The first timeline of February is here! I am trying hard to update the blog in a timely fashion and to introduce new charts and data to make it more insightful. Among the the new charts that I have introduced, there is a new “Breachometer”. The concept is very simple: it measures how the current timeline stacks up with the maximum and minimum values recorded in the previous 12 months.
After the apparent breaks of January the trend starts to ramp up again: this fortnight I have collected 98 events (and I have added a new chart to compare them with the previous months).
Ransomware continues to dominate the scene with 24 events (roughly 25% of the sample) but this number is probably underestimated given that in many cases the targeted organizations mention a generic “IT outage” and do not provide further details.
Another trend that is characterizing this beginning of 2021 is the return of the mega breaches (I had to create a specific page in the blog), and this timeline is no exception.
The Cyber Espionage front is equally quite crowded with multiple campaigns characterizing this first half of February carried out by well-known actors such as Sandworm, Lazarus Group, Domestic Kitten (AKA APT-C-50), BlackTech, and new outsiders such as NightScout (jumping on the supply-chain attacks bandwagon) and Cunfucius. The chronicle also report a newly discovred Chinese threat actor targeting a U.S. Government Payroll Agency via the SolarWinds breach.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/02/2021
From September 2020
25/1/2021
NightScout
Five targets from Taiwan, Hong Kong, and Sri Lanka
ESET researchers reveal that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware.
Targeted Attack
R Arts entertainment and recreation
CE
>1
ESET, NoxPlayer, Android, BigNox, NightScout
2
01/02/2021
-
-
Darkside
Copel
Copel reveals to have been hit with a Darkside ransomware attack. The attackers claim to have stolen more than 1,000GB of data.
Malware
D Electricity gas steam and air conditioning supply
CC
BR
Copel, Darkside, ransomware
3
01/02/2021
-
-
Trickbot
Multiple targets
Researchers from Kryptos Logic reveal that the Trickbot malware has been upgraded with a network reconnaissance module, based on the open-source masscan tool, designed to survey local networks after infecting a victim's computer.
Malware
Y Multiple Industries
CC
>1
Kryptos Logic, Trickbot, masscan
4
01/02/2021
-
-
Suspected Chinese hackers
U.S. Government Payroll Agency
Even suspected Chinese hackers exploited the SolarWinds breach to break into U.S. government computers last year.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
China
5
01/02/2021
-
19/12/2020
?
DriveSure
Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum
Unknown
N Administrative and support service activities
CC
US
DriveSure
6
01/02/2021
-
19/2/2021
?
Metromile
Car insurance startup Metromile says it has fixed a security flaw on its website that allowed a hacker to obtain driver license numbers.
Vulnerability
K Financial and insurance activities
CC
US
Metromile
7
01/02/2021
30/1/2020
30/1/2020
?
Vity of Houilles
The city of Houilles (department of Yvelines) is hit with a cyberattack.
Unknown
O Public administration and defence, compulsory social security
CC
FR
City of Houilles
8
02/02/2021
-
-
?
High-performance computers (HPC) and servers on academic and research networks.
ESET researchers discover Kobalos, a new backdoor targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of the OpenSSH software.
Malware
Y Multiple Industries
CC
Multiple targets
ESET, Kobalos, OpenSSH
9
02/02/2021
-
-
?
Costway
Researchers from Malwarebytes reveal that a threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, Costway, Magecart
10
02/02/2021
-
-
Agent Tesla
Multiple targets
Researchers from Sophos discover a new variant of Agent Tesla with a new capability to disable the Windows protection features.
Malware
Y Multiple Industries
CC
>1
Sophos, Agent Tesla
11
02/02/2021
-
-
Red Rabbit Team
Airtel
A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.
Unknown
J Information and communication
CC
IN
Airtel
12
02/02/2021
29/9/2020
-
?
Wind River Systems
Embedded system software provider Wind River Systems informs employees of a data breach that resulted in their personal information being stolen by a third party.
Wind River Systems
M Professional scientific and technical activities
CC
US
Wind River Systems
13
02/02/2021
Mid-January 2021
2/2/2021
?
K-12 School teachers
Microsoft warns of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues.
