Last Updated on May 23, 2016

It’s now time to publish the second timeline of April (Part I here) covering the main cyber-attacks occurred between 16 and 30 April 2016. A fortnight quite reach of interesting events, and characterized by two trends inherited from the first half of the month: the trail of massive breaches, and the endless row of W-2 scams.

The first category includes now two new victims:, which had 1.1M accounts leaked, and the Lifeboat Minecraft community, whose number leaked account achieves the remarkable number of 7M. The group of victims of W-2 scams is really too wide to mention each single entity, however ADP is probably the most noticeable victim of this second half of April.

Other interesting events of the month include a $2M scam against a former Lehman Brothers executive, the leak of 15,000 documents and 100,000 accounts belonging to the Qatar National Bank, and a trove of 14.8GB belonging to Goldcorp.

Hacktivists were also quite active bolstered by the Anonymous and their affiliated groups. Entities targeted by the hacktivists include: the Kenyan Ministry of Foreign Affairs, several whale-eating nations including Denmark, Iceland and the Faroe islands, the City of Denver website and the Ku Klux Klan website as well.

And let’s close the compilation with cyber-espionage, which also includes multiple victims, such us U.S. Steel (asking the U.S. government to ban Chinese steel import after an alleged hack in 2010), and two campaigns targeting entities in Asia led respectively by a threat actor dubbed PLATINUM, and by a group of attackers possibly related to North Korea.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 16/04/2016 Team System DZ Several targets in France, Israel, US, and the UK Hacking group Team System Dz defaces 88 websites from France, Israel, the US, and the UK posting pro-ISIS messages. Defacement >1 CW >1
2 17/04/2016 ? Coinroll Bitcoin Casino Coinroll Bitcoin Casino admits that several users had the funds on their online accounts stolen. The breach could be related to an open MongoDB. Unknown Bitcoin Casino CC US
3 18/04/2016 ? Robert Millard Robert Millard, a former Lehman Brothers executive wires a $2 million deposit for a $20 million Manhattan apartment to cyber criminals, who hacked the mailbox of his realtor. Account Hijacking Single Individuals CC US
4 18/04/2016 ? Newark Police Department Newark Police Department is forced to spend four days cleaning up after a virus attack. Malware Law Enforcement CC US
5 18/04/2016 ? dōTERRA dōTERRA notifies several customers and distributors of a possible data breach involving a third-party providing them with hosting and software services. Unknown Industry: Cosmetics CC US
6 18/04/2016 sn0n sn0n hacks and dumps 2,803 records with usernames and hashed passwords. SQLi Industry: Furniture CC US
7 19/04/2016 ? Several Europe-based organisations, particularly in Poland Researchers from Palo Alto Networks identify PWOBot, a strain of malicious code written entirely in Python. Targeted Attack >1 CE >1
8 19/04/2016 ? ADP Identity thieves steal tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters. Account Hijacking Industry: Bitcoin Exchange CC US
9 19/04/2016 Berkshire Hathaway Homestate, Cypress Insurance, Zenith Insurance Undisclosed California Worker A group of California workers claim in a federal lawsuit that three of the largest workers compensation insurance companies in California illegally broke into their lawyers’ database and stole over 32,000 confidential workers comp files. Directory Traversal Attack Industry: Insurance CC US
10 19/04/2016 ? AIn Shams University An unknown hacker hacks the Staff Management Portal of the Ain Shams University ( and dumps 2,280 records. SQLi Education CC EG
11 20/04/2016 FIN6 Several target in the retail and hospitality sectors Security researchers from FireEye and iSight Partner revealed a report detailing the previously unknown mode of operation of a criminal group named FIN6. The group surfaced in 2015 and focused only on the theft of financial information, mainly credit card data from organizations in the retail and hospitality sectors. Targeted Attack Industry: Retail Industry: Hotel and Hospitality CC >1
12 21/04/2016 ? Archdiocese of Denver Archdiocese of Denver notifies 18,000 individuals to have discovered a breach happened on November 2015 after an unauthorized person accessed an Archdiocese of Denver database maintained by a third-party. Unknown Org: Religion CC US
13 21/04/2016 ? Bizmatics A spree of data breaches affect Florida’s Palm Beach County Health Department, Wisconsin’s Oneida Health Center, Arkansas’ Pain Treatment Centers of America (PTCOA), and Interventional Surgery Institute (ISI) and expose more than 23,000 patients’ personal information after data servers belonging to third-party vendor Bizmatics are hacked. Unknown Industry: Software CC US
14 22/04/2016 ? UK Ministry of Defence Up to 831 members of Britain’s defence community with high-level security clearances had their personally identifying information stolen when the Ministry of Defence’s business networking organisation was hacked earlier in November 2015 via the compromising of Niteworks, a MoD contractor. Unknown Government CC UK
15 22/04/2016 Anonymous Different Entities in Denmark, Iceland, and the Faroe Islands Akamai reveals the details of OpKillingBay, an active campaign against whale-and-dolphin-eating nations. DDoS Several Individuals H >1
16 22/04/2016 New World Hackers (NWH) City of Denver’s website ( Members of the New World Hackers (NWH), one of Anonymous’ divisions, launch a DDoS attack against the city of Denver’s website ( DDoS Government H US
17 22/04/2016 United Cyber Caliphate Lamont Christian Reformed Church ( United Cyber Caliphate defaces the website of the Lamont Christian Reformed Church in the city leaving a pro-Jihadi message. Defacement Org: Religion CW US
18 24/04/2016 Ghost Squad Ku Klux Klan website Hackers from Ghost Squad take down the website of Ku Klux Klan DDoS Org: Politics H US
