
MN
Check Point, Mongolia, Coronavirus
406
12/03/2020
?
Open Exchange Rates
Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020.
Account Hijacking
M Professional scientific and technical activities
CC
US
Open Exchange Rates
407
12/03/2020
Turla
Several high-profile Armenian websites
Researchers from ESET discover a watering hole operation targeting several high-profile Armenian websites via a fake Adobe Flash update, delivering two previously undocumented pieces of malware dubbed NetFlash and PyFlash.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AM
ESET, Turla, Adobe Flash, NetFlash, PyFlash
408
12/03/2020
?
Multiple targets
Researchers from IBM X-Force discover a new malware strain dubbed PXJ (AKA XVFXGW).
Malware
Y Multiple Industries
CC
>1
IBM, X-Force, PXJ, XVFXGW
409
13/03/2020
?
The National
The National, a Scottish newspaper, is hit by a DDoS attack.
DDoS
J Information and communication
CC
UK
The National, DDoS
410
13/03/2020
?
Brno University Hospital
The Brno University Hospital, a COVID-19 testing center, is hit by a cyberattack right in the middle of a COVID-19 outbreak.
Malware
Q Human health and social work activities
CC
CZ
Brno University Hospital, COVID-19, Coronavirus
411
13/03/2020
?
Android users
Researchers from Domaintools reveal the details of Covidlock, a ransomware encrypting data on Android devices.
Malware
X Individual
CC
>1
Domaintools, Covidlock, Android
412
13/03/2020
Ancient Tortoise
Multiple targets
Researchers from Agari reveal that the Ancient Tortoise Group is now starting using coronavirus-themed scam emails that take advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts.
Business Email Compromise
Y Multiple Industries
CC
>1
Agari, Ancient Tortoise
413
13/03/2020
?
Aerial Direct
Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
Unknown
J Information and communication
CC
UK
Aerial Direct
414
13/03/2020
?
Healthcare professionals
A new email scam targets healthcare professionals with phishing emails about "coronavirus awareness" - part of a wave of scams capitalizing on the pandemic.
Account Hijacking
Q Human health and social work activities
CC
>1
Coronavirus, COVID-19
415
13/03/2020
?
Randleman Eye Center
Randleman Eye Center discloses a malware attack occurred on January 13.
Malware
Q Human health and social work activities
CC
US
Randleman Eye Center
416
13/03/2020
?
Jay Public School District
The Jay Public School District is hit with a cyber attack.
Unknown
P Education
CC
US
Jay Public School District
417
14/03/2020
?
Facebook Android users
Researchers from Kaspersky discover the CookieThief malware, targeting the Facebook accounts of Android users.
Malware
X Individual
CC
>1
Kaspersky, CookieThief, Facebook, Android
418
14/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover a new backdoor malware called BlackWater pretending to be a COVID-19 information while abusing Cloudflare Workers as an interface to the malware's command and control (C2) server.
AffordaCare Urgent Care Clinic is hit by the Maze ransomware team.
Malware
Q Human health and social work activities
CC
US
AffordaCare Urgent Care Clinic, ransomware, Maze
420
14/03/2020
?
Advanced Urgent Care of the Florida Keys
Advanced Urgent Care of the Florida Keys
Malware
Q Human health and social work activities
CC
US
Advanced Urgent Care of the Florida Keys, ransomware, Maze
421
15/03/2020
?
United States Health and Human Services Department
The United States Health and Human Services Department's web site is hit with a DDoS cyber attack in the middle of the Coronavirus outbreak.
DDoS
O Public administration and defence, compulsory social security
CC
US
United States Health and Human Services Department, Coronavirus
422
15/03/2020
?
Townhall of Marseille and the metropolis.
The townhall of Marseille is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Marseille, ransomware
423
02/03/2020
?
Vijay Sales
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020.
Misconfiguration
G Wholesale and retail trade
CC
IN
Vijay Sales, AWS
424
02/03/2020
?
GeoCloud
A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information.
Misconfiguration
S Other service activities
CC
IL
GeoCloud, AWS
425
13/03/2020
?
Norwegian Cruise Line
Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records
Unknown
R Arts entertainment and recreation
CC
US
Dynarisk, Norwegian Cruise Line
426
14/03/2020
Maze
Hammersmith Medicines Research (HMR)
Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack.
Energy, construction, and telecoms in the United States
Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool.
Malware
Y Multiple Industries
CC
US
Proofpoint, Coronavirus, COVID-19, Remcos
428
14/03/2020
?
Jamaica National Group
Jamaica National Group is hit with a ransomware attack.
Malware
K Financial and insurance activities
CC
JM
Jamaica National Group, ransomware
429
15/03/2020
?
Bluffton Township Fire District
Bluffton Township Fire District is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Bluffton Township Fire District, ransomware
430
16/03/2020
APT36
Indian government
Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes
431
16/03/2020
?
Single Individuals
Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails.
Malicious Spam
X Individual
CC
>1
ESET, COVID-19, Coronavirus
432
16/03/2020
TA505
U.S. healthcare, manufacturing, and pharmaceuticals industries.
Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries.
Malware
Y Multiple Industries
CC
US
Proofpoint, TA505
433
16/03/2020
?
Single Individuals
Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19, CDC, WHO
434
16/03/2020
?
Multiple targets in the UK
The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.
>1
Y Multiple Industries
CC
UK
National Cyber Security Centre, NCSC, Coronavirus, COVID-19
435
16/03/2020
?
College of DuPage
College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach.
Unknown
P Education
CC
US
College of DuPage
436
16/03/2020
?
Android users
Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app.
Malware
X Individual
CC
>1
Kaspersky, MonitorMinor, Android
437
17/03/2020
?
Multiple targets in the US
Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.”
Malware
Y Multiple Industries
CC
US
Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus
438
17/03/2020
?
Manufacturing and industrial targets in Spain and Portugal
Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader.
Malware
Y Multiple Industries
CC
ES
PT
Proofpoint, COVID-19, Coronavirus, GuLoader
439
17/03/2020
?
Manufacturing, technology, and industrial companies in the Netherlands
Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials.
Account Hijacking
Y Multiple Industries
CC
NL
Proofpoint, COVID-19, Coronavirus
440
17/03/2020
?
Italian users
Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users.
Malware
X Individual
CC
IT
Cybaze-Yoroi Zlab, Ursnif
441
17/03/2020
?
Vimeo users
Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft.
Malware
X Individual
CC
>1
Vimeo
442
17/03/2020
?
Town of Houlton Police
The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019.
Malware
O Public administration and defence, compulsory social security
CC
US
Town of Houlton Police
443
17/03/2020
?
Tandem Diabetes Care
Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020
Account Hijacking
Q Human health and social work activities
CC
US
Tandem Diabetes Care
444
17/03/2020
?
Multiple targets
A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data.
Malware
Y Multiple Industries
CC
>1
Ransomware, Nefilim, Nemty
445
18/03/2020
?
Multiple targets
Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products.
Vulnerability
Y Multiple Industries
CC
>1
Trend Micro, CVE-2020-8467, CVE-2020-8468
446
18/03/2020
Molerats group (AKA Gaza CyberGang)
Arabic speakers interested in Palestine’s potential acceptance of the peace plan
Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan.
Targeted Attack
X Individual
CE
PS
IBM X-Force, EnigmaSpark, Middle East
447
18/03/2020
?
Telecommunications providers, universities and financial service
Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data.
Malware
Y Multiple Industries
CE
>1
Bitdefender, Trickbot
448
18/03/2020
?
NutriBullet
Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks.
Malicious Script Injection
G Wholesale and retail trade
CC
US
RiskIQ, NutriBullet, Magecart
449
18/03/2020
?
Android users in Libya
Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals.
Targeted Attack
X Individual
CE
LY
Lookout, Android, COVID-19, Libya
450
18/03/2020
?
US retail companies
Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click.
Account Hijacking
G Wholesale and retail trade
CC
US
Proofpoint, COVID-19, Coronavirus
451
18/03/2020
?
Blizzard
Blizzard is hit with a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Blizzard
452
19/03/2020
?
Keen
Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis.
DDoS
G Wholesale and retail trade
CC
US
Keen, COVID-19, Coronavirus
453
19/03/2020
?
Brooks International
The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom.
Malware
M Professional scientific and technical activities
CC
PK
Sodinokibi, ransomware, Brooks International
454
19/03/2020
?
Single Individuals
Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets".
Malicious Spam
X Individual
CC
>1
COVID-19, Coronavirus
455
19/03/2020
?
Single Individuals
The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington.
Malicious Spam
X Individual
CC
US
FBI, coronavirus, COVID-19, California, New York, Washington
456
19/03/2020
?
Android users
Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask.
According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil.
Malicious Spam
X Individual
CC
US
AdaptiveMobile, COVID-19, CBD oil
458
19/03/2020
?
Single Individuals
Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
Malware
X Individual
CC
>1
IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye
459
19/03/2020
APT28, AKA Fancy Bear, Sednit, and Pawn Storm
Multiple targets
Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019.
A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs Redline, an information-stealing malware.
Malware
X Individual
CC
>1
COVID-19, Coronavirus, Folding@Home, Redline
461
19/03/2020
?
Takeaway
The German food delivery service Takeaway is hit with a DDoS attack.
DDoS
I Accommodation and food service activities
CC
DE
Takeaway
462
19/03/2020
Mespinoza/Pysa
Local government authorities in France
The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities.
Malware
O Public administration and defence, compulsory social security
CC
FR
Mespinoza, Pysa, ransomware
463
19/03/2020
TA505 AKA Evil Corp
Businesses in Germany
Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives.
Malware
Y Multiple Industries
CC
DE
Prevailion, TA505, Evil Corp
464
20/03/2020
?
General Electric (GE) via Canon Business Process Services
General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February.
Account Hijacking
C Manufacturing
CC
US
General Electric, GE, Canon Business Process Services
465
20/03/2020
Digital Revolution
InformInvestGroup CJSC
Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices.
Unknown
M Professional scientific and technical activities
CC
RU
Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT
466
20/03/2020
?
Finastra
Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack.
Malware
V Fintech
CC
UK
Finastra, ransomware
467
20/03/2020
?
Single Individuals in the US
FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.
Account Hijacking
X Individual
CC
US
FBI, Internet Crime Complaint Center, IC3
468
20/03/2020
?
Zyxel devices
Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet.
Vulnerability
Y Multiple Industries
CC
>1
Mukashi, Mirai, Zyxel, CVE-2020-9054
469
20/03/2020
?
University of Utah Health
The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah Health
470
20/03/2020
?
Rotherham Council
Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field.
Account Hijacking
O Public administration and defence, compulsory social security
CC
UK
Rotherham Council
471
20/03/2020
?
Oregon Department of Human Services
The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Oregon Department of Human Services
472
20/03/2020
?
Golden Valley Health Centers
Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3.
Account Hijacking
Q Human health and social work activities
CC
US
Golden Valley Health Centers
473
21/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware.
Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks.