Business Email Compromise
P Education
CC
US
Microsoft K-12
14
02/02/2021
-
-
?
Android users
Netlab researchers discover a new Android malware, dubbed Matryosh, that is infecting devices to recruit them in a distributed denial-of-service (DDoS) botnet.
Malware
X Individual
CC
>1
Netlab, Android, Matryosh
15
02/02/2021
Sine October 2020
1/10/2020
RansomExx, Darkside
Multiple targets
The RansomExx and Darkside ransomware gangs are abusing CVE-2019-5544 and CVE-2020-399 vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives.
Estate agent Foxtons Group has thousands of customers’ card and personal details uploaded to a dark web site by the Egregor ransomware gang.
Malware
L Real estate activities
CC
UK
Foxtons Group
17
02/02/2021
20/1/2021
-
?
Goodwin Procter
Goodwin Procter joins the list of the organizations targeted by the Accellion vulnerability.
Accellion Vulnerability
M Professional scientific and technical activities
CC
US
Goodwin Procter, Accellion
18
02/02/2021
29/1/2021
29/1/2021
?
Baldwin Wallace University
Baldwin Wallace University is hit with a cyber attack.
Unknown
P Education
CC
US
Baldwin Wallace University
19
02/02/2021
-
-
?
The Oklahoma Tourism and Recreation Department
The Oklahoma Tourism and Recreation Department receives notice that an unknown person has been claiming to have stolen data.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
Oklahoma Tourism and Recreation Department
20
03/02/2021
-
-
?
Eletrobras
Eletrobras reveals to have been hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
BR
Eletrobras, ransomware
21
03/02/2021
21/1/2021
31/1/2021
?
EscortReviews.com
EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.
vBulletin vulnerability
R Arts entertainment and recreation
CC
US
EscortReviews.com, vBulletin
22
03/02/2021
-
26/1/2021
?
Oxfam Australia
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.
Unknown
U Activities of extraterritorial organizations and bodies
CC
AU
Oxfam Australia
23
03/02/2021
3/2/2021
3/2/2021
?
Emsisoft
Antivirus solutions provider Emsisoft reveals last that a third-party had accessed a publicly exposed database containing technical logs.
Misconfiguration
M Professional scientific and technical activities
CC
NZ
Emsisoft
24
03/02/2021
Since 24/12/2020 to 9/1/2021
9/1/2021
TeamTNT
Kubernetes environments
Researchers from Palo Alto Networks discover a new campaign by the TeamTNT group employing a new piece of malware dubbed Hildegard.
The Conti ransomware gang posts the data of Nocona General Hospital after a successful attack.
Malware
Q Human health and social work activities
CC
US
Nocona General Hospital, Conti, ransomware
26
03/02/2021
-
-
?
Sacred Heart Hospital
The Sacred Heart Hospital in Mol is hit by a cyber attack
Unknown
Q Human health and social work activities
CC
BE
Sacred Heart Hospital
27
04/02/2021
-
-
?
StormShield
French cybersecurity company StormShield discloses that their systems were hacked, allowing a threat actor to access the company's support ticket system and view the source code for Network Security firewall software.
Unknown
M Professional scientific and technical activities
CE
FR
StormShield
28
04/02/2021
Since November 2020
-
?
Multiple targets
Researchers from Netscout reveal that Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks.
DDoS
Y Multiple Industries
CC
>1
Netscout, Plex Media Server
29
04/02/2021
-
-
Lazarus group
ENKI
South Korean cybersecurity firm ENKI report that they were the target of a campaign by the Lazarus Group exploiting an Internet Explorer 0-day vulnerability.
Targeted Attack
M Professional scientific and technical activities
CE
KR
Lazarus Group, Enki, Internet Explorer
30
04/02/2021
-
-
?
Multiple targets
Google addresses an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version.
CVE-2021-21148 Vulnerability
Y Multiple Industries
N/A
>1
Google, Chrome, 88.0.4324.150, CVE-2021-21148
31
04/02/2021
-
-
?
E-Pay Malaysia
A database containing the personal info for 380,000 users of E-Pay Malaysia, is punt on sale in a forum.
