I am happy to start 2021 with a big news, and announce that I have introduced an important change. The cyber attacks timeline is now interactive. Of course the table format is always available in case you want to search for specific events and export them in XLS format, however it is now possible to browse the single events directly from the timeline in a more interactive manner.
With the new interactive timeline you can drill down into each event and explore the details. You can pinch and zoom, and also filter events based on the name of the targeted entity and the class (like Cyber Crime, Cyber Espionage, Cyberwarfare and Hacktivism). Of course each class has a different icon to quickly visualize the nature of the event. Clicking on the icon opens the event’s details.
In this timeline I have collected 83 events, a number clearly lower than the values we have been used to during the past months, so it really looks like the holiday season has also led to a break in the attack rate. But don’t be too much disenchanted: the new year started exactly how it ended with the ransomware dominating the threat landscape.
The Cyber Espionage front is also quite hot, as usual, with multiple operations by well-known threat actors such as APT37 and APT 35: North Korea and Iran are the most active actors.
Thanks for sharing the timeline and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Dassault Falcon Jet discloses a data breach after a Mount Locker ransomware attack, that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.
Malware
C Manufacturing
CC
US
Dassault Falcon Jet, Mount Locker, ransomware
4
01/01/2021
16/12/2020
-
Mount Locker
Amey PLC
Amey Plc, the British company providing infrastructure support services reveals to have suffered a ransomware attack since mid-December 2020.
Malware
N Administrative and support service activities
CC
UK
Amey, Mount Locker, Ransomware
5
03/01/2021
-
-
Thallium
Users of a private stock investment messenger service
Researchers from ESTsecurity reveal that North Korean hacking group Thallium has targeted users of a private stock investment messenger service.
Malware
Y Multiple Industries
CE
KR
Thallium, ESTsecurity, North Korea
6
03/01/2021
-
-
?
Mexico-based American Express credit cardholders
This week a threat actor leaks the data of 10,000 Mexico-based American Express credit cardholders on a forum.
Unknown
K Financial and insurance activities
CC
MX
American Express
7
03/01/2021
-
-
?
Mexico-based Santander credit cardholders
The same threat actor leaks the data of several Santander credit cardholders
Unknown
K Financial and insurance activities
CC
MX
Santander
8
03/01/2021
-
-
?
Mexico-based Banamex credit cardholders
The same threat actor leaks the data of several Banamex credit cardholders
Unknown
K Financial and insurance activities
CC
MX
Banamex
9
03/01/2021
-
-
?
PayPal users
A new SMS text phishing (smishing) campaign pretends to be from PayPal, stating that the victim's account has been permanently limited unless they verify it by clicking on a link.
Account Takeover
X Individual
CC
>1
PayPal
10
03/01/2021
-
End of December 2020
?
200 million records of Chinese citizens
Researchers from Cyble discover a trove of more than 200 million records of Chinese citizens for sale on the dark web. The alleged leaks could be related to Gongan County, Weibo, and QQ.
Unknown
Y Multiple Industries
CC
CN
Cyble, Gongan County, Weibo, QQ
11
04/01/2021
25/12/2021
-
?
Aurora Cannabis
Aurora Cannabis says it experienced a “cybersecurity incident” over the holidays. The incident took place on Dec. 25.
Unknown
Q Human health and social work activities
CC
CA
Aurora Cannabis
12
04/01/2021
-
-
?
Exclusive Networks
Exclusive Networks reveals it has been hit by a cyber breach, affecting the cyber security distributor's systems across five countries (UK, US, France, Singapore, and the UAE) with the breach resulting in unauthorized access to data.
Unknown
N Administrative and support service activities
CC
FR
Exclusive Networks
13
04/01/2021
During 2020
During 2020
APT27, AKA TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.
At least five companies in the online gambling sector
Researchers from Profero and Security Joes reveal the details of a ransomware campaign involving APT28, a Chinese group normally involved in cyber espionage operations.
A research from Kela reveals finds nearly 1 million compromised accounts pertaining to gaming clients and employees in the dark web, with 50% of them offered for sale.
Unknown
R Arts entertainment and recreation
CC
>1
Kela
15
04/01/2021
During December 2020
-
FIN7
Multiple targets
Researchers at Morphisec Labs publish details about a malware variant called JSSLoader used by the FIN7 hacking group.
Malware
Y Multiple Industries
CC
>1
Morphisec Labs, JSSLoader, FIN7
16
04/01/2021
22/12/2020
22/12/2020
?
