Views: 7,856
Last Updated on June 5, 2017
Here’s the first timeline of April covering the main cyber attacks occurred between April 1st and 15th.
The main events of this fortnight include an April’s fool to the New York Post app (posting fake news against Donald Trump), the attack against IAAF by APT28, a new leak from the infamous Shadow Brokers, and the admission of a breach targeting the Internal Revenue Service.
North Korea was also quite active (two operations reported), like China (with a possible attack against the National Foreign Trade Council) and other actors like the Callisto Group.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.
| ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country |
| 1 | 01/04/2017 | ? | New York Post App | The New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump". | Account Hijacking | News | CC | US |
| 2 | 01/04/2017 | ? | Airline Consumers | Barracuda Labs reveal the details of a phishing campaign targeting airline consumers. | Targeted Attack | Single Individuals | CC | >1 |
| 3 | 01/04/2017 | ? | Unnamed targets | Researchers from Forcepoint unveil the details of Felismus RAT, a piece of malware used in targeted campaigns. | Targeted Attack | N/A | CE | N/A |
| 4 | 02/04/2017 | ? | German Bundeswehr (armed forces) | The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, reveals that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017. | Targeted Attack | Military | CE | DE |
| 5 | 03/04/2017 | APT28 AKA Fancy Bear | IAAF | IAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records. | Targeted Attack | Org: Sport Federation | CE | N/A |
| 6 | 03/04/2017 | United Cyber Caliphate (UCC) | 8,786 individuals | The pro-ISIS hacking group United Cyber Caliphate (UCC) posts a 'kill list' containing the name and addresses of 8,786 individuals. | Unknown | SIngle Individuals | H | US UK |
| 7 | 03/04/2017 | North Korea? | South Korean users in the public sector | Researchers from the Cisco Talos Labs reveal the details of ROKRAT, a sophisticated remote access tool targeting South Korean users in the public sector. | Targeted Attack | Government | CE | KR |
| 8 | 03/04/2017 | NSO Group Technology? | Android users | Google and Lookout reveal the details of the Android Chrysaor Malware, a surveillance malware remained undetected for at least three years. | Malware | Single Individuals | CE | >1 |
| 9 | 04/04/2017 | APT10 | Several Major MSPs | BAE Systems and PWC reveal the details of Operation Cloud Hopper, a campaign of intrusions against several major MSPs, active since late 2016. | Targeted Attack | Industry: MSP | CE | >1 |
| 10 | 04/04/2017 | ? | Unnamed Russian Bank | Kaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs in Russia and Kazakhstan. | Malware | Finance | CC | RU KZ |
| 11 | 04/04/2017 | ? | Unnamed Brazilian Bank | Kaspersky reveals that on October 2016, a group of hackers rerouted all the traffic of an unnamed brazilian bank's customers to perfectly reconstructed fakes of the bank’s properties. | DNS Hijacking | Finance | CC | BR |
| 12 | 04/04/2017 | ? | ABCD Pediatrics | While investigating ransomware incident, ABCD Pediatrics uncovers evidence of other intrusion: more than 55,000 patients are notified. | Unknown | Healthcare | CC | US |
| 13 | 05/04/2017 | North Korea | South Korea and United States | As part of OPlan 5027, North Korean hackers have reportedly accessed secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region – including first strike targets and troop deployments. | Targeted Attack | Military | CE | KR US |
| 14 | 05/04/2017 | ? | Anonymous | Anonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor. | Targeted Attack | Single Individuals | H | N/A |
| 15 | 06/04/2017 | ? | Internal Revenue Service | The Internal Revenue Service says that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid. | Account Hijacking | Government | CC | US |
| 16 | 06/04/2017 | ? (A possible China-linked group) | National Foreign Trade Council (NFTC) | Fidelis Cybersecurity reveals that ahead of the trade summit between US President Donald Trump and his Chinese counterpart, Xi Jinping, a nation-state hacking group conducted espionage on a number of key industry players and lobbyists with links to the talks. | Targeted Attack | Org: Trade | CE | US |
| 17 | 06/04/2017 | ? | Wordpress Websites | Researchers from security firm Wordfence reveal that tens of thousands, of home routers have been hacked, exploiting the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, and used to power cyber attacks on WordPress websites. | Brute-Force | Single Individuals | CC | >1 |
| 18 | 06/04/2017 | 06/04/2017 | U.S. and Middle Eastern targets | A joint investigation by Palo Alto Networks and ClearSky Cyber Security sheds light on a recently discovered malware campaign that tries to infect U.S. and Middle Eastern targets with four distinct families of Windows and Android-based downloaders and information stealers. | Targeted Attack | >1 | CE | >1 |
| 19 | 06/04/2017 | ? | iOS Users | Malwarebytes reveals the details of a malvertising campaign targeting iOS users delivered via rogue ads on popular torrent sites. | Malvertising | Single Individuals | CC | >1 |
| 20 | 06/04/2017 | ? | Single users | Security researchers from ESET discover a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites. | Malware | Single Individuals | CC | >1 |
| 21 | 07/04/2017 | ? | Gamestop | Video game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website gamestop.com. | Malware | Industry: Retail | CC | US |
| 22 | 07/04/2017 | ? | University of Louisville | Tax information for dozens of University of Louisville employees is compromised after a hack of the online system the university uses to give employees access to tax documents. | Unknown | Education | CC | US |
| 23 | 08/04/2017 | ? | Sirens in Dallas | A computer hack sets off all the emergency sirens in Dallas for about 90 minutes. | Unknown | Government | CC | US |
| 24 | 08/04/2017 | ? | >1 | Cyber-security firms McAfee and FireEye disclose in-the-wild attacks with a new Microsoft Office zero-day (CVE-2017-0199). | Targeted Attack | >1 | CE | >1 |
| 25 | 08/04/2017 | The Shadow Brokers | NSA | The Shadow Brokers (TSB) are back, and release the password for the rest of the hacking tools they claim to have stolen from the NSA last year. | Unknown | Government | CC | US |
| 26 | 09/04/2017 | ? | Wonga | Almost 250,000 Wonga's UK customers are affected by a data breach. The payday lender says it is investigating 'illegal and unauthorised access' to some of its customers' personal information in both Britain and Poland. Stolen data may include account numbers, sort codes, addresses and the last four digits of users' bank cards. | Unknown | Industry: Finance | CC | UK |
| 27 | 10/04/2017 | ? | Microsoft Word Users | Proofpoint reveals that an unpatched zero-day vulnerability impacting every version of Microsoft Word has been exploited by hackers to spread a notorious banking Trojan called Dridex to millions of users around the world. | RCE Vulnerability | Single Individuals | CC | >1 |
| 28 | 10/04/2017 | Longhorn | At least 40 governments and private organizations across 16 countries | Security Experts from Symantec reveals that the Longhorn group has targeted at least 40 governments and private organizations across 16 countries using the tools detailed in the recent Vault 7 leak. | Targeted Attack | Government | CE | >1 |
| 29 | 10/04/2017 | ? | Amazon third-party sellers | Amazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages. | Account Hijacking | Industry: E-Commerce | CC | US |
| 30 | 11/04/2017 | North Korean Hackers | Union Bank of India | North Korean hackers are suspected of attempting to steal $170m from Union Bank of India, back in 2015. | Malware | Finance | CC | IN |
| 31 | 12/04/2017 | ? | AQA (Assessment and Qualifications Alliance) | Data relating to 64,000 current and former examiners stored on some of AQA’s online systems are stolen by attackers, including examiners’ name, address, personal phone numbers, and passwords. | Unknown | Education | CC | UK |
| 32 | 13/04/2017 | Callisto Group | >1 | F-Secure reveals the details of Callisto Group, a mysterious hacking collective known to target military personnel, government officials, think tanks and journalists, and also reportedly responsible for a series of cyber-espionage attacks against targets including the UK Foreign Office last year | Targeted Attack | >1 | CE | >1 |
| 33 | 13/04/2017 | ? | Airbnb users | An Airbnb investigation finds that several people's homes were robbed by guests using stolen accounts. | Account Hijacking | Single Individuals | CC | >1 |
| 34 | 13/04/2017 | ? | Melbourne IT | Australian ISP Melbourne IT confirms that it was hit by “a large DDoS attack” that disrupted its web hosting. | DDoS | Industry: ISP | CC | AU |
| 35 | 13/04/2017 | OurMine | hundreds of popular Youtube channels | The OurMine collective compromises hundreds of popular Youtube channels. | Account Hijacking | Single Individuals | CC | >1 |
| 36 | 14/04/2017 | ? | Best American Hospitality Corp. | Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates: | Malware | Industry: Restaurant | CC | US |
| 37 | 14/04/2017 | The Shadow Brokers | NSA | The Shadow Brokers dump a new collection of files, containing what appears to be exploits and hacking tools targeting Microsoft's Windows OS and evidence the Equation Group had gained access to servers and targeted the SWIFT banking system of several banks across the world. | Unknown | Government | CE | US |
| 38 | 14/04/2017 | ? | Britain First | Britain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel. | Account Hijacking | Org: Political Party | CC | GB |
| 39 | 14/04/2017 | ? | Several Celebrities | Hackers leak nude pictures and explicit videos of celebrities including Rosario Dawson, Miley Cyrus, Suki Waterhouse, Kate Hudson and Yvonne Strahovski. | Unknown | Single Individuals | CC | >1 |
| 40 | 15/04/2017 | ? | Youku | A dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China. | Unknown | Industry: Online Services | CC | CN |
Like this:
Like Loading...
Few hours and I will post the new ones. Thanks for your patience
where are the rest for the April and May month ?
google doc links to March 2017
Amended!
It appears that the sheet download link is referencing march 2017 (1-15)
Amended!
The google spreadsheet link points to the 1-15 march 2017 list
Amended. Apologies for the issue
Hi! You do an excellent job with collecting all this data. Would it be possible to use your raw data in our “cyber” report? We are mainly thinking about 2016-2017 but also longer period would be interesting to analyze. I can fill in more details via email.
Sure, feel freee to use all the data that you need. You can email me if you want the raw one.