Vulnerability
Y Multiple Industries
CC
>1
Lilin
475
21/03/2020
?
Bitcoin users
It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks.
Account Hijacking
V Fintech
CC
>1
Bitcoin, Crypto, QR-Code gernerator
476
23/03/2020
?
World Health Organization
Reuters reveal that hackers tried to break into the World Health Organization earlier this month
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
INT
Reuters, World Health Organization, WHO
477
23/03/2020
?
Multiple targets
Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix.
Targeted Attack
Y Multiple Industries
CC
>1
Microsoft, ADV200006
478
23/03/2020
?
538 million users of Chinese social network Weibo
The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online.
Unknown
X Individual
CC
CN
Weibo
479
23/03/2020
?
SIngle Individuals
Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
480
23/03/2020
?
Single Individuals
Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme.
Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet.
Malware
X Individual
CC
>1
Malwarebytes, Coronavirus, COVID-19
482
23/03/2020
?
Single Individuals
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails.
Malware
X Individual
CC
US
HHS, COVID-19, Coronavirus
483
23/03/2020
?
118 118 Money
118 118 Money writes to personal loans and credit card customers to notify an intrusion.
Unknown
K Financial and insurance activities
CC
UK
118 118 Money
484
23/03/2020
?
LTI Power System
LTI Power System is hit with a ransomware attack.
Malware
C Manufacturing
CC
US
LTI Power System, ransomware
485
24/03/2020
?
Industrial-related entities in the Middle East
Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan.
Targeted Attack
Y Multiple Industries
CC
>1
Kaspersky, WildPressure, Milum
486
24/03/2020
?
Android users
Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net.
Malware
X Individual
CC
>1
Check Point, Tekya, Haken
487
24/03/2020
?
Banking users in Spain
Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Ginp, Coronavirus Finder
488
24/03/2020
TwoSail Junk
iOS Users in Hong Kong
Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy.
Targeted Attack
X Individual
CE
HK
Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk
489
24/03/2020
?
Netflix users
Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Netflix, Coronavirus, COVID-19
490
24/03/2020
?
Bank customers in Germany
Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction.
Malware
K Financial and insurance activities
CC
DE
IBM X-Force, TrickMo, Android, TrickBot
491
24/03/2020
?
Twitter users
Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Twitter, coronavirus, COVID-19
492
24/03/2020
?
PropTiger
Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018.
Unknown
L Real estate activities
CC
IN
PropTiger
493
25/03/2020
APT41
Multiple targets
Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
Targeted Attack
Y Multiple Industries
CE
>1
FireEye, APT41
494
25/03/2020
?
Tupperware
Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Tupperware, Magecart, Malwarebytes
495
25/03/2020
?
Daniel's Hosting
The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases.
Unknown
S Other service activities
CC
DE
Daniel's Hosting
496
25/03/2020
Palesa
AMD
AMD admits that a hacker has stolen files related to some of its graphics products.
Unknown
C Manufacturing
CC
US
AMD, Palesa
497
25/03/2020
?
Linksys Routers
Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer.
Malware
Y Multiple Industries
CC
>1
Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19
498
25/03/2020
?
Single Individuals
Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.
Malware
X Individual
CC
>1
Doctor Web, Google Chrome
499
25/03/2020
?
Websites using Wordpress
The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
Malicious Wordpress Plugin
Y Multiple Industries
CC
>1
WordPress, WP-VCD, Coronavirus, COVID-19
500
25/03/2020
?
Town of Jupiter
The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Jupiter, REvil, Sodinokibi, ransomware
501
26/03/2020
China
North Korea
Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
China, North Korea, Google
502
26/03/2020
Maze
Chubb
Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack.
Malware
K Financial and insurance activities
CC
CH
Chubb, Maze, ransomware
503
26/03/2020
DoppelPaymer
Kimchuk
Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware
Malware
C Manufacturing
CC
US
Kimchuk, DoppelPaymer, ransomware
504
26/03/2020
FIN7
Multiple targets
The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor.
Targeted Attack
K Financial and insurance activities
CC
US
FIN7, GRIFFON , FBI
505
26/03/2020
Ryuk
US health care provider
A US health care provider is hit with the Ryuk ransomware.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware
506
26/03/2020
?
Undisclosed US hospitality provider
Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack.
Malware
Q Human health and social work activities
CC
US
Trustwave, BadUSB
507
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update.
Account Hijacking
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
508
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a new spam campaign exploiting COVID-19.
Malicious Spam
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
509
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections.
Malware
X Individual
CC
IT
Forcepoint, COVID-19, Coronavirus
510
27/03/2020
Silence and TA505
At least two companies operating in pharmaceutical and manufacturing sectors have been affected
Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322
Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked.
Unknown
J Information and communication
CC
US
Social Bluebook
512
27/03/2020
?
U.S. Small Businesses
Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA).
Malware
Y Multiple Industries
CC
US
IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA
513
27/03/2020
?
Multiple targets in Australia
The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity.
Account Hijacking
Y Multiple Industries
CC
AU
Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus
514
28/03/2020
?
4.9 million Georgian citizens
The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum.
Unknown
O Public administration and defence, compulsory social security
CC
GE
Georgia
515
28/03/2020
?
Single Individuals
Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member.
Malicious Spam
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
516
28/03/2020
Two malicious groups
Multiple targets
Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks.
Vulnerability
Y Multiple Industries
CC
>1
Qihoo 360, DrayTek
517
28/03/2020
?
Teaching Council
A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared.
Account Hijacking
P Education
CC
IE
Teaching Council
518
29/03/2020
Saudi Arabia?
Saudi citizens in the US
Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US.
Vulnerability
X Individual
CE
SA
Saudi Arabia
519
29/03/2020
?
Single Individuals
A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.
Malware
X Individual
CC
>1
COVID-19, Coronavirus
520
30/03/2020
?
Major banks from the US, Canada, and Australia
Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus
521
30/03/2020
?
Multiple targets
FBI warns about Zoom bombing as hijackers take over school and business video conferences.
Misconfiguration
Y Multiple Industries
CC
>1
FBI, Zoom bombing
522
30/03/2020
?
Multiple targets in the US
The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.
Targeted Attack
Y Multiple Industries
CE
US
FBI, Kwampirs
523
30/03/2020
?
YouTuber users
A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates.
Account Hijacking
X Individual
CC
>1
YouTube, Ponzi scam, Bill Gates.
524
30/03/2020
?
GoDaddy.com
A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com.
Account Hijacking
J Information and communication
CC
US
GoDaddy.com, escrow.com.
525
30/03/2020
"Samaneye Shekar” meaning “Hunting system”
42 million Iranian citizens
The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online.
Unknown
X Individual
CC
IR
HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system
526
31/03/2020
?
Marriott
Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February.
Account Hijacking
I Accommodation and food service activities
CC
US
Marriott
527
31/03/2020
?
Specific Asian religious and ethnic group
Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group.
Targeted Attack
X Individual
CE
>1
Kaspersky, Holy Water
528
31/03/2020
?
Multiple targets
Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files.
Malware
Y Multiple Industries
CC
>1
Mimecast, LimeRAT, Excel
529
31/03/2020
?
Single Individuals
Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear.
Account Hijacking
X Individual
CC
>1
Cofense, COVID-19, Coronavirus
530
16/03/2020
?
Avalon Health Care Management
Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Avalon Health Care Management
531
26/03/2020
Bassterlord
Indian State Tax Office
A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum,
Unknown
O Public administration and defence, compulsory social security
CC
IN
Bassterlord
532
26/03/2020
?
Meadville Medical Center
Meadville Medical Center is hit with a malware attack.
Malware
Q Human health and social work activities
CC
US
Meadville Medical Center
533
27/03/2020
?
SBTech
SBTech is hit with a ransomware infection
Malware
R Arts entertainment and recreation
CC
MA
SBTech, ransomware
534
27/03/2020
?
Brandywine Urology Consultants
Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27.
Malware
Q Human health and social work activities
CC
US
Brandywine Urology Consultants, ransomware
535
30/03/2020
Maze
BetUS
Online gambling operator BetUS is the latest target of the Maze ransomware gang.
Malware
R Arts entertainment and recreation
CC
CW
BetUS, Maze, ransomware
536
31/03/2020
Nefilim
Cosan
The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy.
Malware
C Manufacturing
CC
BR
Nefilim, Cosan, ransomware
537
31/03/2020
?
Android users
Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware.
Malware
X Individual
CC
>1
Bitdefender, Android, Zoom
538
08/04/2020
?
Vulnerable IoT devices
Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks.
Vulnerability
Y Multiple Industries
CC
>1
Bitdefender, Dark_Nexus
539
08/04/2020
?
Bisq
Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users.
Vulnerability
V Fintech
CC
N/A
Bisq, Crypto
540
08/04/2020
?
Cisco Webex users
Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials.
Account Hijacking
X Individual
CC
>1
Cofense, Cisco Webex, COVID-19, Coronavirus
541
08/04/2020
?
Multiple targets
Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Coronavirus, COVID-19
542
09/04/2020
?
Government of North Rhine-Westphalia
The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid.
Account Hijacking
O Public administration and defence, compulsory social security
CC
DE
North Rhine-Westphalia, COVID-19
543
09/04/2020
?
Android users
Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues.
Malware
X Individual
CC
>1
Check Point, coronavirus, COVID-19, Android
544
09/04/2020
?
E-Commerce sites powered by WordPress
Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce.
Malicious Script Injection
Y Multiple Industries
CC
>1
Sucuri, Javascript, WooCommerce
545
09/04/2020
?
Single Individuals
A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam.
Malicious Spam
X Individual
CC
>1
Extortion
546
09/04/2020
?
Single Individuals
Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump.
Account Hijacking
X Individual
CC
US
Inky, White House, Mike Pence, Coronavirus, COVID-19
547
09/04/2020
?
DESMI
DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack.
Malware
C Manufacturing
CC
DK
DESMI, ransomware
548
09/04/2020
?
Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com
Someone is selling personal details of 45,000 Iranians on the dark web.
Unknown
X Individual
CC
IR
Niazpardaz[.]ir, Arzi24[.]com
549
10/04/2020
?
Mediterranean Shipping Co (MSC)
Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack.
Malware
H Transportation and storage
CC
CH
Mediterranean Shipping Co, (MSC)
550
10/04/2020
Protag
Quidd
Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.
Unknown
R Arts entertainment and recreation
CC
US
Quidd
551
10/04/2020
Nefilim
MAS Holdings
The Nefilim ransomware group operators leak the data of MAS Holdings.
Malware
C Manufacturing
CC
LK
Nefilim, Mas Holdings, ransomware
552
10/04/2020
?
Single Individuals
Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials.
Credential Stuffing
X Individual
CC
>1
IntSights, Zoom
553
10/04/2020
?
Saint Francis Ministries
An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019.
Account Hijacking
S Other service activities
CC
US
Saint Francis Ministries
554
10/04/2020
?
Single Individuals
Researchers from Sophos reveal a surge in sextortion emails.