Lake Regional Healthcare experiences a ransomware attack that disrupted its computer system.
Malware
Q Human health and social work activities
CC
US
Lake Regional Healthcare, ransomware
17
05/01/2021
-
-
?
Nissan North America
Multiple code repositories from Nissan North America become public after the company leaves an exposed Git server protected with default access credentials. The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan.
Vulnerability
C Manufacturing
CC
US
Nissan North America
18
05/01/2021
1/12/2020
1/12/2020
?
Cryptocurrency users
Researchers from Intezer discover a new remote access trojan, dubbed ElectroRAT, written in Golang, that lures cryptocurrency users to download trojanized apps on Windows, Mac and Linux machines by promoting the apps in dedicated online forums and on social media.
Malware
V Fintech
CC
>1
Intezer, ElectroRAT, Golang, Crypto
19
05/01/2021
Starting from May 2019
-
Earth Wendigo
Government organizations, research institutions and universities in Taiwan
Researchers from Trend Micro discover a new campaign targeting several organizations, including government organizations, research institutions and universities in Taiwan, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan.
Targeted Attack
Y Multiple Industries
CE
TW
Trend Micro, Earth Wendigo, JavaScript
20
05/01/2021
Beginning of 2021
-
Babuk Locker
Multiple targets
Several security researchers discover Babuk Locker, the first ransomware operation of 2021.
Malware
Y Multiple Industries
CC
>1
Babuk Locker, ransomware
21
05/01/2021
-
-
Avaddon
Finalyse
The Belgian consultancy firm Finalyse emerges unscathed from an Avaddon ransomware attack being able to restore the data from a backup despite the group leaks 98 GB of data.
Malware
N Administrative and support service activities
CC
BE
Finalyse, Avaddon, ransomware
22
06/01/2021
1/11/2020
-
?
Single individuals in Australia
The Australian Cyber Security Centre (ACSC) warns about a social engineering campaign featuring phishing emails and scam calls that impersonate the ACSC.
Account Takeover
X Individual
CC
AU
Australian Cyber Security Centre, ACSC
23
06/01/2021
From January 2020
12/7/2020
APT37 AKA ScarCruft, Reaper, and Group123
South Korean government
Researchers from Malwarebytes reveal the details of a campaign carried out by the North Korean group APT37, targeting the South Korean government via the RokRat trojan.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
Malwarebytes, North Korean, APT37, ScarCruft, Reaper, Group123, RokRat
24
06/01/2021
-
-
Egregor
Multiple targets
The FBI sends a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.
Malware
Y Multiple Industries
CC
>1
FBI, Egregor, ransomware
25
06/01/2021
Starting from January 2021
6/1/2021
Multiple threat actors
Unpatched Zyxel devices.
Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.
CVE-2020-29583 Vulnerability
Y Multiple Industries
CC
>1
Zyxel, CVE-2020-29583
26
06/01/2021
From December 2020
From December 2020
?
Single individuals
Researchers from Trustwave reveal the details of a new phishing campaign distribution the QRAT malware via a fake video of the President Donald Trump.
Malware
X Individual
CC
>1
Trustwave, QRAT, Donald Trump
27
06/01/2021
-
-
?
Ben-Gurion University
The Ben-Gurion University reveals to have been hit with a cyber attack.
Unknown
P Education
CC
IL
Ben-Gurion University
28
06/01/2021
Between December 2018 and August 2020
-
?
Window to the World Communications
Window to the World Communications alerts employees to the discovery of a data breach in its computer system.. Emails and personal information of approximately 40 staffers were hacked between December 2018 and August 2020
Account Takeover
J Information and communication
CC
US
Window to the World Communications
29
06/01/2021
-
-
?
Taiwan Mobile users
The Taiwanese National Communications Commission (NCC) orders Taiwan Mobile to recall all of its self-branded, China-made smartphones after the phones’ built-in software is found to contain malware.
Malware
X Individual
CC
TW
Taiwanese National Communications Commission, NCC, Taiwan Mobile
30
07/01/2021
Between 25/12/2020 and 06/01/2021
-
ALTDOS
Mono Next Public Company
Threat actors calling themselves ALTDOS claim to have hacked several companies of the Mono conglomerate, being able to exfiltrate hundreds of gigabytes of data and asking a ransom for the data.
Unknown
J Information and communication
CC
TH
ALTDOS, Mono
31
07/01/2021
-
-
?
Multiple targets
Security researchers at AT&T’s Alien Labs identify multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk.
Malware
Y Multiple Industries
CC
>1
AT&T, Alien Labs, Ezuri
32
07/01/2021
From mid July to November 2020
-
TA551, AKA Shathak
German, Italian and Japanese speakers
Researchers from Palo Alto Unit 42 reveal the details of a new campaign targeting German, Italian and Japanese speakers with the IcedID info-stealer.
Malware
X Individual
CC
>1
Palo Alto Unit 42, IcedID, TA551, Shathak
33
07/01/2021
-
-
?
ANWB (Royal Dutch Touring Club)
The Royal Dutch Touring Club sends an email to former and current members to warn them that their data may have been compromised in a cyber attack, not directly on their systems but on a collection agency (Trust Krediet Beheer BV).
Unknown
S Other service activities
CC
NL
Royal Dutch Touring Club, Trust Krediet Beheer BV, ANWB
34
08/01/2021
-
-
TeamTNT
Exposed Docker containers
Researchers from Trend Micro discover a new version of the TeamTNT botnet able to collect Docker API credentials, on top of the AWS creds-stealing code.
Cloud misconfiguration
Y Multiple Industries
CC
>1
Trend Micro, TeamTNT, Docker API, AWS
35
08/01/2021
Between Christmas 2020 and the Beginning of 20201
Charming Kitten (APT35 or Phosphorus)
Members of think tanks, political research centers, university professors, journalists, and environmental activists
Researchers from CERTFA discover a new campaign by the Iranian cyber-espionage group Charming Kitten targeting individuals from all over the world using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages.
Targeted Attack
Y Multiple Industries
CE
>1
Charming Kitten, APT35, Phosphorus, CERTFA
36
08/01/2021
-
-
?
Communauto
the Montreal carsharing service Communauto notifies to have suffered a ransomware attack.
Malware
H Transportation and storage
CC
CA
Communauto, ransomware
37
09/01/2021
-
-
?
Tasmanian Ambulance
Tasmania’s ambulance paging system is breached exposing the records of every Tasmanian that has requested an ambulance since November 2020. The breached sensitive data is published online to an undisclosed website that is then blocked.
Unknown
Q Human health and social work activities
CC
AU
Tasmanian Ambulance
38
09/01/2021
Sometime before 24/12/2020
-
Conti
OmniTRAX
Colorado-based short line rail operator and logistics provider OmniTRAX was is by a Conti ransomware attack
Malware
H Transportation and storage
CC
US
OmniTRAX, Conti, ransomware
39
10/01/2021
24/12/2020
-
?
Reserve Bank of New Zealand (RBNZ)
Reserve Bank of New Zealand reveals that a file sharing service provided by California-based Accellion was illegally accessed.
Vulnerability
K Financial and insurance activities
CC
NZ
Reserve Bank of New Zealand, Accellion
40
10/01/2021
-
-
?
Esha Deol
Bollywood actress Esha Deol has her Instagram account hacked and warns her followers not to click on links from her direct messages (DMs) due to the hack
Account Takeover
X Individual
CC
IN
Esha Deol, Instagram
41
10/01/2021
-
-
?
Mimecast
Email security provider Mimecast discloses that hackers had hijacked its products in order to spy on its customers, after “a sophisticated threat actor” had compromised the certificate used to guard connections between its products and Microsoft’s cloud services. Around 10% of its more than 36,000 customers had been affected, but it believed “a low single digit number” of users had been specifically targeted.
Compromised certificate
M Professional scientific and technical activities
CC
UK
Mimecast
42
10/01/2021
-
-
?
French individuals
5 million records (usernames and passwords) of French users are on sale on a black market.
Unknown
X Individual
CC
FR
France
43
10/01/2021
-
-
?
Vidéotron
A threat actor claims to have leaked about 1 million records stoken by the Canadian telco company Vidèotron
Account Takeover
J Information and communication
CC
FR
Vidéotron
44
11/01/2021
-
-
?
Ubiquity Networks
Networking device maker Ubiquiti Networks announces a security incident that may have exposed customers' data. The company emails customers to change their passwords and enable 2FA after an attacker hacked their systems hosted at a third-party cloud provider.
Unknown
C Manufacturing
CC
US
Ubiquity Networks
45
11/01/2021
Starting from 2018
-
?
Single individuals
Researchers from Sentinel One reveal the details of s cryptocurrency mining campaign targeting macOS using a malware called macOS.OSAMiner, using run-only AppleScript files to avoid detections.
Malware
X Individual
CC
CN
Sentinel One, macOS.OSAMiner, AppleScript
46
11/01/2021
October 2020
-
?
Users of Internet-Connected Chastity Cages
A security researcher reveals that a hacker took control of people's internet-connected chastity cages and demanded a ransom to be paid in Bitcoin to unlock it.
Vulnerability
X Individual
CC
>1
Internet-Connected Chastity Cages
47
11/01/2021
09/11/2020
12/11/2020
?
Jefferson Healthcare
The personal information of roughly 2,550 people is compromised by a “phishing” attack on the email account of an employee at Jefferson Healthcare.
Account Takeover
Q Human health and social work activities
CC
US
Jefferson Healthcare
48
11/01/2021
10/01/2021
10/1/2021
?
AKVA group
AKVA group reveals in statement on the Oslo Stock Exchange to have been hit by a ransomware attack.
Malware
C Manufacturing
CC
NO
AKVA group, Oslo Stock Exchange, ransomware
49
11/01/2021
During November 2020
-
ALTDOS
3BB
ALTDOS claims to have acquired 8 million records from 3BB a broadband service provider in Thailand.
Unknown
J Information and communication
CC
TH
ALTDOS, 3BB
50
11/01/2021
During December 2020
-
Conti
Warren-Washington-Albany ARC
Warren-Washington-Albany ARC has some data leaked by the Conti ransomware gang.
Malware
Q Human health and social work activities
CC
US
Warren-Washington-Albany ARC, Conti, ransomware
51
11/01/2021
20/10/2020
5/11/2020
REvil AKA Sodinokibi
Dental Health Associates, P.A.
Dental Health Associates, P.A. has some data leaked from the REvil ransomware group.
Malware
Q Human health and social work activities
CC
US
Dental Health Associates, P.A., REvil, Sodinokibi, ransomware
52
11/01/2021
-
-
Egregor
Unconfirmed Australian dental surgery practice
An unconfirmed Australian dental surgery practice has its data dumped by the Egregor ransomware group.
Malware
Q Human health and social work activities
CC
AU
Egregor, ransomware
53
11/01/2021
Mid-November 2020
-
Egregor
Coldwater Orthodontics
Coldwater Orthodontics has its data dumped by the Egregor ransomware group.
Malware
Q Human health and social work activities
CC
US
Egregor, ransomware, Coldwater Orthodontics
54
11/01/2021
-
-
Egregor
Delta Dental Plans Association
Delta Dental Plans Association has its data dumped by the Egregor ransomware group.
Malware
Q Human health and social work activities
CC
US
Egregor, ransomware, Delta Dental Plans Association
55
12/01/2021
Q1 2020
-
?
Windows and Android users
Google's Project Zero reveals the details of a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with multiple zero-day and n-day exploits.
Microsoft patches 83 vulnerabilities, including CVE-2021-1647, a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today's patches were released.
CVE-2021-1647 Vulnerability
Y Multiple Industries
N/A
>1
Microsoft, CVE-2021-1647, Microsoft Defender
57
12/01/2021
-
-
?
Government institutions and private companies, especially from the energy and metallurgical industries in Colombia
Researchers from ESET reveal the details of Operation Spalax, a wave of attacks against companies and government institutions in Colombia with a combination of remote access tools: Remcos, njRAT, and AsyncRAT.
Targeted Attack
Y Multiple Industries
CE
CO
ESET, Operation Spalax, Remcos, njRAT, AsyncRAT
58
12/01/2021
-
-
Triangulum
Android users
Researchers from Check Point reveal the details of Rogue, a new form of malware combination of two previous families of Android RATs – Cosmos and Hawkshaw.
Malware
X Individual
CC
>1
Check Point, Rogue, Android, Cosmos, Hawkshaw
59
12/01/2021
During December 2020
During December 2020
Multiple threat actors
Facebook users
Facebook says it removed 1,957 Facebook accounts, 707 Instagram accounts, 156 pages and 727 groups last month for misleading users about their purpose and identity.
Fake Websites/Social Network accounts
X Individual
CW
>1
Facebook
60
12/01/2021
Starting from Q4 2017
-
Chimera
Victims in the semiconductors and airline industry
Researchers from NCC Group and Fox-IT reveal the details of Chimera, a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry.
Targeted Attack
Y Multiple Industries
CC
>1
NCC Group, Fox-IT, Chimera
61
12/01/2021
-
-
?
Pakistani residents
Researchers from SophosLabs discover a small cluster of Trojanized versions of Android apps, focused on stealing sensitive data from the phones of Pakistani residents.
