Last Updated on May 23, 2016

It’s now time to publish the second timeline of April (Part I here) covering the main cyber-attacks occurred between 16 and 30 April 2016. A fortnight quite reach of interesting events, and characterized by two trends inherited from the first half of the month: the trail of massive breaches, and the endless row of W-2 scams.

The first category includes now two new victims:, which had 1.1M accounts leaked, and the Lifeboat Minecraft community, whose number leaked account achieves the remarkable number of 7M. The group of victims of W-2 scams is really too wide to mention each single entity, however ADP is probably the most noticeable victim of this second half of April.

Other interesting events of the month include a $2M scam against a former Lehman Brothers executive, the leak of 15,000 documents and 100,000 accounts belonging to the Qatar National Bank, and a trove of 14.8GB belonging to Goldcorp.

Hacktivists were also quite active bolstered by the Anonymous and their affiliated groups. Entities targeted by the hacktivists include: the Kenyan Ministry of Foreign Affairs, several whale-eating nations including Denmark, Iceland and the Faroe islands, the City of Denver website and the Ku Klux Klan website as well.

And let’s close the compilation with cyber-espionage, which also includes multiple victims, such us U.S. Steel (asking the U.S. government to ban Chinese steel import after an alleged hack in 2010), and two campaigns targeting entities in Asia led respectively by a threat actor dubbed PLATINUM, and by a group of attackers possibly related to North Korea.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
116/04/2016Team System DZSeveral targets in France, Israel, US, and the UKHacking group Team System Dz defaces 88 websites from France, Israel, the US, and the UK posting pro-ISIS messages. Defacement>1CW>1
217/04/2016?Coinroll Bitcoin CasinoCoinroll Bitcoin Casino admits that several users had the funds on their online accounts stolen. The breach could be related to an open MongoDB.UnknownBitcoin CasinoCCUS
318/04/2016?Robert MillardRobert Millard, a former Lehman Brothers executive wires a $2 million deposit for a $20 million Manhattan apartment to cyber criminals, who hacked the mailbox of his realtor.Account HijackingSingle IndividualsCCUS
418/04/2016?Newark Police DepartmentNewark Police Department is forced to spend four days cleaning up after a virus attack.MalwareLaw EnforcementCCUS
518/04/2016?dōTERRAdōTERRA notifies several customers and distributors of a possible data breach involving a third-party providing them with hosting and software services.UnknownIndustry: CosmeticsCCUS
618/04/2016sn0nmayline.comsn0n hacks and dumps 2,803 records with usernames and hashed passwords.SQLiIndustry: FurnitureCCUS
719/04/2016?Several Europe-based organisations, particularly in PolandResearchers from Palo Alto Networks identify PWOBot, a strain of malicious code written entirely in Python.Targeted Attack>1CE>1
819/04/2016?ADPIdentity thieves steal tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters.Account HijackingIndustry: Bitcoin ExchangeCCUS
919/04/2016Berkshire Hathaway Homestate, Cypress Insurance, Zenith InsuranceUndisclosed California WorkerA group of California workers claim in a federal lawsuit that three of the largest workers compensation insurance companies in California illegally broke into their lawyers’ database and stole over 32,000 confidential workers comp files.Directory Traversal AttackIndustry: InsuranceCCUS
1019/04/2016?AIn Shams UniversityAn unknown hacker hacks the Staff Management Portal of the Ain Shams University ( and dumps 2,280 records.SQLiEducationCCEG
1120/04/2016FIN6Several target in the retail and hospitality sectorsSecurity researchers from FireEye and iSight Partner revealed a report detailing the previously unknown mode of operation of a criminal group named FIN6. The group surfaced in 2015 and focused only on the theft of financial information, mainly credit card data from organizations in the retail and hospitality sectors. Targeted AttackIndustry: Retail Industry: Hotel and HospitalityCC>1
1221/04/2016?Archdiocese of DenverArchdiocese of Denver notifies 18,000 individuals to have discovered a breach happened on November 2015 after an unauthorized person accessed an Archdiocese of Denver database maintained by a third-party.UnknownOrg: ReligionCCUS
1321/04/2016?BizmaticsA spree of data breaches affect Florida’s Palm Beach County Health Department, Wisconsin’s Oneida Health Center, Arkansas’ Pain Treatment Centers of America (PTCOA), and Interventional Surgery Institute (ISI) and expose more than 23,000 patients’ personal information after data servers belonging to third-party vendor Bizmatics are hacked.UnknownIndustry: SoftwareCCUS
1422/04/2016?UK Ministry of DefenceUp to 831 members of Britain’s defence community with high-level security clearances had their personally identifying information stolen when the Ministry of Defence’s business networking organisation was hacked earlier in November 2015 via the compromising of Niteworks, a MoD contractor.UnknownGovernmentCCUK
1522/04/2016AnonymousDifferent Entities in Denmark, Iceland, and the Faroe IslandsAkamai reveals the details of OpKillingBay, an active campaign against whale-and-dolphin-eating nations.DDoSSeveral IndividualsH>1
1622/04/2016New World Hackers (NWH)City of Denver’s website ( of the New World Hackers (NWH), one of Anonymous’ divisions, launch a DDoS attack against the city of Denver’s website ( DDoSGovernmentHUS
1722/04/2016United Cyber CaliphateLamont Christian Reformed Church ( Cyber Caliphate defaces the website of the Lamont Christian Reformed Church in the city leaving a pro-Jihadi message. DefacementOrg: ReligionCWUS