Unknown
K Financial and insurance activities
CC
MY
E-Pay Malaysia
32
04/02/2021
-
-
?
Undisclosed target
Researchers from SANS discover a campaign abusing the Google Chrome Sync feature to exfiltrate data.
Malicious Chrome extension
Z Unknown
CC
N/A
SANS, Google Chrome Sync
33
04/02/2021
-
-
?
Google Chrome users
Google forcibly uninstalls the popular 'The Great Suspender' extension from Google Chrome and classifies it as malware.
Malicious Chrome extension
X Individual
CC
>1
Google, 'The Great Suspender, Chrome
34
04/02/2021
-
-
?
Multiple targets
Researchers from Intezer and Advanced Intel discover a new version of TrickBot written in the NIM programming language to provide more advanced evasion capabilities.
Malware
Y Multiple Industries
CC
>1
Intezer, Advanced Intel, TrickBot, NIM
35
04/02/2021
-
-
Hayalim Almonim (Hebrew for Anonymous Soldiers)
Patriotic Brigade Knights
A collective of anti-fascist Israeli hackers dubbed Hayalim Almonim, breaks into a website of the Patriotic Brigade Knights a group allied to the white-supremacist Ku Klux Klan (KKK).
Defacement
S Other service activities
H
US
Hayalim Almonim, Patriotic Brigade Knights, Ku Klux Klan, KKK
36
04/02/2021
-
-
Darkside
Wonderbox
Wonderbox, is hit with a ransomware attack and 30 gb of data is leaked.
Malware
R Arts entertainment and recreation
CC
FR
Wonderbox, darkside, Ransomware
37
05/02/2021
Two waves in September and October 2020
-
?
Spanish speaking victims
Microsoft warns of a consent phishing (aka OAuth phishing) attack impersonating Mexico's tax administration service — Servicio de Administración Tributaria (SAT)
Cloud Account Takeover
X Individual
CC
MX
Microsoft, consent phishing, OAuth phishing, Servicio de Administración Tributaria, SAT
38
05/02/2021
Multiple times between October and December
-
?
Multiple organizations' "investment teams."
Microsoft warns of a second consent phishing (aka OAuth phishing) campaign targeting multiple organizations' "investment teams."
Cloud Account Takeover
Y Multiple Industries
CC
>1
Microsoft, consent phishing, OAuth phishing
39
05/02/2021
5/1/2021
-
The space team
Android users
Google removes from the Play Store Barcode Scanner, a popular Android barcode scanner app with over 10 million installs, after researchers found that it turned malicious following a January 2021 update.
Malware
X Individual
CC
>1
Google, Play Store, Barcode Scanner, Android barcode scanner, The space team
40
05/02/2021
-
-
?
Spotify
Spotify is hit with a credential stuffing attack that used data from more than 100,000 accounts.
Credential Stuffing
R Arts entertainment and recreation
CC
SE
Spotify
41
05/02/2021
Between 04/01/2020 and 25/06/2020
In June 2020
?
Charles J. Hilton & Associates (CJH)
Charles J. Hilton & Associates (CJH) reveals to have suffered a phishing attack, potentially exposing the personal health information of more than 36,000 patients of University of Pittsburgh Medical Center (UPMC).
Account Takeover
M Professional scientific and technical activities
CC
US
Charles J. Hilton & Associates, CJH, University of Pittsburgh Medical Center, UPMC
42
05/02/2021
End of January 2021
End of January 2021
?
Undisclosed organization
Researchers from Armorblox discover a phishing attack pretending to share information about an electronic funds transfer (EFT) hosted on Google Firebase.
Account Takeover
Z Unknown
CC
N/A
Armorblox, Google Firebase
43
05/02/2021
Between 20/11/2020 and 07/12/2020
-
?
Nevada Health Centers
Nevada Health Centers notifies an unspecified number of patients after discovering an unauthorized person accessed an employee’s email account.
Account Takeover
Q Human health and social work activities
CC
US
UPMC
44
05/02/2021
18/1/2021
-
?
Netcom Kassel
Netcom Kassel is hit by a cyber attack.
