16-31 May 2017 Cyber Attacks Timeline

Here’s the second timeline of May covering the main cyber attacks occurred in the second half or the month (first timeline here).

The month of May 2017 will be remembered in the Infosec memory for the outbreak of WannaCry, which has overshadowed another remarkable event like the hack of Zomato, with 17 million accounts ending up for sale in the black market.

The second half of May has also confirmed the sustained activity of Russian hackers in the cyber space. Alleged malicious actors from Russia are behind another attack against energy networks of the Baltic States, a campaign carried on via malware laced Twitter messages against the US Department of Defense, a hacking and disinformation campaign against more than 200 gmail users (a campaign orchestrated by APT28 and called Tainted Leaks), and an attack against the Trump Organization.

Scroll down the rest of the list to have an idea of all the events happened in May, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
111/05/2017Suspected Russia-backed hackersEnergy networks of the Baltic statesReuters reports that Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states.Targeted AttackUtility: EnergyCW>1
217/05/2017?UK ParliamentThe Telegraph reveals that members of UK Parliament have been deliberately targeted by hackers trying to break into online accounts, earlier this year.Account HijackingGovernmentCEUK
317/05/2017nclayZomatoZomato, the popular restaurant and event listing service, is hacked and 17 million accounts are listed for sale on the dark web. The data on sale includes emails and hashed passwords of Zomato users, but the company said no payment or credit card data was leaked.UnknownIndustry: Online ServicesCCIN
417/05/2017?PanicApple app maker Panic's CEO Steven Frank says he mistakenly downloaded the malware-laced DVD-ripping app HandBrake resulting in some of the company's source code being stolen.MalwareIndustry: SoftwareCCUS
518/05/2017Russia?US Department of DefenseA Times report suggests that Russia may have used Twitter as a tool of international espionage: agents of the Russian government could have sent malware-laced Twitter messages to more than 10,000 employees of the US Department of Defense.MalwareGovernmentCEUS
618/05/2017?DaFont.comThe popular font sharing site DaFont.com is hacked, exposing the site's entire database of 699,464 user accounts.SQLiOnline ServicesCCUS
718/05/2017?PureMatrimony.comMuslim focused site PureMatrimony.com says it has informed its users of an apparent data breach, and asked them to reset their passwords. 120,000 accounts are compromised.UnknownDatingCCUS
818/05/2017?EquifaxEquifax reveals the details of an unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. The list of victims includes including defense contractor giant Northrop Grumman; staffing firm Allegis Group; Saint-Gobain Corp.; Erickson Living; and the University of Louisville.Account HijackingIndustry: Credit risk assessmentCCUS
919/05/2017?Salem State University Twitter AccountSalem State University officials apologize after several racist tweets (against Black Lives Matter) were sent out when the school’s Twitter account was hacked (@SalemState).Account HijackingEducationCCUS
1019/05/2017?Blackburn High SchoolPolice investigate a major privacy breach at Blackburn High School, which saw the personal information of families, including their phone numbers, addresses and Medicare details, published online.Account HijackingEducationCCAU
1122/05/2017?Florida Department of Agriculture and Consumer ServicesFlorida officials reveal that hackers may have stolen the names of over 16,000 people who have concealed weapon permits in the state. The breach occurred two weeks ago through its online payment system, which processes payments for customers' permits and other applications.UnknownGovernmentCCUS
1222/05/2017?Xbox UsersMicrosoft files a complaint against iGSKY, presenting itself as a gaming serving company, accusing it to sell hacked Xbox accounts.UnknownSIngle IndividualsCC>1
1323/05/2017?Single Business UsersResearchers from security firm Cylance reveal that Qakbot, an information-stealing Trojan and backdoor malware that targets the Microsoft Windows operating system, is back with a new campaign nastier than before.MalwareSingle IndividualsCC>1