Malware
X Individual
CE
PK
SophosLabs, Android
62
12/01/2021
-
-
?
Hospital of Horažďovice
Unknown hackers disrupt the operations of the Hospital of Horažďovice.
Unknown
Q Human health and social work activities
CC
CZ
Hospital of Horažďovice
63
12/01/2021
11/1/2021
11/1/2021
?
Ultrapar
Ultrapar notifies to have been hit by a cyber attack.
Unknown
D Electricity gas steam and air conditioning supply
CC
BR
Ultrapar
64
12/01/2021
25/7/2020
-
?
King and Pierce County Schools
The Puget Sound Educational Service District (PSESD) sends out a notice to current and former students, and employees of King and Pierce County Schools, after learning of a data breach within their computer network.
Unknown
Q Human health and social work activities
CC
US
King and Pierce County Schools, Puget Sound Educational Service District, PSESD
65
12/01/2021
Between 31/08/2020 and 07/09/2020
7/9/2020
?
National Board for Certified Counselors (NBCC)
The National Board for Certified Counselors (NBCC) provides information about a ransomware attack.
Malware
S Other service activities
CC
US
National Board for Certified Counselors, NBCC, ransomware
66
12/01/2021
First week of January 2021
First week of January 2021
?
Eneco
Energy supplier Eneco warns former customers of a possible data breach when cyber criminals manage to gain access to the accounts of 1,700 customers and that personal information may have been stolen. As a precaution the company asks a separate group of 47,000 customers to change their password.
Password-spray
D Electricity gas steam and air conditioning supply
CC
NL
Eneco
67
12/01/2021
10/1/2021
10/01/2021
?
Clearfield County
A malware attack infects all of Clearfield County’s servers and 15 percent of its computers.
Malware
O Public administration and defence, compulsory social security
CC
US
Clearfield County
68
12/01/2021
-
-
?
Precision Spine Care
Precision Spine Care is the victim of a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
Precision Spine Care
69
13/01/2021
-
-
?
Multiple targets
The US Cybersecurity and Infrastructure Security Agency (CISA) warns of a wave of attacks where that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.
Multiple techniques including phishing, brute force login attempts, and a 'pass-the-cookie' attack.
Y Multiple Industries
CC
US
US Cybersecurity and Infrastructure Security Agency, CISA, MFA, pass-the-cookie
70
13/01/2021
25/6/2021
14/09/2021
?
South Country Health Alliance
South Country Health Alliance, notifies 66,000 members that their personal information was exposed during a phishing attack on an employee email account last June.
Account Takeover
Q Human health and social work activities
CC
US
South Country Health Alliance
71
14/01/2021
-
-
?
Multiple targets
The FBI issues a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.
Account Takeover
Y Multiple Industries
CC
>1
FBI, Private Industry Notification, PIN
72
14/01/2021
-
-
?
Multiple targets
A new phishing campaign utilizes the Windows Finger command to download the MineBridge backdoor malware.
Malware
Y Multiple Industries
CC
>1
Windows, Finger, MineBridge
73
14/01/2021
Starting from Summer 2019
-
At least 40 cybercriminal gangs
European users
Researchers from Group-IB reveal that at least 40 cybercriminal gangs are using Classiscam, a scam-as-a-service that relies on Telegram bots to provide pages that impersonate popular classifieds, marketplaces, and delivery services.
Account Takeover
X Individual
CC
>1
Group-IB, Classiscam
74
14/01/2021
First week of January 2021
14/1/2021
?
Single individuals
A new wave of account takeovers for multiple verified Twitter accounts promotes an Elon Musk cryptocurrency giveaway scam.
Account Takeover
X Individual
CC
>1
Elon Mask, Crypto
75
14/01/2021
From May 2020
From May 2020
Winnti group (AKA APT41)
Multiple organizations in Russia and Hong Kong.
Researchers from Positive Technologies reveal the details of the latest campaign by the Chinese state-sponsored Winnti group using multiple backdoors.
Targeted Attack
Y Multiple Industries
CE
>1
Positive Technologies, APT 41, Winnti Group
76
14/01/2021
-
-
Oink and Stuff
Facebook users
Facebook files legal action against two Chrome extension developers that the company said were scraping user profile data – including names and profile IDs – as well as other browser-related information.
Malicious Browser Extension
X Individual
CC
>1
Facebook, Oink and Stuff
77
14/01/2021
During May 2020
1/12/2020
?