Unknown
J Information and communication
CC
DE
Netcom Kassel
45
05/02/2021
4/2/2021
04/02/2021
?
Salt Lake Community College
A virtual poetry slam part of Black History Month events at Salt Lake Community College is commandeered by unknown individuals who display racist and anti-Black messages as well as inappropriate images of children.
Zoom bombing
P Education
CC
US
Black History Month, Salt Lake Community College
46
05/02/2021
-
-
Avaddon
Québécois Qualinet
Québécois Qualinet is hit with an Avaddon ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Québécois Qualinet, Avaddon, ransomware
47
05/02/2021
-
-
Avaddon
SVI Assurances
SVI Assurances is hit with an Avaddon ransomware attack.
Malware
K Financial and insurance activities
CC
FR
SVI Assurances, Avaddon, ransomware
48
06/02/2021
-
-
?
Ifmal
A database containing 200,000 users of Ifmal, a Malaysian e-commerce platform is put on sale on a forum.
Unknown
G Wholesale and retail trade
CC
MY
Ifmal
49
06/02/2021
-
-
?
BVA
The French polling firm BVA is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
FR
BVA, ransomware
50
07/02/2021
3/2/2021
7/2/2021
?
Multiple targets
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.
Account Takeover
Y Multiple Industries
CC
>1
Morse
51
07/02/2021
6/2/2021
6/2/2021
?
Nicol (administrator of Sri Lanka national LK top-level)
A mysterious group of hacktivists poisons the DNS records of several Sri Lankans (.klm) websites, redirecting users to a web page detailing various social issues impacting the local population. Two high-profile domains for Google.lk and Oracle.lk, are also impacted
DNS Hijacking
J Information and communication
H
LK
NIC.lk
52
08/02/2021
Since November 2020
-
Domestic Kitten AKA APT-C-50
Around 1,200 Iranian Citizens
Researchers from Check Point reveal the details of the latest campaign from the Iranian threat actor Domestic Kitten against Iranian citizens that could pose a threat to the stability of the Iranian regime.
Targeted Attack
X Individual
CE
IR
Domestic Kitten, APT-C-50, Check Point
53
08/02/2021
5/2/2021
5/2/2021
?
Water facility in the city of Oldsmar
Hackers break into the computer system of a facility that treats water for the city of Oldsmar, Florida and try to increase the concentration of sodium hydroxide (NaOH).
Account Takeover via Teamviewer
E Water supply, sewerage waste management, and remediation activities
CC
US
Oldsmar, Teamviewer
54
08/02/2021
7/2/2021
7/2/2021
?
KeepChange
KeepChange says suffers a hack. Despite hackers were unsuccessful in stealing user funds, they managed to steal some of its customers' personal data.
Unknown
V Fintech
CC
N/A
KeepChange
55
08/02/2021
-
-
?
Cann Group
Cann Group, an Australian cannabis company is hit by a cyber attack, and loses $3.6m to attackers.
Business Email Compromise
Q Human health and social work activities
CC
AU
Cann Group
56
08/02/2021
Since April 2020 to October 2020
1/4/2020
Infy
US Government and Israeli companies
Researchers from SafeBreach Labs and Check Point Research, identify evidence of a new operation by the Iranian cyber actor Infy via the Foudre and Tonnerre backdoors.
Targeted Attack
Y Multiple Industries
CE
>1
SafeBreach Labs, Check Point, Infy, Foudre, Tonnerre
57
08/02/2021
-
-
Avaddon
Somerset Independent School District
Somerset Independent School District is allegedly hit with an Avaddon ransomware attack.
Malware
P Education
CC
US
Somerset Independent School District, ransomware, Avaddon
58
08/02/2021
-
-
?
Credit card holders in US and Canada
A security researcher discovers a trove of stolen payment card data of 158,000 people from the US and Canada.
Unknown
K Financial and insurance activities
CC
US/CA
US, Canada
59
09/02/2021
8/2/2021
08/02/2021
HelloKitty
CD PROJEKT RED
CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, discloses a ransomware attack. Few days later the actors are already auctioning the alleged source code for CD PROJEKT Red games.