Malicious Spam
X Individual
CC
>1
Sophos, Sextortion
555
10/04/2020
?
115 million Pakistani mobile users
Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data.
Unknown
X Individual
CC
PK
Rewterz, Pakistan
556
11/04/2020
?
Monte dei Paschi
Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30.
Account Hijacking
K Financial and insurance activities
CC
IT
Monte dei Paschi
557
11/04/2020
?
Lafayette Regional Rehabilitation Hospital
Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months.
Account Hijacking
Q Human health and social work activities
CC
US
Lafayette Regional Rehabilitation Hospital
558
12/04/2020
?
Single Individuals
A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers.
Malware
X Individual
CC
>1
Ransomware
559
12/04/2020
?
New York State
New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States.
Vulnerability
O Public administration and defence, compulsory social security
CE
US
New York State
560
12/04/2020
?
Doctors based in the US
A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States.
Unknown
Q Human health and social work activities
CC
US
561
13/04/2020
?
Single Individuals
Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums.
Credential Stuffing
X Individual
CC
>1
Cyble, 500,000, Zoom
562
13/04/2020
?
Hartford HealthCare
Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year.
Account Hijacking
Q Human health and social work activities
CC
US
Hartford HealthCare
563
13/04/2020
?
Government agencies involved in the procurement of personal protective equipment and other supplies
The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
US
FBI, COVID-19, Coronavirus
564
13/04/2020
?
Accounts of banking customers in Spain
Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Grandoreiro, Chrome
565
13/04/2020
?
Doctors Community Medical Center
Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January.
Account Hijacking
Q Human health and social work activities
CC
US
Doctors Community Medical Center
566
14/04/2020
Ragnar Locker
Energias de Portugal (EDP)
Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).
Malware
D Electricity gas steam and air conditioning supply
CC
PT
Energias de Portugal (EDP),
567
14/04/2020
?
Chrome Users
Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort.
Malicious Browser Extension
X Individual
CC
>1
Google, Chrome, MyCrypto, PhishFort, crypto
568
14/04/2020
?
Single Individuals
Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads.
Server-Side Ad Insertion (SSAI) Hijacking
X Individual
CC
>1
White Ops, ICEBUCKET, Smart TVs
569
14/04/2020
?
Canadian government healthcare organization
Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic.
Medical organizations and medical research facilities located in Japan and Canada
Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware.
Malware
Q Human health and social work activities
CC
CA
JP
Palo Alto, AgentTesla, COVID-19, Coronavirus
572
14/04/2020
?
GitHub users
GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes.
Account Hijacking
Y Multiple Industries
CC
>1
GitHub, Sawfish
573
14/04/2020
?
Individuals in the US
Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails.
Malware
X Individual
CC
US
Fortinet, NetWire, IRS, COVID-19, Coronavirus
574
14/04/2020
TA505
Multiple targets
Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT.
Malware
Y Multiple Industries
CC
>1
IBM X-Force, TA505, SDBbot
575
14/04/2020
?
Two Manitoba law firms
Two Manitoba law firms are hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Manitoba, ransomware
576
14/04/2020
?
Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.
Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app.
Malware
Y Multiple Industries
CE
>1
Trend Micro, Project Spy, COVID-19
577
15/04/2020
Syrian Electronic Army (SEA)
Single Individuals in Syria
Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens.
Malware
X Individual
CE
SY
Lookout, COVID-19, Coronavirus
578
15/04/2020
International Union of Virtual Media (IUVM) (linked to Iran)
Social Network users
Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter.
Fake Social Network accounts/groups/pages
X Individual
CW
>1
Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM
579
15/04/2020
Satan
Mercantile Communications Pvt Ltd
A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd.
DNS Hijacking
J Information and communication
CC
NP
Mercantile Communications Pvt Ltd, Satan
580
15/04/2020
?
Valorant players
Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys.
Malware
R Arts entertainment and recreation
CC
>1
Valorant
581
15/04/2020
?
Single Individuals
Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19
Business Email Compromise
X Individual
CC
US
Trustwave, COVID-19, Coromnavirus
582
15/04/2020
?
Wappalyzer
Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20.
Misconfiguration
M Professional scientific and technical activities
CC
AU
Wappalyzer
583
15/04/2020
?
Customers of the main Portuguese banks
A new Android Trojan-Banker targets customers of the main Portuguese banks.
Malware
K Financial and insurance activities
CC
PT
Android, Trojan-Banker
584
15/04/2020
?
Single Individuals
Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak.
Account Hijacking
X Individual
CC
>1
Mimecast, COVID-19, Coronavirus
585
15/04/2020
Hidden Cobra
US and western financial institutions
The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions.
Targeted Attack
K Financial and insurance activities
CC
>1
DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA
586
15/04/2020
?
Applications Software Technologies
Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account.
Account Hijacking
M Professional scientific and technical activities
CC
US
Applications Software Technologies
587
15/04/2020
?
EA Sports
EA Sports is hit by a DDoS attack
DDoS
R Arts entertainment and recreation
CC
US
EA Sports
588
15/04/2020
?
South African Department for Women, Youth, and Persons with Disabilities
The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack.
Zoom bombing
O Public administration and defence, compulsory social security
CC
ZA
South African Department for Women, Youth, and Persons with Disabilities, Zoom
589
03/04/2020
?
Vulnerable ZyXEL routers
Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.
Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts.
Vulnerability
Y Multiple Industries
CC
>1
Sucuri, WordPress, OneTone
591
15/04/2020
?
Vulnerable IoT devices
Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices.
Malware
Y Multiple Industries
CC
>1
NetLab 360, Moobot, Mirai
592
16/04/2020
Foreign government hackers
Companies conducting research into treatments for COVID-19
The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, COVID-19
593
16/04/2020
?
Azerbaijan government and utility companies
Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AZ
Cisco Talos, PoetRAT, COVID-19
594
16/04/2020
?
Ruby Users
Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards.
Malware
Y Multiple Industries
CC
>1
ReversingLabs, RubyGems, Ruby
595
16/04/2020
?
Single Individuals
Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer.
Malvertising
X Individual
CC
>1
Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0
596
17/04/2020
?
Aptoide
A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications.
SQL Injection
J Information and communication
CC
PT
Aptoide, Android
597
17/04/2020
Trickbot
Multiple targets
Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message.
Malware
Y Multiple Industries
CC
>1
Microsoft, Trickbot, COVID-19, Coronavirus
598
17/04/2020
Clop
ExecuPharm
U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom.
Malware
Q Human health and social work activities
CC
US
ExecuPharm, Clop
599
17/04/2020
?
Organizations in Italy
Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy.
Malware
Y Multiple Industries
CC
IT
Cybaze-Yoroi ZLab, Ursnif
600
17/04/2020
?
PrimoHoagies
PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.
Malicious Script Injection
I Accommodation and food service activities
CC
US
PrimoHoagies
601
17/04/2020
?
Banking users
Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan.
Malware
K Financial and insurance activities
CC
>1
Trustwave, Excel, COVID-19, Gozi
602
17/04/2020
?
Aurora Medical Center Bay Area
Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Aurora Medical Center Bay Area
603
17/04/2020
?
Olean City
Olean City is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Olean City. Ransomware
604
18/04/2020
?
Cognizant
Information technologies services giant Cognizant is hit by the Maze Ransomware.
Malware
M Professional scientific and technical activities
CC
US
Cognizant, Maze
605
18/04/2020
?
Webkinz World,
A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz.
SQL Injection
R Arts entertainment and recreation
CC
CA
Webkinz World, Ganz
606
19/04/2020
?
Uniswap
Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful.
Vulnerability
V Fintech
CC
US
Uniswap, Crypto
607
19/04/2020
?
Lendf.me
The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught.
Vulnerability
V Fintech
CC
N/A
Lendf.me, crypto
608
19/04/2020
?
Facebook users
Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums.
Misconfiguration
X Individual
CC
>1
Cyble, Facebook
609
19/04/2020
?
UniCredit
Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack.
SQL Injection
K Financial and insurance activities
CC
IT
UniCredit
610
19/04/2020
?
Energy, manufacturing, and business services in the United States
Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account.
Account Hijacking
Y Multiple Industries
CC
US
Proofpoint, Zoom, COVID-19
611
19/04/2020
TA4562
Manufacturing industrial, marketing/advertising, technology, IT and construction companies
Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Zoom, COVID-19, TA4562
612
19/04/2020
?
Danish Agro
Danish Agro is hit with a ransomware attack.
Malware
S Other service activities
CC
DK
Danish Agro, ransomware
613
20/04/2020
Winnti (aka APT41, BARIUM, Blackfly).
Gravity
Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game.
Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr.
Zoom Bombing
S Other service activities
CC
US
Zoom, Believr
615
20/04/2020
?
Chartered Institute for Securities and Investments (CISI)
The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website.
Malicious Script Injection
S Other service activities
CC
UK
Chartered Institute for Securities and Investments, CISI
616
20/04/2020
?
Brandywine Counseling and Community Services
Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020.
Malware
Q Human health and social work activities
CC
US
Brandywine Counseling and Community Services, ransomware
617
21/04/2020
?
Nintendo users
Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system.
Account Hijacking
R Arts entertainment and recreation
CC
JP
Nintendo, Nintendo Network ID, NNID
618
21/04/2020
?
China's Uyghur minority
Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority.
Targeted Attack
X Individual
CE
CN
Volexity, Insomnia, iOS, Uyghur
619
21/04/2020
?
Zoom users in corporate environments
Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, COVID-19
620
21/04/2020
DoppelPaymer
City of Torrance
The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
The City of Torrance, DoppelPaymer
621
21/04/2020
?
US healthcare providers
The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.
Malware
Q Human health and social work activities
CC
US
FBI, COVID-19
622
21/04/2020
?
Single Individuals
A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds.
Malware
X Individual
CC
>1
CoronaLocker, COVID-19
623
21/04/2020
?
Oil and gas industries in multiple countries
Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
>1
Bitdefender, Agent Tesla
624
21/04/2020
?
Parkview Medical Center
Parkview Medical Center is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Parkview Medical Center, ransomware
625
21/04/2020
?
Single Individuals
Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp.
Account Hijacking
X Individual
CC
>1
ZeroFOX, WhatsApp, COVID-19
626
21/04/2020
?
Whisky Auctioneer
An online auction of rare whiskies is postponed indefinitely following a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Whisky Auctioneer
627
21/04/2020
?
Banking users in Spain, Portugal, Brazil and other parts of Latin America
Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America.
Malware
K Financial and insurance activities
CC
>1
BM X-Force, Banking.BR
628
22/04/2020
State-sponsored actor
Multiple targets
Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018.
Targeted Attack
Y Multiple Industries
CE
>1
ZecOps, iPhone, iPad
629
22/04/2020
?
Valve
The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked
Unknown
R Arts entertainment and recreation
CC
US
Valve
630
22/04/2020
Government-backed attackers
US government workers
Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials.
Account Hijacking
O Public administration and defence, compulsory social security
CE
US
Google's Threat Analysis Group, TAG, Gmail
631
22/04/2020
Tag Barnakle
Vulnerable AD servers
Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware.