1824/04/2016Ghost SquadKu Klux Klan websiteHackers from Ghost Squad take down the website of Ku Klux KlanDDoSOrg: PoliticsHUS
1924/04/2016? unknown hacker hacks and dumps >35,000 records containing personal informationUnknownOnline BetCCZA
2025/04/2016?BeautifulPeople.comForbes reveal that Unknown hackers were able to hack and leak the personal details of 1.1M members.UnknownDatingCCUS
2125/04/2016?Qatar National Bank QNB.comDocuments purporting to be from the Qatar National Bank are leaked on a file-sharing site According to Cryptome, the leaked file contains more than 15,000 documents detailing more than 100,000 accounts with passwords and PINs.SQLiFinanceCCQA
2225/04/2016?Lansing Board of Water & Light (BWL)The Lansing Board of Water & Light (BWL) announces last week a cyber-attack that partially shuts down some of its services following what looks like an unconfirmed ransomware incident. MalwareUtilityCCUS
2325/04/2016?SpotifyA list containing hundreds of Spotify account credentials, including emails, usernames, passwords, account type and other details, appears on Pastebin, in what appears to be a possible hack. The company, asked, denies the incident. UnknownIndustry: MusicCCSE
2425/04/2016?The Grand Sierra ResortThe Grand Sierra Resort is the latest hospitality entity to disclose a data breach involving customers’ credit card information.  In this case, there appear to be two time frames during which cards used at their food and retail locations may have been compromised: for a one-month period in 2014 and again during a 5-month period in 2015. PoS Malware?Industry: Hotel and HospitalityCCUS
2526/04/2016?Lifeboat Minecraft CommunityOver seven million user accounts belonging to members of Minecraft community “Lifeboat” are hackedUnknownIndustry: Video GamesCCUS
2626/04/2016?RWE Gundremmingen plantA nuclear power plant in Germany is found to be infected with computer viruses, but they appear not to have posed a threat to the facility’s operations because it is isolated from the Internet.MalwareIndustry: UtilityCCDE
2726/04/2016?GoldcorpHackers breach Goldcorp and leak a 14.8 GB torrent containing personal information UnknownIndustry: Gold MiningCCCA
2826/04/2016China?U.S. Steel Corp.U.S. Steel Corp. asks the U.S. government to ban unfairly traded Chinese steel imports, alleging producers stole the fruits of decades of research in a 2010 hacking attack. Targeted AttackIndustry: SteelCEUS
2927/04/2016?The Pirate BayMalwarebytes identifies a malvertising campaign on The Pirate Bay, distributing the Cerber Malware via the Magnitude Exploit Kit. The attackers took advantage of the leak of the sixth season of Game of Thrones. MalvertisingTorrentCCSE
3027/04/2016PLATINUMSeveral Targets in South East AsiaMicrosoft reveals the details of PLATINUM, a group active primarily against targets in South East Asia since 2009.Targeted Attack>1CE>1
3127/04/2016North Korea?Several Targets in AsiaForcepoint reveals the details of Jaku, a previously unknown botnet built for a multi-stage tracking and data exfiltration, primarily of targets in Asia.Targeted Attack>1CE>1
3227/04/2016?Lucky PetLuckyPet notifies the California State Attorney General’s office of a data breach that compromised online customer information.Exploited Undisclosed VulnerabilityIndustry: E-CommerceCCUS
3327/04/2016Anonymous in KenyaKenyan Ministry of Foreign Affairs ( In Kenya, leaks a trove of 1TB data from the Kenyan Ministry of Foreign Affairs. UnknownGovernmentHKE
3428/04/2016?Solano Community CollegeSolano Community College is hit with a spearphishing attack leading to the W-2 information for about 1,200 staffers being compromised.Account HijackingEducationCCUS
3528/04/2016?Advanced International Marketing Inc.Advanced International Marketing Inc. notifies California’s Attorney General that the company experienced a data breach that compromised its customers’ name and state identification information.Exploited Undisclosed VulnerabilityIndustry: RetailCCUS
3629/04/2016?17 (an app particularly popular in Asia)A hacker advertises a cache of 20,000 email addresses, poorly secured passwords, phone numbers, and other information from users of photo sharing and video streaming app ’17’, which is particularly popular in Asia. UnknownIndustry: SoftwareCCTW
3729/04/2016?Maisto.comThe website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, is caught pushing ransomware.Outdated JoomlaIndustry: ToysCCHK
3829/04/2016?Brunswick Corp.Brunswick Corp. is the last victim of a spear phishing scam that allows the attackers to steal W-2 information for possibly all 13,000 current and former company employees. Account HijackingIndustry: ConglomerateCCUS
3929/04/2016?Several Targets in JapanSymantec reveals the details of a cyber-espionage group using compromised websites along with spear-phishing emails to deliver a backdoor trojan to organizations in Japan for the purpose of stealing sensitive information and private technologies. Targeted Attack>1CEJP
4029/04/2016?Laremy Tunsil Twitter and Instagram AccountsLaremy Tunsil, a college football player has his Twitter and Instagram accounts hacked. Account HijackingSingle IndividualsCCUS
4129/04/2016United Cyber Caliphate3,600 New York residentsA group of hackers linked to the Islamic State releases a hit list of thousands of New York residents, urging the militant group’s followers to target them. UnknownSingle IndividualsCWUS
4230/04/2016Ghost SquadBlack Lives MatterHackers from Ghost Squad, one of the Anonymous subdivisions carrying out DDoS attacks against KKK members, launch similar attacks against the Black Lives Matter movement. DDoSOrg: Social Movement/ActivismHUS
4330/04/2016?Gryphon TechnologiesGryphon Technologies joins the list of the companies falling victim of W-2 phishing scams.Account HijackingIndustry: System IntegrationCCUS


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.