Malware
R Arts entertainment and recreation
CC
PL
CD PROJEKT RED, Cyberpunk 2077, The Witcher trilogy, ransomware, HelloKitty
60
09/02/2021
Since August 2020
-
BlackTech
Several East Asian government organization
Researchers from Palo Alto Unit 42 disclose the details of a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Palo Alto Unit 42, BendyBear, BlackTech
61
09/02/2021
-
-
?
Multiple targets
Adobe releases security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
A web hosting company named No Support Linux Hosting announces to shut down after a hacker breaches its internal systems and compromised its entire operation.
Unknown
J Information and communication
CC
US
No Support Linux Hosting
64
09/02/2021
-
-
?
SapphireSecure.net
Two UK-based IPTV suppliers – SapphireSecure.net and KS-Hosting.com – become victims in what appears to be a series of hacks carried out by the same individual.
Unknown
J Information and communication
CC
UK
SapphireSecure.net
65
09/02/2021
-
-
?
KS-Hosting.com
Two UK-based IPTV suppliers – SapphireSecure.net and KS-Hosting.com – become victims in what appears to be a series of hacks carried out by the same individual.
Unknown
J Information and communication
CC
UK
KS-Hosting.com
66
09/02/2021
Since January 2021
-
?
Python Package Index (PyPI) portal
Spammers flood the Python Package Index (PyPI) portal with garbage content, flooding both with ads for shady sites and services.
SEO Spam
S Other service activities
CC
N/A
Python Package Index, PyPI
67
09/02/2021
8/2/2021
8/2/2021
?
GitLab
An unknown threat actor spams the Issues Tracker for thousands of GitLab projects with spam content.
SPAM
S Other service activities
CC
US
GitLab
68
09/02/2021
-
-
?
Discord users
Researchers from Zscaler report multiple active campaigns targeting the Discord service designed to trigger an infection chain and serve-up the Epsilon ransomware, the data-stealer Trojans and the XMRrig cryptominer.
Malware
X Individual
CC
>1
Zscaler, Discord, Epsilon, XMRrig
69
09/02/2021
Since 02/07/2020
-
Kasablanca
Bangladesh-based organizations, namely banks and carrier-grade voice-over-IP software vendors
Researchers from Cisco Talos discover a new campaign targeting Android users via the LodaRAT malware.
Malware
Y Multiple Industries
CE
BD
Cisco Talos, LodaRAT
70
09/02/2021
Mid-December 2020
-
?
University of Colorado
The University of Colorado announces to have been hit by the Accellion breach.
Accellion Vulnerability
P Education
CC
US
University of Colorado, Accellion
71
09/02/2021
-
-
?
Dax Hospital
The Dax Hospital is hit by a large-scale cyber attack.
Unknown
Q Human health and social work activities
CC
FR
Dax Hospital
72
10/02/2021
Since 2013
-
Confucius
Pakistani and South Asian targets
Researchers from Lookout reveal the details on two Android spyware strains, dubbed Hornbill and SunBird, leveraged by pro-India state-sponsored threat actors during the India-Pakistan conflict.
Targeted Attack
Y Multiple Industries
CE
>1
India, Pakistan, Cunfucius, Android, Hornbill, SunBird
73
10/02/2021
Feb-21
05/02/2021
RansomExx
Mutuelle Nationale des Hospitaliers (MNH)
French health insurance company Mutuelle Nationale des Hospitaliers (MNH) suffers a RansomExx ransomware attack
Malware
K Financial and insurance activities
CC
FR
Mutuelle Nationale des Hospitaliers, MNH, ransomware, RansomExx
74
10/02/2021
-
-
?
US tax professionals
The Internal Revenue Service (IRS) warns US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).
The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants are exposed after someone gained unauthorized access to an employee’s email account.
Account Takeover
P Education
CC
US
Syracuse University
76
10/02/2021
-
-
Conti
ReMax Kelowna
The Conti ransomware group lists a British Columbia-based real estate agency, ReMax Kelowna, as one of its victims on its website.
Malware
L Real estate activities
CC
CA
Conti, ReMax Kelowna
77
10/02/2021
-
-
?
Six Doncaster schools
A Zoom event with six Doncaster schools is hijacked by a man exposing himself.