Malvertising
Y Multiple Industries
CC
>1
Confiant, Tag Barnakle, Revive
632
22/04/2020
?
Multiple targets
A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network.
Account Hijacking
Y Multiple Industries
CC
>1
Phishing
633
22/04/2020
?
SIngle Individuals
Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months.
Malicious Spam
X Individual
CC
>1
Sophos
634
23/04/2020
Jerusalem Electronic Army (J.E.Army)
Water supply and treatment facilities in Israel
The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.
Unknown
E Water supply, sewerage waste management, and remediation activities
CE
IL
Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD
635
23/04/2020
Ocean Lotus AKA APT32
Wuhan government and Chinese Ministry of Emergency Management
Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic.
GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.
Account Hijacking
J Information and communication
CC
US
GoDaddy
637
23/04/2020
?
US Universities
Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT.
Malware
P Education
CC
US
Hupigon RAT
638
23/04/2020
Sodinokibi
SeaChange
SeaChange is hit with the Sodinokibi ransomware.
Malware
J Information and communication
CC
US
SeaChange, Sodinokibi, ransomware
639
23/04/2020
?
Multiple targets
The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells.
Web Shells
Y Multiple Industries
CC
US
AU
National Security Agency, NSA, Australian Signals Directorate, ASD
640
23/04/2020
?
Multiple targets
Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Skype, COVID-19
641
23/04/2020
?
Organizations in both public and private sectors, including financial institutions.
Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency.
Malware
Y Multiple Industries
CC
PE
ESET, VictoryGate, Crypto, Monero
642
23/04/2020
Florentine Banker
Israeli and UK financial firms
Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions.
Business Email Compromise
K Financial and insurance activities
CC
IL
UK
Florentine Banker, Check Point
643
24/04/2020
?
Small business owners
Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses.
Account Hijacking
Y Multiple Industries
CC
US
Abnormal Security, US Payroll Protection
644
24/04/2020
?
Multiple targets
A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
Account Hijacking
Y Multiple Industries
CC
>1
BazarBackdoor, TrickBot
645
24/04/2020
?
US and South Korean financial organizations and banks
Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash.
Unknown
K Financial and insurance activities
CC
US
KR
Group-IB, Joker's Stash
646
24/04/2020
?
Single Individuals
Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
Account Hijacking
X Individual
CC
US
Inky, U.S. Federal Reserve, COVID-19
647
24/04/2020
?
Single Individuals
Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware.
Malware
X Individual
CC
US
NHS, COVID-19
648
24/04/2020
?
Illinois Valley Community College
Illinois Valley Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Illinois Valley Community College, ransomware
649
25/04/2020
Asnarök
Vulnerable Sophos XG Firewalls
Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök.
SQL Injection
Y Multiple Industries
CC
>1
Sophos, XG, Asnarök
650
25/04/2020
THE0TIME
Huiying Medical Technology
Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data.
Unknown
C Manufacturing
CC
CN
Cyble, Huiying Medical Technology, COVID-19, THE0TIME
651
26/04/2020
?
Robert Dyas
Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.
Malicious Script Injection
G Wholesale and retail trade
CC
UK
Robert Dyas
652
27/04/2020
?
Multiple targets
Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.
Account Hijacking
Y Multiple Industries
CC
>1
Kaspersky, COVID-19, FedEx, UPS, DHL
653
27/04/2020
?
Lumberton Township Public Schools in Burlington County
Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students.
Zoom Bombing
P Education
CC
US
Lumberton Township Public Schools, Burlington County, Zoom
654
27/04/2020
Sodinokibi AKA Revil
CivicSmart
CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Sodinokibi, Revil, CivicSmart, Ransomware
655
28/04/2020
Light
Zaha Hadid Architects
A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand.
Malware
M Professional scientific and technical activities
CC
UK
Zaha Hadid Architects, Light, ransomware
656
28/04/2020
?
Android users
Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action.
Malware
X Individual
CC
>1
Check Point, Lucy, FBI, ransomware, Android
657
28/04/2020
?
Single Individuals
Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency.
Malware
X Individual
CC
>1
Microsoft, torrent
658
28/04/2020
?
Vulnerable Wordpress servers
Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress
659
28/04/2020
Ocean Lotus AKA APT32?
Android devices in countries including India, Vietnam, Bangladesh, and Indonesia.
Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
Malware
X Individual
CE
>1
Kaspersky, PhantomLance, Google Play, Android
660
28/04/2020
Outlaw Hacking Group
Multiple targets in Europe
Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations.
Malware
Y Multiple Industries
CC
>1
Cybaze-Yoroi ZLab, Outlaw
661
28/04/2020
?
Banking users especially in Brazil, Mexico, Spain and Peru
Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru.
Malware
K Financial and insurance activities
CC
>1
ESET, Grandoreiro, COVID-19
662
28/04/2020
?
Organizations in Healthcare
Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare.
Malware
Q Human health and social work activities
CC
>1
Microsoft, ransomware, COVID-19
663
28/04/2020
?
Zoom users
Researchers at IntSights discover multiple Zoom databases on underground forums.
Credential stuffing
Y Multiple Industries
CC
>1
IntSights, Zoom
664
29/04/2020
?
High-profile Estonian individuals
The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee.
Vulnerability
O Public administration and defence, compulsory social security
CE
EE
KaPo, Mail.ee.
665
29/04/2020
?
Chegg
Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers.
Unknown
M Professional scientific and technical activities
CC
US
Chegg
666
29/04/2020
?
Single Individuals
Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer.
Malware
X Individual
CC
>1
TrendMicro, COVID-19, Coronavirus, RevCode, Zoom
667
29/04/2020
?
Multiple targets
Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic.
Brute-force
Y Multiple Industries
CC
>1
Kaspersky, RDP, COVID-19, Coronavirus
668
29/04/2020
?
UseNeXT and Usenet.nl
UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company."
Unknown
J Information and communication
CC
DE
NL
UseNeXT, Usenet.nl, Usenet
669
29/04/2020
?
Undisclosed Multinational conglomerate
Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server.
Malware
Z Unknown
CC
N/A
Check Point, Android, Cerberus, Ransomware
670
29/04/2020
Aggah
Multiple targets
Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT
671
29/04/2020
?
PaperlessPay Corporation
PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers.
SQL Injection
M Professional scientific and technical activities
CC
US
PaperlessPay Corporation
672
30/04/2020
PerSwaysion
High-ranking executives at more than 150 companies
Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies.
Account Hijacking
Y Multiple Industries
CE
>1
Group-IB, PerSwaysion
673
30/04/2020
?
Vulnerable WebLogic servers
Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883.
Vulnerability
Y Multiple Industries
CC
>1
Oracle, WebLogic, CVE-2020-2883.
674
30/04/2020
?
Banks and financial services across Europe
Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe
Malware
K Financial and insurance activities
CC
>1
Cybereason, EventBot, Android
675
30/04/2020
?
Multiple targets
Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA).
Malware
K Financial and insurance activities
CC
US
Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19
676
30/04/2020
Netwalker
NWT Power Corporation
NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack
Malware
D Electricity gas steam and air conditioning supply
CC
CA
NWT Power Corporation, Northwest Territories Power Corporation
677
30/04/2020
LockBit
Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia.
Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network.
Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Barracuda Networks, reCAPTCHA, Microsoft
679
30/04/2020
?
Warwick University
The Warwick University reveals to have been breached last year (and tried to cover the breach).
Malware
P Education
CC
UK
Warwick University
680
30/04/2020
?
SWPS University of Humanities and Social Sciences (‘SWPS University’)
The Polish University of Humanities and Social Sciences is hit with a ransomware attack.
Malware
P Education
CC
PL
SWPS, University of Humanities and Social Sciences , ransomware
681
27/04/2020
?
Aeries Student Information System
Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019.
Unknown
M Professional scientific and technical activities
CC
US
Aeries Student Information System
682
18/04/2020
?
Etana Custody
Etana Custody states that its “client user interface was accessed by an unauthorized external party”
Unknown
V Fintech
CC
US
Etana Custody, Crypto
683
01/05/2020
Maze
Banco BCR
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data.
Malware
K Financial and insurance activities
CC
CR
Maze, Banco BCR, ransomware
684
01/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams.
Account Hijacking
O Public administration and defence, compulsory social security
CC
>1
Microsoft Teams, Abnormal Security, COVID-19
685
01/05/2020
?
Single Individuals
A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
Malware
X Individual
CC
>1
LokiBot, Jigsaw, Ransomware
686
01/05/2020
Maze
Nashville Plastic Surgery Institute,
Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware
687
01/05/2020
Maze
Plastic Surgery Center Dr. Kristin Tarbet’s
Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware
688
01/05/2020
Sodinokibi (AKA REvil)
MJ Payne
MJ Payne, a London accountancy firm, suffers a REvil ransomware attack.
Malware
K Financial and insurance activities
CC
UK
MJ Payne, REvil ransomware, Sodinokibi
689
02/05/2020
?
LineageOS
Hackers breach the main infrastructure of the LineageOS Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30.
Vulnerability
M Professional scientific and technical activities
CC
N/A
LineageOS, Salt, CVE-2020-11651, CVE-2020-11652
690
02/05/2020
?
PeroxyChem
PeroxyChem is hit by a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
PeroxyChem, Maze, ransomware
691
03/05/2020
Shiny Hunters
Tokopedia
A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
SQL Injection
G Wholesale and retail trade
CC
ID
Tokopedia, Shiny Hunters
692
03/05/2020
Shiny Hunters
Unacademy
Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users.
Unknown
P Education
CC
IN
Unacademy, Shiny Hunters
693
03/05/2020
?
Naughty Dog
A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket.
Misconfiguration
R Arts entertainment and recreation
CC
US
Naughty Dog, The Last of Us, Amazon S3
694
03/05/2020
?
Ghost
The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer.
Vulnerability
J Information and communication
CC
US
Ghost, Salt, CVE-2020-11651, CVE-2020-11652
695
03/05/2020
?
Digicert
Digicert is compromised as a consequence of the Salt vulnerability.
Vulnerability
M Professional scientific and technical activities
CC
US
Digicert, Salt, CVE-2020-11651, CVE-2020-11652
696
03/05/2020
?
Xen Orchestra
Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability.
Vulnerability
M Professional scientific and technical activities
A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack.
DDoS
P Education
CC
US
Florida Gulf Coast University
699
03/05/2020
?
Dakota Carrier Network
Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware.
Malware
M Professional scientific and technical activities
CC
US
Dakota Carrier Network, Maze, Ransomware
700
04/05/2020
?
Single individuals in France
A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.
Malware
X Individual
CC
FR
VCrypt, ransomware
701
04/05/2020
State-sponsored hackers from Russia, Iran, and China
UK universities and scientific facilities
The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research.
Targeted Attack
P Education
CE
UK
National Cyber Security Centre, NCSC, Russia, Iran, China
702
04/05/2020
?