1424/05/2017?Qatar News AgencyUnknown hackers break into the website of the Qatar state-run news agency and publish a fake story quoting the ruling emir making controversial comments. The Twitter feed is also compromised posting fake quotes from Qatar's foreign minister alleging a plot against the country by other Arab nations.Account HijackingNewsCCQA
1525/05/2017APT28200 victims, including journalists and activists critical of the Russian government, people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the worldSecurity researchers from CitizenLab expose the details of Tainted Leaks, a sophisticated hacking and disinformation campaign that targeted more than 200 Gmail users.Account HijackingSingle IndividualsCE>1
1625/05/2017?Android UsersResearchers from Check Point reveal the details of Judy, what could be possibly the largest malware campaign spreading through Google Play. The suspicious code was observed in more than 40 applications, most allegedly developed by a Korean company called Kiniwini.MalwareSingle IndividualsCC>1
1725/05/2017?The Harvard CrimsonThe website of Harvard’s 144-year-old newspaper is defaced and posts fake stories and an altered picture of Facebook CEO Mark Zuckerberg (who was visiting the institution).DefacementEducationCCUS
1825/05/2017?Multiple WebsitesMalwarebytes reveals the details of RoughTed, an anti ad-blocker malvertiser able to distribute the Cerbrer ransomware.MalvertisingSingle IndividualsCC>1
1925/05/1971?University of Wisconsin HealthUW Health says that 2,036 patients had information compromised after an employee's email account was used by an unauthorized user on March 28, 2017.Account HijackingHealhcareCCUS
2026/05/2017Russia?Trump OrganizationABC News reveals that the FBI is investigating an attempted overseas cyberattack against the Trump Organization, summoning President Donald Trump’s sons, Don Jr. and Eric, for an emergency session with the bureau’s cybersecurity agents and representatives of the CIA.UnknownIndustry: ConglomerateCEUS
2126/05/2017?Prairie Mountain HealthPersonal and medical information of more than 1,000 Prairie Mountain Health patients are at risk after an internal website is hacked.UnknownHealhcareCCUS
2228/05/2017?Fast HealthFast Health reports a security breach that could affect over 700 of their patients, when a third-party altered a code on their server, stealing the credit card information of close to 700 customers who paid bills online from January 14, 2016 to December 20, 2016.MalwareHealhcareCCUS
2328/05/2017?Augusta UniversityA phishing attack hits Augusta University faculty email accounts containing the health information of patients.Account HijackingEducationCCUS
2429/05/2017?Liverpool One Shopping CentreLiverpool One shopping centre is forced to shut down a slew of digital billboards after an unknown hacker tampers with the signage.UnknownIndustry: RetailCCUK
2530/05/2017?Old MutualFinancial services company Old Mutual has notified its customers of a data breach, after it detected unauthorised entry to one of its systems which led to some personal customer information being accessed.UnknownIndustry: Financial ServicesCCAU
2631/05/2017?OneLoginOneLogin reveals the details about an attack on its systems, confirming that a "threat actor" has accessed database tables including "information about users, apps, and various types of keys." The attacker has been able to rifle through OneLogin's infrastructure for seven hours, may have been able to decrypt customer data.AWS Keys HijackingIndustry: Cloud ComputingCCUS
2731/05/2017?KmartFor the second time in less than three years, Kmart Stores suffers a malware-based security breach of its store credit card processing systems.PoS MalwareIndustry: RetailCCUS
2831/05/2017?QnectQnect, a Sydney startup has its customer data stolen with the hackers threatening to publish the information unless bitcoins are paid out.UnknownIndustry: TicketingCCAU
2931/05/2017?University of AlaskaA phishing scam in December 2016 resulted in a data breach at the University of Alaska, affecting around 25,000 students, staff and faculty members.Account HijackingEducationCCUS
3031/05/2017?Road Sign in HoustonSomeone hacks a road sign in Houston with a message against Donald Trump.UnknownRoad SignCCUS

Leave a Reply

%d bloggers like this: