Last Updated on June 5, 2017

Here’s the first timeline of April covering the main cyber attacks occurred between April 1st and 15th.

The main events of this fortnight include an April’s fool to the New York Post app (posting fake news against Donald Trump), the attack against IAAF by APT28, a new leak from the infamous Shadow Brokers, and the admission of a breach targeting the Internal Revenue Service.

North Korea was also quite active (two operations reported), like China (with a possible attack against the National Foreign Trade Council) and other actors like the Callisto Group.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/04/2017?New York Post AppThe New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump".Account HijackingNewsCCUS
201/04/2017?Airline ConsumersBarracuda Labs reveal the details of a phishing campaign targeting airline consumers.Targeted AttackSingle IndividualsCC>1
301/04/2017?Unnamed targetsResearchers from Forcepoint unveil the details of Felismus RAT, a piece of malware used in targeted campaigns.Targeted AttackN/ACEN/A
402/04/2017?German Bundeswehr (armed forces)The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, reveals that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017.Targeted AttackMilitaryCEDE
503/04/2017APT28 AKA Fancy BearIAAFIAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records.Targeted AttackOrg: Sport FederationCEN/A
603/04/2017United Cyber Caliphate (UCC)8,786 individualsThe pro-ISIS hacking group United Cyber Caliphate (UCC) posts a 'kill list' containing the name and addresses of 8,786 individuals.UnknownSIngle IndividualsHUS UK
703/04/2017North Korea?South Korean users in the public sectorResearchers from the Cisco Talos Labs reveal the details of ROKRAT, a sophisticated remote access tool targeting South Korean users in the public sector.Targeted AttackGovernmentCEKR
803/04/2017NSO Group Technology?Android usersGoogle and Lookout reveal the details of the Android Chrysaor Malware, a surveillance malware remained undetected for at least three years.MalwareSingle IndividualsCE>1
904/04/2017APT10Several Major MSPsBAE Systems and PWC reveal the details of Operation Cloud Hopper, a campaign of intrusions against several major MSPs, active since late 2016.Targeted AttackIndustry: MSPCE>1
1004/04/2017?Unnamed Russian BankKaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs in Russia and Kazakhstan.MalwareFinanceCCRU KZ
1104/04/2017?Unnamed Brazilian BankKaspersky reveals that on October 2016, a group of hackers rerouted all the traffic of an unnamed brazilian bank's customers to perfectly reconstructed fakes of the bank’s properties.DNS HijackingFinanceCCBR
1204/04/2017?ABCD PediatricsWhile investigating ransomware incident, ABCD Pediatrics uncovers evidence of other intrusion: more than 55,000 patients are notified.UnknownHealthcareCCUS
1305/04/2017North KoreaSouth Korea and United StatesAs part of OPlan 5027, North Korean hackers have reportedly accessed secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region – including first strike targets and troop deployments.Targeted AttackMilitaryCEKR US
1405/04/2017?AnonymousAnonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor.Targeted AttackSingle IndividualsHN/A
1506/04/2017?Internal Revenue ServiceThe Internal Revenue Service says that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid.Account HijackingGovernmentCCUS
1606/04/2017? (A possible China-linked group)National Foreign Trade Council (NFTC)Fidelis Cybersecurity reveals that ahead of the trade summit between US President Donald Trump and his Chinese counterpart, Xi Jinping, a nation-state hacking group conducted espionage on a number of key industry players and lobbyists with links to the talks.Targeted AttackOrg: TradeCEUS
1706/04/2017?Wordpress WebsitesResearchers from security firm Wordfence reveal that tens of thousands, of home routers have been hacked, exploiting the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, and used to power cyber attacks on WordPress websites.Brute-ForceSingle IndividualsCC>1
1806/04/201706/04/2017U.S. and Middle Eastern targetsA joint investigation by Palo Alto Networks and ClearSky Cyber Security sheds light on a recently discovered malware campaign that tries to infect U.S. and Middle Eastern targets with four distinct families of Windows and Android-based downloaders and information stealers.Targeted Attack>1CE>1
1906/04/2017?iOS UsersMalwarebytes reveals the details of a malvertising campaign targeting iOS users delivered via rogue ads on popular torrent sites.MalvertisingSingle IndividualsCC>1
2006/04/2017?Single usersSecurity researchers from ESET discover a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites.MalwareSingle IndividualsCC>1
2107/04/2017?GamestopVideo game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website RetailCCUS
2207/04/2017?University of LouisvilleTax information for dozens of University of Louisville employees is compromised after a hack of the online system the university uses to give employees access to tax documents.UnknownEducationCCUS
2308/04/2017?Sirens in DallasA computer hack sets off all the emergency sirens in Dallas for about 90 minutes.UnknownGovernmentCCUS
2408/04/2017?>1Cyber-security firms McAfee and FireEye disclose in-the-wild attacks with a new Microsoft Office zero-day (CVE-2017-0199).Targeted Attack>1CE>1
2508/04/2017The Shadow BrokersNSAThe Shadow Brokers (TSB) are back, and release the password for the rest of the hacking tools they claim to have stolen from the NSA last year.UnknownGovernmentCCUS
2609/04/2017?WongaAlmost 250,000 Wonga's UK customers are affected by a data breach. The payday lender says it is investigating 'illegal and unauthorised access' to some of its customers' personal information in both Britain and Poland. Stolen data may include account numbers, sort codes, addresses and the last four digits of users' bank cards.UnknownIndustry: FinanceCCUK
2710/04/2017?Microsoft Word UsersProofpoint reveals that an unpatched zero-day vulnerability impacting every version of Microsoft Word has been exploited by hackers to spread a notorious banking Trojan called Dridex to millions of users around the world.RCE VulnerabilitySingle IndividualsCC>1
2810/04/2017LonghornAt least 40 governments and private organizations across 16 countriesSecurity Experts from Symantec reveals that the Longhorn group has targeted at least 40 governments and private organizations across 16 countries using the tools detailed in the recent Vault 7 leak.Targeted AttackGovernmentCE>1
2910/04/2017?Amazon third-party sellersAmazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages.Account HijackingIndustry: E-CommerceCCUS
3011/04/2017North Korean HackersUnion Bank of IndiaNorth Korean hackers are suspected of attempting to steal $170m from Union Bank of India, back in 2015.MalwareFinanceCCIN
3112/04/2017?AQA (Assessment and Qualifications Alliance)Data relating to 64,000 current and former examiners stored on some of AQA’s online systems are stolen by attackers, including examiners’ name, address, personal phone numbers, and passwords.UnknownEducationCCUK
3213/04/2017Callisto Group>1F-Secure reveals the details of Callisto Group, a mysterious hacking collective known to target military personnel, government officials, think tanks and journalists, and also reportedly responsible for a series of cyber-espionage attacks against targets including the UK Foreign Office last yearTargeted Attack>1CE>1
3313/04/2017?Airbnb usersAn Airbnb investigation finds that several people's homes were robbed by guests using stolen accounts.Account HijackingSingle IndividualsCC>1
3413/04/2017?Melbourne ITAustralian ISP Melbourne IT confirms that it was hit by “a large DDoS attack” that disrupted its web hosting.DDoSIndustry: ISPCCAU
3513/04/2017OurMinehundreds of popular Youtube channelsThe OurMine collective compromises hundreds of popular Youtube channels.Account HijackingSingle IndividualsCC>1
3614/04/2017?Best American Hospitality Corp.Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates:MalwareIndustry: RestaurantCCUS
3714/04/2017The Shadow BrokersNSAThe Shadow Brokers dump a new collection of files, containing what appears to be exploits and hacking tools targeting Microsoft's Windows OS and evidence the Equation Group had gained access to servers and targeted the SWIFT banking system of several banks across the world.UnknownGovernmentCEUS
3814/04/2017?Britain FirstBritain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel.Account HijackingOrg: Political PartyCCGB
3914/04/2017?Several CelebritiesHackers leak nude pictures and explicit videos of celebrities including Rosario Dawson, Miley Cyrus, Suki Waterhouse, Kate Hudson and Yvonne Strahovski.UnknownSingle IndividualsCC>1
4015/04/2017?YoukuA dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China.UnknownIndustry: Online ServicesCCCN

This Post Has 10 Comments

  1. Paolo Passeri

    Few hours and I will post the new ones. Thanks for your patience

  2. Arush

    where are the rest for the April and May month ?

  3. monet

    google doc links to March 2017

    1. Paolo Passeri


  4. outofc0ntr0l

    It appears that the sheet download link is referencing march 2017 (1-15)

    1. Paolo Passeri


  5. reader

    The google spreadsheet link points to the 1-15 march 2017 list

    1. Paolo Passeri

      Amended. Apologies for the issue

  6. Marko

    Hi! You do an excellent job with collecting all this data. Would it be possible to use your raw data in our “cyber” report? We are mainly thinking about 2016-2017 but also longer period would be interesting to analyze. I can fill in more details via email.

    1. Paolo Passeri

      Sure, feel freee to use all the data that you need. You can email me if you want the raw one.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.