Financial Organizations
The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations.
Account Hijacking
K Financial and insurance activities
CC
US
Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint
703
04/05/2020
?
Companies across different industries
Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure.
Malicious Spam
Y Multiple Industries
CC
>1
REMCOS, COVID-19
704
04/05/2020
?
Tarkett
French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result:
Malware
C Manufacturing
CC
FR
Tarkett
705
04/05/2020
?
Android users in Ukraine, Russia, Kazakhstan, Turkmenistan
Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app
Malware
X Individual
CC
>1
COVID-19, Android, Bitdefender, SLocker
706
04/05/2020
?
Bukapalak
The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach.
Unknown
G Wholesale and retail trade
CC
ID
Bukapalak
707
04/05/2020
?
York University
York University suffers a "serious" cyber attack.
Unknown
P Education
CC
CA
York University
708
04/05/2020
?
CPC Corp.,
Oil refiner Taiwan's CPC Corp., suffers a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
CPC Corp.,
709
05/05/2020
?
Individuals in UK
Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE.
Account Hijacking
X Individual
CC
UK
Cofense, EE
710
05/05/2020
Government-backed hacking group
Organizations involved in international COVID-19 responses, healthcare, and essential services
A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups
Password-spraying
Q Human health and social work activities
CE
>1
CISA, NCSC, COVID-19
711
05/05/2020
?
Single Individuals
Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon.
Malicious Script Injection
X Individual
CC
>1
Malwarebytes, JavaScript, Magecart
712
05/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Cisco Webex
713
05/05/2020
?
Mercedes-Benz Instagram account
Unknown hackers post swastikas on Mercedes-Benz Instagram account.
Account Hijacking
C Manufacturing
CC
DE
Mercedes-Benz, Instagram
714
05/05/2020
?
Algolia
Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure.
Vulnerability
M Professional scientific and technical activities
CC
US
Algolia, CVE-2020-11651, CVE-2020-11652
715
05/05/2020
?
Linux-based servers and smart IoT devices
Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks.
Malware
Y Multiple Industries
CC
>1
Kaiji
716
05/05/2020
?
BJC HealthCare
BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6.
Account Hijacking
Q Human health and social work activities
CC
US
BJC HealthCare
717
05/05/2020
?
Formosa Petrochemical Corp.,
Formosa Petrochemical Corp., is hit by a malware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
Formosa Petrochemical Corp.,
718
06/05/2020
Snake
Fresenius
Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems.
Malware
Q Human health and social work activities
CC
DE
Fresenius, Snake, Ransomware
719
06/05/2020
Shiny Hunters
Microsoft
A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories
Unknown
M Professional scientific and technical activities
CC
US
Shiny Hunters, Microsoft, GitHub
720
06/05/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor
721
06/05/2020
Lazarus group
Multiple organizations
Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group
722
06/05/2020
?
Multiple E-Commerce servers
The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import).
Vulnerability
G Wholesale and retail trade
CC
>1
FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import
723
06/05/2020
Nefilim
Toll Group
For the second time in three months, Toll Group becomes the victim of a ransomware attack.
Malware
M Professional scientific and technical activities
CC
AU
Toll Group, Nefilim, ransomware
724
06/05/2020
?
44 million Pakistani mobile subscribers
The details of 44 million Pakistani mobile subscribers are leaked online.
Unknown
X Individual
CC
PK
Pakistan
725
06/05/2020
?
Chrome users
11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store.
Malicious browser extension
X Individual
CC
>1
Chrome, Crypto
726
06/05/2020
?
Single Individuals in the US
Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks.
Account Hijacking
X Individual
CC
US
Secureworks Counter Threat Unit, CTU
727
06/05/2020
?
Multiple organizations
Researches from Prevailion discover a new variant of the EVILNUM malware.
Malware
Y Multiple Industries
CC
>1
Researches from Prevailion discover a new variant of the EVILNUM malware.
728
07/05/2020
Silver Terrier
Multiple organizations
Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response.
Business Email Compromise
Y Multiple Industries
CC
>1
Silver Terrier, Palo Alto Networks, COVID-19
729
07/05/2020
Naikon APT
Several national government entities in the Asia Pacific (APAC) region
Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Check Point, Aria-body, Naikon APT
730
07/05/2020
?
Ruhr University Bochum (RUB)
The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7.
Malware
P Education
CC
DE
Ruhr University Bochum, RUB, ransomware
731
07/05/2020
DonJuji
MobiFriends
The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019
Unknown
R Arts entertainment and recreation
CC
ES
MobiFriends, DonJuji
732
07/05/2020
?
Web applications built on the ASP.NET
Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework.
Vulnerability
Y Multiple Industries
CC
>1
Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto
733
07/05/2020
?
Fitness class
A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage.
Zoom bombing
R Arts entertainment and recreation
CC
UK
Zoom
734
07/05/2020
Maze
Sparboe Companies
The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Sparboe Companies, Maze
735
07/05/2020
?
Giannis Antetokounmpo's Twitter account
NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked.
Account Hijacking
X Individual
CC
US
Giannis Antetokounmpo, Twitter, Milwaukee Bucks
736
07/05/2020
?
StorEnvy
The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.
Unknown
G Wholesale and retail trade
CC
US
StorEnvy
737
08/05/2020
Sodinokibi (AKA REvil)
Grubman Shire Meiselas & Sacks (GSMLaw)
The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others.
Malware
N Administrative and support service activities
CC
US
Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross
738
08/05/2020
Attackers linked to Iran
Gilead Sciences
Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus.
Targeted Attack
M Professional scientific and technical activities
CC
>1
Iran, Gilead Sciences Inc, COVID-19
739
08/05/2020
Shiny Hunters
HomeChef
A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web.
Unknown
I Accommodation and food service activities
CC
US
HomeChef, Shiny Hunters
740
08/05/2020
Shiny Hunters
ChatBooks
A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web.
Unknown
M Professional scientific and technical activities
CC
US
ChatBooks, Shiny Hunters
741
08/05/2020
Shiny Hunters
Chronicle.com
Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records).
Unknown
J Information and communication
CC
US
Chronicle.com, Shiny Hunters
742
08/05/2020
?
Texas Office of Court Administration (OCA)
The Texas Office of Court Administration (OCA) is hit by ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Office of Court Administration, Ransomware
743
08/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, DocuSign
744
08/05/2020
?
City Index
Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14.
Unknown
K Financial and insurance activities
CC
UK
City Index
745
09/05/2020
?
Stadler
International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.
Malware
C Manufacturing
CC
CH
Stadler
746
09/05/2020
Shiny Hunters
Bhinneka
Bhinneka has 1.2 million records dumped by Shiny Hunters.
Unknown
G Wholesale and retail trade
CC
ID
Bhinneka, Shiny Hunters
747
09/05/2020
Shiny Hunters
Minted
Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters.
Unknown
R Arts entertainment and recreation
CC
US
Minted, Shiny Hunters
748
09/05/2020
Shiny Hunters
Styleshare
Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked.
Unknown
J Information and communication
CC
KR
Styleshare, Shiny Hunters
749
09/05/2020
Shiny Hunters
Ggumim
Ggumim suffers 2 million records leaked by Shiny Hunters.
Unknown
Z Unknown
CC
KR
Shiny Hunters, Ggumim
750
09/05/2020
Shiny Hunters
Mindful
2 Million accounts from Mindful are leaked by the Shiny Hunters.
Unknown
Q Human health and social work activities
CC
US
Shiny Hunters, Mindful
751
09/05/2020
Shiny Hunters
Star Tribune
1 Million accounts from the Star Tribune are leaked by the Shiny Hunters.
Unknown
J Information and communication
CC
US
Shiny Hunters, Star Tribune
752
09/05/2020
Shiny Hunters
Zoosk
The Shiny Hunters leak 30 million accounts from Zoosk.
Unknown
S Other service activities
CC
>1
Shiny Hunters, Zoosk
753
09/05/2020
?
U.S. Marshals Service
A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019.
Unknown
O Public administration and defence, compulsory social security
CC
US
U.S. Marshals Service
754
10/05/2020
?
Port of Bandar Abbas
Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz.
Unknown
H Transportation and storage
CW
IR
Bandar Abbas, Strait of Hormuz
755
10/05/2020
?
MyBudget
MyBudget, one of Australia's largest debt-management services is taken down by malware.
Malware
K Financial and insurance activities
CC
AU
MyBudget
756
11/05/2020
Maze
Pitney Bowes
Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files.
Malware
M Professional scientific and technical activities
CC
US
Pitney Bowes, Maze, Ransomware
757
11/05/2020
ProLock
Diebold Nixdorf
Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations.
Malware
C Manufacturing
CC
US
Diebold Nixdorf, ProLock, ransomware
758
11/05/2020
?
WeLeakData.com
The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site.
Unknown
S Other service activities
CC
N/A
WeLeakData.com
759
11/05/2020
?
Banking users in Brazil
Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure.
Malware
K Financial and insurance activities
CC
BR
Cisco Talos, Astaroth
760
11/05/2020
?
Banking users
Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, Zeus Sphinx, COVID-19
761
11/05/2020
?
Portuguese Banking users
A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight.
Malware
K Financial and insurance activities
CC
PT
Lampion, Vodafone Group, COVID-19
762
11/05/2020
?
Multiple organizations
Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, Microsoft
763
12/05/2020
?
Magellan Health Inc
Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.
Malware
Q Human health and social work activities
CC
US
Magellan Health Inc, ransomware
764
12/05/2020
HIDDEN COBRA AKA Lazarus Group
US Companies
The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA.
Targeted Attack
Y Multiple Industries
CE
US
(FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group
765
12/05/2020
Magecart
>1000 websites
Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers.
Malicious Script Injection
Y Multiple Industries
CC
>1
Max Kersten, Magecart
766
12/05/2020
?
ESET
ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times.
DDoS
M Professional scientific and technical activities
CC
SK
ESET, Updates for Android, Google Play Store, Android
767
12/05/2020
?
Nikkei Inc.,
Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack.
Malware
J Information and communication
CC
JP
Nikkei Inc.
768
12/05/2020
Nefilim
W&T Offshore
The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc.,
Malware
D Electricity gas steam and air conditioning supply
CC
US
W&T Offshore, Nefilim
769
13/05/2020
Threat actors affiliated to the People’s Republic of China
US health care, pharmaceutical, and research industry sectors.
The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19
770
13/05/2020
?
Supercomputers across UK, Germany, Switzerland and Spain
Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions.
Malware
P Education
CC
>1
Supercomputers
771
13/05/2020
?
Multiple organizations
Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan.
Malware
Y Multiple Industries
CC
>1
Microsoft, COVID-19, LokiBot
772
13/05/2020
?
Multiple organizations
Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet.
Malware
Y Multiple Industries
CC
>1
ESET, Ramsay
773
13/05/2020
?
Interserve
Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details.
Unknown
M Professional scientific and technical activities
CC
UK
Interserve, Ministry of Defence
774
13/05/2020
?
Bam Construct
Bam Construct is hit by a malware.
Malware
M Professional scientific and technical activities
CC
UK
Bam Construct
775
13/05/2020
Russia
German Chancellor Angela Merkel
German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
DE
Angela Merkel, Russia
776
13/05/2020
?
Single Individuals
Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification,
Account Hijacking
X Individual
CC
>1
Sophos, DHL
777
13/05/2020
?
Wright County
Wright County notifies residents of a phishing attack occurred on January 31, 2019.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Wright County
778
13/05/2020
AKO
North Shore Pain Management
North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang.
Malware
Q Human health and social work activities
CC
US
North Shore Pain Management, AKO, ransomware
779
14/05/2020
?
Norfund
Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million.
Business Email Compromise
K Financial and insurance activities
CC
NO
Norfund
780
14/05/2020
?
Multiple organizations
Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Azure AD, Office 365
781
14/05/2020
Turla APT?
European diplomatic entities
Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Kaspersky, COMpfun, Turla
782
14/05/2020
RATicate
Industrial companies
Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
Targeted Attack
Y Multiple Industries
CE
>1
Sophos, RATicate
783
14/05/2020
?
Multiple organizations
A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury.
Malware
Y Multiple Industries
CC
US
Adwind, U.S. Department of the Treasury, COVID-19
784
14/05/2020
APT from China
Government entities, telecommunications firms, and the gas industry
A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017.
Targeted Attack
Y Multiple Industries
CE
>1
ESET, Avast, China, Mikroceen
785
14/05/2020
?
Elexon
Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware).
Malware
D Electricity gas steam and air conditioning supply
CC
UK
Elexon, ransomware
786
14/05/2020
?
Service NSW
Service NSW reveals to have fallen victim to a phishing attack occurred on April 22.
Account Hijacking
O Public administration and defence, compulsory social security
CC
AU
Service NSW
787
14/05/2020
?
Multiple Organizations
Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8.
Vulnerability
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec
788
14/05/2020
?
Multiple organizations
Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Symantec
789
14/05/2020
?
Saint Paulus Lutheran Church
Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.
Zoom bombing
S Other service activities
CC
US
Saint Paulus Lutheran Church, Zoom
790
14/05/2020
?
Des Moines City Council
A Des Moines civil rights meeting is abandoned after being Zoombombed.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Des Moines City Council, Zoom
791
15/05/2020
?
Online Shops
Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sucuri, WordPress, WooCommerce, Magecart
792
15/05/2020
?
Texas Department of Transportation (TxDOT)
A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT).
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Department of Transportation, TxDOT
793
15/05/2020
?
Car owners in Moscow
A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.
Unknown
X Individual
CC
RU
Russia, Car owners
794
15/05/2020
?
BlueScope
BlueScope confirms it was the victim of a cyber incident.
Unknown
C Manufacturing
CC
AU
BlueScope
795
15/05/2020
Tropic Trooper, AKA KeyBoy
Taiwanese and Philippine military
Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware.
Targeted Attack
O Public administration and defence, compulsory social security
CE
TW
PH
Trend Micro, USBferry, Tropic Trooper, KeyBoy
796
04/05/2020
?
Healthcare, government entities, financial institutions, and retail
The FBI issues a security alert about a new ransomware strain named ProLock, deployed in intrusions at healthcare, government entities, financial institutions, and retail.
Malware
Y Multiple Industries
CC
US
FBI, ProLock, ransomware
797
08/05/2020
?
Nipissing First Nation
Nipissing First Nation is hit by a ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
CA
Nipissing First Nation, ransomware
798
10/05/2020
Powerful Greek Army
North Macedonia’s Ministry of Economy and Finance
A Greek group called Powerful Greek Army leaks dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica
Unknown
O Public administration and defence, compulsory social security
H
MK
Powerful Greek Army, North Macedonia’s Ministry of Economy and Finance, Strumica
799
11/05/2020
?
Bernards Township
Bernards Township is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Bernards Township, ransomware
800
14/05/2020
?
BlockFi
Crypto lending provider BlockFi reports that it suffered a data breach after, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees.
Account Hijacking
V Fintech
CC
US
BlockFi, Crypto
801
14/05/2020
?
Single Individuals in the US
Researchers from the advocacy group Abuse.ch discover a COVID-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan.
Account Hijacking
X Individual
CC
US
COVID-19, Abuse.ch, U.S. Treasury Department
802
14/05/2020
?
9 million customers of the CDEK Express transportation service
Data belonging to nine million customers of the CDEK Express transportation service was is up for sale on the Web for 70 thousand rubles ($950).
Unknown
H Transportation and storage
CC
RU
CDEK Express
803
14/05/2020
?
Covve
Covve, the popular address book app, is identified as the source of a data breach that exposed the details of nearly 23 million individuals.
Unknown
J Information and communication
CC
CY
Covve
804
18/05/2020
?
Undisclosed Target
Researchers from Cofense discover a phishing tactic that leverages the OAuth2 framework and OpenID Connect (OIDC) protocol to access user data.
Account Hijacking
Z Unknown
CC
N/A
Cofense, OAuth2, OpenID Connect
805
18/05/2020
NetWalker
Multiple organizations
Researchers at Trend Micro discover a new fileless version of the NetWalker ransomware.
Malware
Y Multiple Industries
CC
>1
Trend Micro, NetWalker, Ransomware
806
19/05/2020
?
EasyJet
EasyJet admits that a "highly sophisticated cyber-attack" has affected approximately nine million customers. Email addresses and travel details have also been stolen and 2,208 customers had also their credit and debit card details "accessed". The attack was discovered on January.
Targeted Attack
H Transportation and storage
CC
UK
EasyJet
807
19/05/2020
?
Multiple organizations
Microsoft's Security Intelligence team warns of a "massive" COVID-19 themed phishing campaign that attempts to install NetSupport Manager, a remote access tool, by tricking users into opening email attachments containing malicious Excel 4.0 macros.
Malicious Spam
Y Multiple Industries
CC
>1
Microsoft, COVID-19, NetSupport Manager, Excel
808
19/05/2020
?
Banking users
Researchers from Malwarebytes and HYAS reveal the details of Silent Night, a botnet distributed via the RIG exploit kit and COVID-19 spam.
Researches from Cisco Talos reveal the details of WolfRAT, a new Trojan targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform.
Researchers from Agari discover Scattered Canary, a group of business email compromise (BEC) Nigerian scammers targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act.
Business Email Compromise
X Individual
CC
US
Agari, Scattered Canary, BEC, COVID-19, CARES Act
811
19/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the detail of a new campaign impersonating the collaboration software provider, LogMeIn.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, LogMeIn
812
20/05/2020
Winnti Group
Massively multiplayer online (MMO) game developers located in South Korea and Taiwan
Cybersecurity firm ESET releases a report on the Winnti APT group, using PipeMon, a new, modular malware on the systems of several massively multiplayer online (MMO) game developers located in South Korea and Taiwan.
Targeted Attack
R Arts entertainment and recreation
CE
KR
TW
ESET, Winnti, PipeMon
813
20/05/2020
ShinyHunters
Wishbone
ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll.
Unknown
M Professional scientific and technical activities
CC
US
ShinyHunters, Wishbone
814
20/05/2020
?
Banking users in the U.S., Canada, Germany, Poland, and Australia
Researchers from Proofpoint reveal the details of a new version of the ZLoader banking malware seen in more than 100 email campaigns since the beginning of the year.
Malware
K Financial and insurance activities
CC
>1
Proofpoint, ZLoader
815
20/05/2020
CyberWare
Scam companies
A group of hackers calling themselves CyberWare starts targeting scam companies with ransomware and DDoS attacks.
Malware
S Other service activities
CC
N/A
CyberWare
816
20/05/2020
?
Multiple organizations
The FBI issues a security alert about Zoom-bombing.
Zoom bombing
Y Multiple Industries
CC
US
FBI, Zoom bombing
817
21/05/2020
?
Multiple organizations
Researchers from Sophos reveal the details of RagnarLocker, a new ransomware installing virtual machines to avoid detection.
Malware
Y Multiple Industries
CC
>1
Sophos, RagnarLocker, ransomware
818
21/05/2020
Hackers of Savior
2000 Israeli websites
More than 2000 Israeli websites are defaced to show an anti-Israeli message and with malicious code seeking permission to access visitors' webcams. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service.
Defacement
Y Multiple Industries
H
IL
uPress, Hackers of Savior
819
21/05/2020
Ke3chang (AKA APT15, Vixen Panda, Playful Dragon, and Royal APT)
Multiple organizations
Researchers from Intezer discover a new operation from the Ke3chang APT, using a new malware dubbed Ketrum.
Researchers from Armorblox discover a new campaign in disguise of the Supreme Court, using a CAPTCHA page to evade security controls on Office 365.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Supreme Court, CAPTCHA, Office 365
821
21/05/2020
Chafer APT
Governments in Kuwait and Saudi Arabia
Researchers from BitDefender reveal the details of the Iran-linked Chafer APT group, targeting governments in Kuwait and Saudi Arabia
Targeted Attack
O Public administration and defence, compulsory social security
CE
KW
SA
Chafer APT, Iran, BitDefender
822
21/05/2020
?
Multiple organizations
Researchers from Trustwave uncover a new phishing campaigns, taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform.
Account Hijacking
Y Multiple Industries
CC
>1
Trustwave, Google Cloud, Firebase
823
22/05/2020
LulzSecITA
San Raffaele Hospital
Hackers from LulzSecITA leak sensitive data from the San Raffaele Hospital in Milan. Data includes personal details of patients, doctors, nurses, and various employees. The breach occurred two months ago.
SQL Injection
Q Human health and social work activities
H
IT
LulzSecITA, San Raffaele
824
22/05/2020
ShinyHunters
Mathway
ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords.
Unknown
M Professional scientific and technical activities
CC
US
ShinyHunters, Mathway
825
22/05/2020
?
Multiple organizations
Researchers from Sentinel One discover a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers.
A threat actor shares the 2014 voter information for close to 2 million Indonesians on a hacker forum.
Unknown
X Individual
CC
ID
Indonesia
827
22/05/2020
?
EduCBA
Online education site EduCBA starts notifying customers that they are resetting their passwords after suffering a data breach.
Unknown
P Education
CC
IN
EduCBA
828
22/05/2020
?
Italian companies operating in the manufacturing sector.
Researchers from ZLab discover a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector.
Targeted Attack
C Manufacturing
CE
IT
ZLab
829
23/05/2020
?
Unknown resume aggregator
Researchers from Cyble discover a dump containing 29.1M Indian jobseekers personal details, offered for free in the hacking underground.
Unknown
M Professional scientific and technical activities
CC
IN
Cyble
830
23/05/2020
?
Multiple organizations
Researchers from Malwarebytes and HYAS publish a new report related to a new botnet, derived from Zeus, dubbed Silent Night Zeus.
Malware
Y Multiple Industries
CC
>1
Malwarebytes, HYAS, Zeus, Silent Night Zeus.
831
23/05/2020
DoubleGun
Multiple organizations in China
Researchers from NetLab 360 dismantle the infrastructure built by the DoubleGun Group, which had amassed hundreds of thousands of bots controlled via public cloud services, including Alibaba and Baidu Tieba.
Malware
Y Multiple Industries
CC
CN
NetLab 360, DoubleGun Group, Alibaba, Baidu Tieba
832
24/05/2020
?
Multiple Crypto wallets
The hacker that breached the Ethereum.org forum is allegedly selling the databases of several popular crypto hard wallets, including: Ledger, Trezor, and KeepKey.
Account Hijacking
V Fintech
CC
>1
Ethereum.org, Ledger, Trezor, KeepKey, Crypto
833
24/05/2020
?
Discord users
A new version of the AnarchyGrabber Discord malware is released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.
Malware
X Individual
CC
>1
AnarchyGrabber, Discord
834
24/05/2020
?
Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online
Researchers from Cyble discover the databases of three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online
Unknown
S Other service activities
CC
N/A
Nulled.ch, Sinfulsite.com, suxx.to, Cyble
835
25/05/2020
[F]Unicorn
Single individuals in Italy
The Agency for Digital Italy (AgID) discovers a new ransomware threat called [F]Unicorn, encrypting computers in Italy by tricking victims into downloading a fake COVID-19 contact tracing app.
Malware
X Individual
CC
IT
Agency for Digital Italy (AgID), [F]Unicorn, COVID-19
836
25/05/2020
?
More than two dozen SQL databases
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website (over 1.5 million rows).
Unknown
Y Multiple Industries
CC
>1
SQL
837
26/05/2020
Turla
Three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe
Security researchers from ESET have discovered new attacks carried out by Turla via the ComRAT backdoor, taking place in January 2020. The attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
ESET, Turla
838
26/05/2020
?
Arbonne International
Arbonne International exposes the personal information and credentials of thousands after its internal systems were breached by an unauthorized party.
Account Hijacking
M Professional scientific and technical activities
CC
US
Arbonne International
839
26/05/2020
?
Banking users in Portugal
A new version of the Grandoreiro malware is discovered In Portugal.
Malware
K Financial and insurance activities
CC
PT
Grandoreiro
840
27/05/2020
NetWalker
City of Weiz
The Austrian City of Weiz is hit by the NetWalker Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
AT
City of Weiz, ransomware, NetWalker
841
27/05/2020
PonyFinal
Multiple Organizations
Microsoft's security team issues an advisory warning organizations around the globe to deploy protections against PonyFinal a new strain of ransomware that has been in the wild over the past two months.
Malware
Y Multiple Industries
CC
>1
Microsoft, PonyFinal
842
27/05/2020
?
LiveJournal
Blogging platform LiveJournal appears to have suffered a security breach in 2014, and multiple hackers are selling the company's user database on the dark web and on hacking forums (26 million users).
Unknown
J Information and communication
CC
RU
LiveJournal
843
27/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the details of a new campaign impersonating AWS notifications.
Account Hijacking
Z Unknown
CC
N/A
AWS, Abnormal Security
844
27/05/2020
?
47.5 million Indian Truecaller users
Researchers from Cyble discover the data of 47.5 million Indian users, apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller.
Unknown
X Individual
CC
IN
Cyble, Truecaller
845
27/05/2020
"Hack-for-hire" groups operating in India
Employees at financial services, consulting and healthcare firms around the world
"Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from employees at financial services, consulting and healthcare firms around the world, according to Google's Threat Analysis Group.
Account Hijacking
Y Multiple Industries
CC
>1
Google's Threat Analysis Group
846
28/05/2020
?
Cisco Systems
Cisco discloses a security breach that impacted a small part of its backend infrastructure: hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers:
Nippon Telegraph & Telephone (NTT discloses a security breach. Hackers gained access to its internal network from Singapore and stole information on 621 customers from its communications subsidiary, NTT Communications.
Targeted Attack
J Information and communication
CE
JP
NTT, NTT Communications
848
28/05/2020
?
Github users
GitHub issues a security alert warning about Octopus Scanner, a new malware strain that's been spreading on its site via 26 boobytrapped Java projects.
Malware
Y Multiple Industries
CC
>1
GitHub, Octopus Scanner
849
28/05/2020
Sandworm AKA BlackEnergy
Multiple organizations
The US National Security Agency (NSA publishes a security alert warning of a new wave of cyberattacks against Exim email servers, exploiting CVE-2019-10149, conducted by Sandworm.
Targeted Attack
Y Multiple Industries
CE
US
US National Security Agency, NSA, Exim, CVE-2019-10149, Sandworm, BlackEnergy
850
28/05/2020
?
Multiple organizations
Researchers from Cybereason discover a new variant of the Valak malware targeting Microsoft Exchange.
Malware
Y Multiple Industries
CC
>1
Valak, Cybereason, Microsoft Exchange
851
28/05/2020
Netwalker
Michigan State University
The operators of the NetWalker (Mailto) ransomware announce that they've infected the network of Michigan State University
Malware
P Education
CC
US
NetWalker, Mailto, ransomware, Michigan State University
852
28/05/2020
?
Multiple organizations
Researchers at Palo Alto reveal the details of a new version of the Trickbot malware, providing a better method of evading detection.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Trickbot
853
28/05/2020
?
Valorant Players
Researchers from Dr.Web discover fake Android and iOS Valorant apps, promoting scams.
Malware
R Arts entertainment and recreation
CC
>1
Valorant, Dr.Web, iOS, Android
854
28/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the details of a new campaign impersonating the World Health Organization.
Account Hijacking
Z Unknown
CC
N/A
COVID-19, Abnormal Security, WHO, World Health organization
855
28/05/2020
?
City government systems in Minneapolis
City government systems in Minneapolis are taken down by a DDoS attack.
DDoS
O Public administration and defence, compulsory social security
H
US
Minneapolis
856
28/05/2020
?
Single Individuals in India
Security researchers from SonicWall discover fake malicious versions of Aarogya Setu, the Indian government’s coronavirus contact tracing mobile application.
Malware
X Individual
CC
IN
SonicWall, Aarogya Setu, COVID-19
857
29/05/2020
?
Amtrak
The National Railroad Passenger Corporation (Amtrak) discloses a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020 and was carried out via compromised credentials.
Account Hijacking
H Transportation and storage
CC
US
Amtrak
858
29/05/2020
?
Organizations in Japan, Italy, Germany and the UK
Researchers from Kaspersky identify a series of attacks on organizations in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors.
Targeted Attack
M Professional scientific and technical activities
CC
>1
Kaspersky
859
29/05/2020
?
Multiple organizations
Researchers at ZLab discover a new campaign using COVID-19 lures (FMLA: Family and Medical Leave Act) to spread Himera and Absent-Loader.
Malware
Y Multiple Industries
CC
>1
ZLab, COVID-19, FMLA, Family and Medical Leave Act, Himera, Absent-Loader.
860
29/05/2020
Toogod
Department of Household Registration (Taiwan)
Researchers from Cyble discover in the dark web a database containing details of over 20 Million Taiwanese citizens.
Unknown
O Public administration and defence, compulsory social security
CC
TW
Cyble, Department of Household Registration, Toogod
861
30/05/2020
?
Emirates customers
Emirates airline warned passengers about the latest phishing email scam warning that flights have been cancelled because of COVID-19.
Account Hijacking
H Transportation and storage
CC
UAE
Emirates
862
30/05/2020
?
Unpatched Wordpress sites
Researchers from Wordfence reveal that Hackers launched a massive campaign against WordPress websites, attacking old vulnerabilities in unpatched plugins to download configuration files.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress
863
30/05/2020
Anonymous
Minneapolis Police Department
Anonymous takes down the Minneapolis Police Department website in retaliation for the murder of George Floyd.
DDoS
O Public administration and defence, compulsory social security
H
US
Anonymous, Minneapolis Police Department, George Floyd
864
30/05/2020
?
Single individuals in Italy
Researchers from D3Lab uncover a new COVID-19-themed phishing campaign targeting the users of the Italian National Institute for Social Security (INPS) and exploiting the COVID-19 measures.
Account Hijacking
X Individual
CC
IT
D3Lab, COVID-19, INPS
865
30/05/2020
Sekhmet
Excis
Sekhmet ransomware operators claim to have hit an international IT firm, Excis.
Malware
M Professional scientific and technical activities
CC
UK
Excis, Sekhmet, ransomware
866
31/05/2020
?
Coincheck
Japanese cryptocurrency exchange Coincheck says hackers took control over its account at Oname.com, a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers.
Account Hijacking
V Fintech
CC
JP
Coincheck, Oname.com, Crypto
867
14/05/2020
?
Genworth Financial
Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20.
Account Hijacking
K Financial and insurance activities
CC
US
Genworth Financial
868
22/05/2020
?
Everett & Hurite Ophthalmic Association
Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Everett & Hurite Ophthalmic Association
869
01/06/2020
?
Kent Commercial Services
Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP.
Malware
N Administrative and support service activities
CC
UK
Kent Commercial Services, ransomware
870
01/06/2020
?
Multiple organizations
Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks.
Malware
Y Multiple Industries
CC
>1
Panda Security, BazarBackdoor, TrickBot
871
02/06/2020
?
Minnesota Senate
The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials.
Unknown
O Public administration and defence, compulsory social security
CC
US
Minnesota Senate
872
02/06/2020
?
Kentucky Employees’ Health Plan (KEHP)
Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May.
Account Hijacking
Q Human health and social work activities
CC
US
Kentucky Employees’ Health Plan, KEHP
873
02/06/2020
Sodinokibi AKA REvil
Agromart Group
The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group.
Malware
M Professional scientific and technical activities
CC
CA
Sodinokibi, Agromart Group, ransomware
874
03/06/2020
Cycldek, Conimes, or Goblin Panda
Large organizations and government institutions in Vietnam
Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB.
Targeted Attack
O Public administration and defence, compulsory social security
CE
VN
Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda
875
03/06/2020
Netwalker
Columbia College of Chicago
The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
Columbia College of Chicago, Netwalker, Ransomware
876
03/06/2020
Netwalker
University of California San Francisco (UCSF)
The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
University of California San Francisco, UCSF, Netwalker, Ransomware
877
03/06/2020
?
Microsoft Office 365 customers
Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Microsoft Office 365, VPN, COVID-19
878
03/06/2020
?
San Francisco Employees’ Retirement System (SFERS)
The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020.
Unknown
S Other service activities
CC
US
San Francisco Employees’ Retirement System, SFERS
879
03/06/2020
DoppelPaymer
Digital Management Inc. (DMI)
The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor.
Malware
M Professional scientific and technical activities
CC
US
DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA
880
03/06/2020
Maze
Westech International
The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor.
Malware
C Manufacturing
CC
US
Westech International, Maze, Ransomware
881
03/06/2020
?
Viva Republica Inc.
Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853).
Unknown
V Fintech
CC
KR
Viva Republica Inc., Toss
882
03/06/2020
?
Duluth School District
The Duluth School District reveals the details of a security breach involving 14 student accounts.
Account Hijacking
P Education
CC
US
Duluth School District
883
03/06/2020
?
Anti-racism organizations
Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd.
DDoS
U Activities of extraterritorial organizations and bodies
CC
>1
Cloudflare, George Floyd
884
04/06/2020
China and Iran APT Groups
Trump and Biden presidential campaigns
Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
Google, Threat Analysis Group, TAG, Trump, Biden
885
04/06/2020
Maze
Conduent
The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.
Malware
M Professional scientific and technical activities
CC
US
Conduent, Maze, Ransomware
886
04/06/2020
?
Chartered Professional Accountants of Canada (CPA)
Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.
Unknown
S Other service activities
CC
CA
Chartered Professional Accountants of Canada, CPA
887
04/06/2020
Tycoon
Small to medium size organizations in the software and education industries
Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.
Malware
Y Multiple Industries
CC
>1
Blackberry, KPMG, Tycoon, ransomware
888
04/06/2020
?
Multiple organizations
Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel.
Brute-Force
Y Multiple Industries
CC
>1
Akamai, cPanel, Stealthworker
889
04/06/2020
?
Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more
Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages.
Account Hijacking
Y Multiple Industries
CC
>1
Ironscale
890
04/06/2020
?
Banking users
Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV).
Malware
K Financial and insurance activities
CC
US
Check Point, Zloader
891
04/06/2020
Higaisa
Multiple organizations
Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, Higaisa, LNK
892
04/06/2020
?
Android users
Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA).
Malware
X Individual
CC
>1
Trend Micro, Android, AndroidOS_HiddenAd.HRXJA
893
04/06/2020
?
San Beda University (SBU)
An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.
Unknown
P Education
CC
PH
San Beda University, SBU
894
05/06/2020
Maze
VT San Antonio Aerospace
The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020.
Malware
M Professional scientific and technical activities
CC
US
VT San Antonio Aerospace, Maze, Ransomware
895
05/06/2020
"John Wick" and "Korean Hackers"
ZEE5
A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets.
Unknown
J Information and communication
CC
IN
John Wick, Korean Hackers, ZEE5
896
05/06/2020
?
Fitness Depot
Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month.
Malicious Script Injection
G Wholesale and retail trade
CC
CA
Fitness Depot, Magecart
897
05/06/2020
Kupidon
Multiple organizations
A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data.
Malware
Y Multiple Industries
CC
>1
Kupidon, Ransomware
898
05/06/2020
eCh0raix
QNAP storage devices
The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices.
Malware
Y Multiple Industries
CC
>1
eCh0raix, Ransomware, QNAP
899
05/06/2020
?
City of Florence
The city of Florence, Alabama, is hit by the DoppelPaymer ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Florence, Alabama
900
05/06/2020
Maze
ST Engineering
The threat actors behind the Maze ransomware steal and leak the data of ST Engineering.
Malware
C Manufacturing
CC
SG
Maze, ransomware, ST Engineering.
901
05/06/2020
?
University of Utah
University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah
902
05/06/2020
?
Multiple organizations
Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers.
Targeted Attack
Y Multiple Industries
CE
IT
Yoroi ZLab, Netwire
903
05/06/2020
?
Multiple organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796).
Vulnerability
Y Multiple Industries
CC
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796
904
06/06/2020
?
Single Individuals
A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab.
Malware
X Individual
CC
>1
STOP Djvu, Ransomware, Zorab
905
07/06/2020
EKANS (SNAKE)
Enel Group
The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network,
Malware
D Electricity gas steam and air conditioning supply
CC
IT
Enel Group, SNAKE, EKANS, ransomware
906
07/06/2020
?
University of the Philippines Cebu
Unknown attackers break into the evaluation portal of the University of the Philippines Cebu.
Unknown
P Education
CC
PH
University of the Philippines Cebu
907
07/06/2020
?
Hockley Medical Practice
Hockley Medical Practice have their records of nearly 9,000 patients hacked.
Unknown
Q Human health and social work activities
CC
UK
Hockley Medical Practice
908
08/06/2020
EKANS (SNAKE)
Honda
Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
Malware
C Manufacturing
CC
JP
Honda, SNAKE, EKANS
909
08/06/2020
Russia?
German multinational corporation
Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations).
Targeted Attack
C Manufacturing
CE
DE
IBM X-Force, COVID-19
910
08/06/2020
DoppelPaymer
Avon
Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware.
Malware
C Manufacturing
CC
UK
Avon, DoppelPaymer, ransomware
911
08/06/2020
?
Greenworks
Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Greenworks, RapidSpike, Magecart
912
08/06/2020
?
Bitcoin users
Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days.
Account Hijacking
X Individual
CC
>1
YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX
913
08/06/2020
TA410
U.S. energy providers
Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
US
Proofpoint, FlowCloud
914
08/06/2020
Avaddon
Single Individuals
Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide.
Malware
X Individual
CC
>1
Appriver, Avaddon, Ransomware
915
09/06/2020
Dark Basin
Environmental advocacy groups, journalists, and others
A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
>1
Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto
916
09/06/2020
?
Lion
Australian beverage giant Lion is hit by a Ransomware attack.
Malware
I Accommodation and food service activities
CC
AU
Lion, Ransomware
917
09/06/2020
?
Multiple organizations
Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets.
Misconfiguration
Y Multiple Industries
CC
>1
RiskIQ, Magecart, S3
918
09/06/2020
R3dr0x
Bharat Earth Movers Limited (BEML).
Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML)
Unknown
C Manufacturing
H
IN
Cyble, R3dr0x, Bharat Earth Movers Limited, BEML
919
09/06/2020
?
Vulnerable Microsoft SQL Servers
Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency.
Brute-Force
Y Multiple Industries
CC
>1
Sophos, Kingminer, Microsoft SQL Servers, Crypto
920
09/06/2020
?
Slovak government
Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network.
Wiretapping
O Public administration and defence, compulsory social security
CC
SK
Slovakia
921
10/06/2020
Maze
MaxLinear
U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24.
Malware
C Manufacturing
CC
US
MaxLinear, Ransomware, Maze
922
10/06/2020
?
Single Individuals
A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware.
Malware
X Individual
CC
>1
Abuse.ch, Black Lives Matter, TrickBot
923
10/06/2020
?
Small businesses in the UK
Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government.
Account Hijacking
Y Multiple Industries
CC
UK
Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19
924
10/06/2020
?
Multiple organizations
Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities.
Malware
Y Multiple Industries
CC
>1
Thanos, Recorded Future, Ransomware
925
10/06/2020
?
Microsoft
Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them.
Misconfiguration
M Professional scientific and technical activities
CC
US
Microsoft, Azure
926
10/06/2020
?
Single Individuals
Researchers from Google report an increase in the number of COVID-19 related scams.
Account Hijacking
X Individual
CC
IN
Google, India, COVID-19
927
10/06/2020
?
Small businesses in the UK
Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages.
Account Hijacking
Y Multiple Industries
CC
UK
Google, Small Business Grants Fund, SGF
928
10/06/2020
?
Single Individuals
Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users.
Account Hijacking
X Individual
CC
BR
Google, Brazil
929
10/06/2020
?
Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Malware
X Individual
CC
>1
Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
930
10/06/2020
?
City of Keizer
The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Keizer, ransomware
931
11/06/2020
?
City of Knoxville
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Knoxville, ransomware
932
11/06/2020
?
Customers of 36 US financial institutions
Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions.
Malware
K Financial and insurance activities
CC
US
F5 Labs, Qbot
933
11/06/2020
?
TAIT Towers
TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees.
Account Hijacking
C Manufacturing
CC
US
TAIT Towers
934
11/06/2020
Gamaredon (Primitive Bear)
Ukrainian institutions
Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
UA
ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook
935
11/06/2020
China, Russia, and Turkey
Twitter users
Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CC
>1
Twitter, China, Russia, Turkey
936
11/06/2020
?
A1 Telekom
A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020.
Malware
J Information and communication
CC
AT
A1 Telekom
937
11/06/2020
Earth Empusa, AKA POISON CARP/Evil Eye,
Uyghurs minority
Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy.
Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist.
Account Hijacking
Q Human health and social work activities
CC
US
Infinity Diagnostics Center
939
11/06/2020
?
eHealth Saskatchewan
eHealth Saskatchewan admits to have suffered a ransomware attack on December 20.
Malware
Q Human health and social work activities
CC
CA
eHealth Saskatchewan, ransomware
940
11/06/2020
Sodinokibi AKA REvil
Activewear
Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020.
Malware
G Wholesale and retail trade
CC
AU
Activewear, Sodinokibi, REvil, ransomware
941
12/06/2020
?
University of Missouri Health Care (MU Health Care)
University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization.
Account Hijacking
Q Human health and social work activities
CC
US
University of Missouri Health Care, MU Health Care
942
12/06/2020
?
Portuguese users
A new malware called TroyStealer targets Portuguese users.
Malware
X Individual
CC
PT
TroyStealer
943
12/06/2020
?
NHS
The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020.
Account Hijacking
Q Human health and social work activities
CC
UK
NHS
944
12/06/2020
m1x
puebla.gob.mx
A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers.
Unknown
O Public administration and defence, compulsory social security
CC
MX
m1x, puebla.gob.mx
945
12/06/2020
?
Electronic Waveform Lab, Inc.
Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020.
Malware
C Manufacturing
CC
US
Electronic Waveform Lab, Inc., ransomware
946
12/06/2020
?
Cano Health
Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018.
Account Hijacking
Q Human health and social work activities
CC
US
Cano Health
947
12/06/2020
?
www.indianblooddonors.com
A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums.
Unknown
Q Human health and social work activities
CC
IN
www.indianblooddonors.com
948
13/06/2020
Black Kingdom
Multiple organizations
Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510.
Vulnerability
Y Multiple Industries
CC
>1
REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware
949
13/06/2020
?
Rangely District Hospital (RDH)
Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020.
Malware
Q Human health and social work activities
CC
US
Rangely District Hospital, RDH, ransomware
950
13/06/2020
?
3,500 Armenian citizens
Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts).
Unknown
X Individual
CC
AM
Azerbaijan, Armenia, COVID-19
951
14/06/2020
Maze
Threadstone Advisors LLP
The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A.
Malware
K Financial and insurance activities
CC
US
Maze, Threadstone Advisors LLP
952
14/06/2020
?
Sapiens International
Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers
Malware
M Professional scientific and technical activities
CC
IL
Sapiens International, Ransomware
953
14/06/2020
?
Bitcoin users
For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins.
Account Hijacking
V Fintech
CC
>1
Privnotes.com, privnote.com, bitcoin, crypto
954
14/06/2020
Anonymous USA (@AnonOpUSA)
Atlanta Police Department
The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org).
DDoS
O Public administration and defence, compulsory social security
H
US
Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org