Zoom bombing
P Education
CC
UK
Doncaster
78
10/02/2021
-
-
?
Chinese users of the Flash app
Researchers from Minerva Labs discover that the Chinese version of the Flash app, still available after EOL, is surreptitiously installing adware.
Malware
X Individual
CC
CN
Flash, Minerva Labs
79
11/02/2021
-
-
?
Vivo
Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).
Unknown
J Information and communication
CC
BR
ANPD, Vivo, Claro
80
11/02/2021
-
-
?
Claro
Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).
Unknown
J Information and communication
CC
BR
ANPD, Vivo, Claro
81
11/02/2021
20/1/2021
30/01/2021
?
Singtel
Singtel discloses a data breach caused by a vulnerability in the Accellion FTA secure file transfer software.
Accellion Vulnerability
J Information and communication
CC
SG
Accellion, Singtel
82
11/02/2021
-
06/02/2021
?
0 million Malaysian voters
Personal data of 10 million Malaysian voters is leaked online.
Unknown
Z Unknown
CC
MY
Malaysia
83
11/02/2021
25/12/2020
2/2/2021
?
QIMR Berghofer Medical Research Institute
The QIMR Berghofer Medical Research Institute has also announces a data breach caused by the Accellion FTA service.
Accellion Vulnerability
Q Human health and social work activities
CC
AU
Accellion, QIMR Berghofer
84
11/02/2021
From August 2020 to January 2021
-
Multiple threat actors
Multiple targets
Microsoft warns of an increasing number of web shell attacks
Web shells
Y Multiple Industries
N/A
>1
Microsoft, Web shells
85
11/02/2021
January and February 2021
January and February 2021
?
Single individuals
Proofpoint researchers observe a few of BazaLoader campaigns leveraging Valentine's Day themes such as flowers and lingerie.
Malware
X Individual
CC
>1
Proofpoint, BazaLoader, Valentine's Day
86
11/02/2021
22/6/2020
30/6/2020
?
Bannock County
Bannock County discloses that its network was potentially accessed by an unknown actor.
Unknown
O Public administration and defence, compulsory social security
CC
US
Bannock County
87
11/02/2021
-
-
?
ECU Worldwide
ECU Worldwide is hit by a 'cyber incident'.
Unknown
H Transportation and storage
CC
US
ECU Worldwide
88
11/02/2021
-
-
?
Unknown Car Rental in France
The personal documents of thousands of car drivers are leaked in the dark web.
Unknown
H Transportation and storage
CC
FR
Car Rental
89
12/02/2021
Since end January 2021
20/1/2021
Bazar
Multiple targets
Researchers from Fortinet identify a phishing attacks distributing new variant of Bazar trojan.
Malware
Y Multiple Industries
CC
>1
Fortinet, Bazar
90
12/02/2021
12/2/2021
12/2/2021
?
Notion
Notion, an online workspace startup is knocked offline after a DNS outage deriving from a phishing attack.
Account Takeover
S Other service activities
CC
US
Notion
91
12/02/2021
Starting from early February 2021
Starting from early February 2021
Lampion
Banking users in Portugal
A new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19.
Malware
K Financial and insurance activities
CC
PT
Lampion, COVID-19
92
12/02/2021
9/2/2021
09/02/2021
REvil AKA Sodinokibi
Trigano
Trigano, a manufacturer of caravans, motorhomes, camping furniture and mobile homes, is hit with a Sodinokibi ransomware attack.
Malware
C Manufacturing
CC
FR
Trigano, Sodinokibi ransomware, REvil, Sodinokibi
93
12/02/2021
06/02/2021
06/02/2021
?
City of Seraing
The city od Seraing is paralyzed by a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
BE
City of Seraing
94
12/02/2021
10/12/2021
10/12/2021
?
Central Piedmont Community College
Central Piedmont Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Central Piedmont Community College, ransomware
95
13/02/2021
-
-
Darkside
Discount Car and Truck Rentals
Canadian Discount Car and Truck Rentals is hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.
Malware
H Transportation and storage
CC
CA
Discount Car and Truck Rentals, DarkSide, ransomware.
96
13/02/2021
13/02/2021
13/02/2021
?
Alpha Finance Lab
An attacker successfully drains over $37 million from the Alpha Homora protocol.
Unknown
V Fintech
CC
N/A
Alpha Finance Lab
97
14/02/2021
-
-
Ragnar Locker
Ness Digital Engineering
Ness Digital Engineering is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
IL
Ness Digital Engineering, ransomware, Ragnar Locker
98
14/02/2021
-
Late December 2020
?
Apple users
A researcher discovers the first piece of Mac malware that appears to have been created specifically for devices with Apple’s recently introduced M1 chip.
Malware
X Individual
CC
US
Pirrit, Mac, M1
99
14/02/2021
-
-
?
490,000 French patients
The data of 490,000 French patients are on sale in the black market.
Unknown
Q Human health and social work activities
CC
FR
French patients
100
14/02/2021
-
-
?
France Service
France Service, a portal providing services to the French people leaving in the US, ia hacked.
Unknown
N Administrative and support service activities
CC
FR
France Service
101
14/02/2021
-
-
?
800 sites in Canada
A malicious actor puts on sale the access to more than 800 sites in Canada.
Unknown
Y Multiple Industries
CC
CA
Canada
102
14/02/2021
14/02/2021
14/02/2021
?
University of Edinburgh
A Zoom event of African and Caribbean Society, a student union of the University of Edinburgh is hijacked.
Zoom bombing
P Education
CC
UK
Zoom, African and Caribbean Society, University of Edinburgh
103
15/02/2021
late 2017 and continued until 2020
2020
Sandworm
Multiple targets
The French information security agency ANSSI publishes an advisory warning that hackers with links to Sandworm have stealthily hacked targets in that country by exploiting an IT monitoring tool called Centreon. The company denies the claims.
Targeted Attack
Y Multiple Industries
CE
FR
ANSSI, Sandworm, Centreon
104
15/02/2021
-
-
Multiple threat actors
Multiple targets
Researchers at the threat intelligence firm Cyble discover a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform.
Account Takeover
Y Multiple Industries
>1
>1
Cyble, ngrok
105
15/02/2021
-
-
?
Urological Clinic Munich Planegg
The Urological Clinic Munich Planegg is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
DE
Urological Clinic Munich Planegg, ransomware
106
15/02/2021
15/02/2021
15/02/2021
?
Villefranche-sur-Saône (Rhône) Hospital
The Villefranche-sur-Saône (Rhône) Hospital is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
FR
Villefranche-sur-Saône, ransomware
107
15/02/2021
-
-
?
Netherlands Organization for Scientific Research (NWO)
The Netherlands Organization for Scientific Research (NWO) is hit by a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
NL
Netherlands Organization for Scientific Research, NOW
108
15/02/2021
-
-
Conti
Rehoboth Mckinley Christian Health Care Services
Rehoboth Mckinley Christian Health Care Services is hit by a Conti ransomware attack.
Malware
Q Human health and social work activities
CC
US
Rehoboth Mckinley Christian Health Care Services, Conti, ransomware
109
15/02/2021
-
-
?
Omnicom Media Group
Omnicom Media Group is allegedly hit by a cyber attack
Unknown
J Information and communication
CC
UK
Omnicom Media Group
110
15/02/2021
-
-
DoppelPaymer
Bailly-Creat
The French pharmaceutical lab Bailly-Creat is hit with the DoppelPaymer ransomware.
Malware
M Professional scientific and technical activities
CC
FR
Bailly-Creat, DoppelPaymer, ransomware
111
15/02/2021
Between July 2019 and December 2020
During December 2020
?
Sutter Buttes Imaging Medical Group
Sutter Buttes Imaging Medical Group notifies patients that their protected health information may have been accessed by unauthorized individuals who hacked into its vendor's IT infrastructure in 2019.
Unknown
M Professional scientific and technical activities
CC
US
Sutter Buttes Imaging Medical Group
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Breachometer
The “Breachometer” compares the current number of events with the max and min values recorded in the previous 24 timelines (correspondingly to roughly one year)
Pingback: Veille Cyber N324 – 01 mars 2021 |