Ronald McDonald House
The Ronald McDonald House notifies 17,373 guests to have been impacted by the Blackbaud ransomware breach.
Malware
Q Human health and social work activities
CC
US
Ronald McDonald, ransomware, Blackbaud
78
14/01/2021
-
-
?
National Detergent Company in Oman
The National Detergent Company in Oman is it by a cyber attack that caused the loss of some data.
Unknown
C Manufacturing
CC
OM
National Detergent Company
79
14/01/2021
Between 01/12/2020 and 15/12/2020
-
?
Executive roles in companies located primarily in the United States.
Researchers from Proofpoint discover a large BEC campaign (thousands of emails) spoofing executives and attempting to illicit the recipient's support in a bogus merger and/or acquisition, projecting that COVID-19 vaccines would fuel the world's economic recovery.
Business Email Compromise
Y Multiple Industries
CC
US
Proofpoint, COVID-19, vaccines
80
14/01/2021
Between 01/01/2021 and 05/01/2021
-
?
Dozens of different industries in United States and Canada
Researchers from Proofpoint discover a phishing campaign urging the potential victims to click a link to "confirm their email to receive the vaccine". The goal of this phishing campaign was to steal Office 365 login credentials.
Account Takeover
Y Multiple Industries
CC
US, CA
Proofpoint, COVID-19, Office 365
81
14/01/2021
11/1/2021
11/1/2021
?
Various industries in the United States
Researchers from Proofpoint discover another small (under 100 emails) BEC email campaign, picking vaccine lures in an attempt to exploit their targets.
Business Email Compromise
Y Multiple Industries
CC
US
Proofpoint, COVID-19, vaccines
82
14/01/2021
12/1/2021
12/01/2021
?
Various industries in the United States
Researchers from Proofpoint discover a medium-sized (several hundred messages) email campaign distributing the AgentTesla keylogger via fake World Health Organization emails.
Malware
Y Multiple Industries
CC
US
Proofpoint, COVID-19, AgentTesla, World Health Organization
83
14/01/2021
14/1/2021
14/1/2021
?
Dozens of different industries in the United States, Germany, and Austria
Researchers from Proofpoint observe a medium-sized (hundreds of messages) campaign, urging the potential victims to click a fake DHL link.
Account Takeover
Y Multiple Industries
CC
US, DE, AT
Proofpoint, DHL
84
14/01/2021
15/10/2020
-
Egregor
SN Servicing Corporation
Mortgage loan servicing company SN Servicing Corporation notifies at least two states of a ransomware attack on its systems.
Malware
K Financial and insurance activities
CC
US
SN Servicing Corporation, Egregor, ransomware
85
15/01/2021
During 2020
-
?
Android users
Google removes 164 Android applications from the official Play Store after security researchers from White Ops discover the apps bombarding users with out-of-context ads.
Malware
X Individual
CC
>1
Google, Android, Play Store, White Ops
86
15/01/2021
Between 6/7/2020 and 4/11/2020
18/11/2020
?
Center for Alternative Sentencing and Employment Services (CASES)
The Center for Alternative Sentencing and Employment Services (CASES) notifies its clients of data breach caused buy a phishing attack.
Account Takeover
N Administrative and support service activities
CC
US
\Center for Alternative Sentencing and Employment Services, CASES
87
15/01/2021
Between 10/10/2020 and 9/11/2020
20/11/2020
?
Hendrick Health System
Hendrick Health System notifies patients that some identifying information may have been compromised during a network security breach apparently due to a ransomware attack. 640,000 individuals are potentially affected.
Unknown
Q Human health and social work activities
CC
US
Hendrick Health System
88
15/01/2021
Starting from 29/11/2020
-
?
Gainwell Technologies
Gainwell Technologies announces that someone may have gained unauthorized access to some participants’ information in Wisconsin’s Medicaid program.
Account Takeover
M Professional scientific and technical activities
CC
US
Gainwell Technologies, Medicaid
89
15/01/2021
13/01/2021
13/01/2021
?
Undisclosed school in County Meath Ireland
Someone gains unauthorized access to a video lesson for second-year students.
Zoom bombing
P Education
CC
IE
County Meath, Zoom
90
15/01/2021
Starting from Mid-December 2020
-
Iranian threat actors
United States
The FBI is warning that the Iranian-linked cyber operation called "Enemies of the People" continues to threaten federal and state officials as well U.S. civilians.
Fake Websites/Social Network accounts
O Public administration and defence, compulsory social security
Pingback: Veille Cyber N320 – 01 février 2021 |