19 24/04/2016 ? An unknown hacker hacks and dumps >35,000 records containing personal information Unknown Online Bet CC ZA
20 25/04/2016 ? Forbes reveal that Unknown hackers were able to hack and leak the personal details of 1.1M members. Unknown Dating CC US
21 25/04/2016 ? Qatar National Bank Documents purporting to be from the Qatar National Bank are leaked on a file-sharing site According to Cryptome, the leaked file contains more than 15,000 documents detailing more than 100,000 accounts with passwords and PINs. SQLi Finance CC QA
22 25/04/2016 ? Lansing Board of Water & Light (BWL) The Lansing Board of Water & Light (BWL) announces last week a cyber-attack that partially shuts down some of its services following what looks like an unconfirmed ransomware incident. Malware Utility CC US
23 25/04/2016 ? Spotify A list containing hundreds of Spotify account credentials, including emails, usernames, passwords, account type and other details, appears on Pastebin, in what appears to be a possible hack. The company, asked, denies the incident. Unknown Industry: Music CC SE
24 25/04/2016 ? The Grand Sierra Resort The Grand Sierra Resort is the latest hospitality entity to disclose a data breach involving customers’ credit card information.  In this case, there appear to be two time frames during which cards used at their food and retail locations may have been compromised: for a one-month period in 2014 and again during a 5-month period in 2015. PoS Malware? Industry: Hotel and Hospitality CC US
25 26/04/2016 ? Lifeboat Minecraft Community Over seven million user accounts belonging to members of Minecraft community “Lifeboat” are hacked Unknown Industry: Video Games CC US
26 26/04/2016 ? RWE Gundremmingen plant A nuclear power plant in Germany is found to be infected with computer viruses, but they appear not to have posed a threat to the facility’s operations because it is isolated from the Internet. Malware Industry: Utility CC DE
27 26/04/2016 ? Goldcorp Hackers breach Goldcorp and leak a 14.8 GB torrent containing personal information Unknown Industry: Gold Mining CC CA
28 26/04/2016 China? U.S. Steel Corp. U.S. Steel Corp. asks the U.S. government to ban unfairly traded Chinese steel imports, alleging producers stole the fruits of decades of research in a 2010 hacking attack. Targeted Attack Industry: Steel CE US
29 27/04/2016 ? The Pirate Bay Malwarebytes identifies a malvertising campaign on The Pirate Bay, distributing the Cerber Malware via the Magnitude Exploit Kit. The attackers took advantage of the leak of the sixth season of Game of Thrones. Malvertising Torrent CC SE
30 27/04/2016 PLATINUM Several Targets in South East Asia Microsoft reveals the details of PLATINUM, a group active primarily against targets in South East Asia since 2009. Targeted Attack >1 CE >1
31 27/04/2016 North Korea? Several Targets in Asia Forcepoint reveals the details of Jaku, a previously unknown botnet built for a multi-stage tracking and data exfiltration, primarily of targets in Asia. Targeted Attack >1 CE >1
32 27/04/2016 ? Lucky Pet LuckyPet notifies the California State Attorney General’s office of a data breach that compromised online customer information. Exploited Undisclosed Vulnerability Industry: E-Commerce CC US
33 27/04/2016 Anonymous in Kenya Kenyan Ministry of Foreign Affairs ( Anonymous In Kenya, leaks a trove of 1TB data from the Kenyan Ministry of Foreign Affairs. Unknown Government H KE
34 28/04/2016 ? Solano Community College Solano Community College is hit with a spearphishing attack leading to the W-2 information for about 1,200 staffers being compromised. Account Hijacking Education CC US
35 28/04/2016 ? Advanced International Marketing Inc. Advanced International Marketing Inc. notifies California’s Attorney General that the company experienced a data breach that compromised its customers’ name and state identification information. Exploited Undisclosed Vulnerability Industry: Retail CC US
36 29/04/2016 ? 17 (an app particularly popular in Asia) A hacker advertises a cache of 20,000 email addresses, poorly secured passwords, phone numbers, and other information from users of photo sharing and video streaming app ’17’, which is particularly popular in Asia. Unknown Industry: Software CC TW
37 29/04/2016 ? The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, is caught pushing ransomware. Outdated Joomla Industry: Toys CC HK
38 29/04/2016 ? Brunswick Corp. Brunswick Corp. is the last victim of a spear phishing scam that allows the attackers to steal W-2 information for possibly all 13,000 current and former company employees. Account Hijacking Industry: Conglomerate CC US
39 29/04/2016 ? Several Targets in Japan Symantec reveals the details of a cyber-espionage group using compromised websites along with spear-phishing emails to deliver a backdoor trojan to organizations in Japan for the purpose of stealing sensitive information and private technologies. Targeted Attack >1 CE JP
40 29/04/2016 ? Laremy Tunsil Twitter and Instagram Accounts Laremy Tunsil, a college football player has his Twitter and Instagram accounts hacked. Account Hijacking Single Individuals CC US
41 29/04/2016 United Cyber Caliphate 3,600 New York residents A group of hackers linked to the Islamic State releases a hit list of thousands of New York residents, urging the militant group’s followers to target them. Unknown Single Individuals CW US
42 30/04/2016 Ghost Squad Black Lives Matter Hackers from Ghost Squad, one of the Anonymous subdivisions carrying out DDoS attacks against KKK members, launch similar attacks against the Black Lives Matter movement. DDoS Org: Social Movement/Activism H US
43 30/04/2016 ? Gryphon Technologies Gryphon Technologies joins the list of the companies falling victim of W-2 phishing scams. Account Hijacking Industry: System Integration CC US


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.