2018 Master Table

This table collects all the attacks recorded so far in 2018. It will be updated when a new timeline is added.

After the table you find some comparison statistics with the same period in 2017.

The table is also available in Google Sheet format.


IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/01/2018?Faye Brookes2018 begins with a new round of Fappening leaks. This time the victim is Faye Brookes, whose explicit video is leaked on several video sharing websites.UnknownX IndividualCCUK
201/01/2018?Rockingham County SchoolsRockingham County Schools servers are compromised by the Emotet malware after an employee opens a phishing email.MalwareP EducationCCUS
302/01/2018AndarielUnnamed South Korean CompanyBloomberg reveals that a hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins, worth about $25,000 as of Dec. 29.UnknownZ UnknownCCKR
402/01/2018@0x55Taylorthefly.comA hacker using the twitter handle @0x55Taylor posts some screenshots of a breach affecting all users who registered at thefly.com a leading digital publisher of real-time financial news between 2006 and 2015. The leak contains the data of 100,000 individuals, and the credit card details of 27,000 among them.SQLi?J Information and communicationCCUS
503/01/2018?Uber UsersSymantec researchers discover a new malware strain, dubbed Android.Fakeapp, that sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over users’ accounts.MalwareX IndividualCC>1
603/01/2018?Android UsersResearchers from Trend Micro discover 36 apps on Google Play in disguise of security tools, but in reality able to secretly harvesting user data, tracking user location, and aggressively pushing advertisements.MalwareX IndividualCC>1
703/01/2018?City of FarmingtonThe city of Farmington is hit by a variant of the SamSam ransomware.MalwareQ Human health and social work activitiesCCUS
803/01/2018?Linux ServersResearchers at F5 discover a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over SSH. The Monero miner botnet is based on Python and leverages Pastebin as command and control server when the original C&C isn’t available.MalwareX IndividualCC>1
903/01/2018?Bank customers globallyResearchers from security company Quick Heal reveal the detail of Android.banker.A9480, an Android banking trojan targeting more than 232 banking apps of financial institutions globally.MalwareX IndividualCC>1
1003/01/2018?Big Line HolidayBig Line Holiday, a Hong Kong travel agency, reveals that hackers might have broken into its database a day before and gained possession of some of its customers’ personal information.MalwareR Arts entertainment and recreationCCHK
1104/01/2018?Ukrainian usersResearchers from Cisco Talos reveal that unknown attackers have compromised the official website of Ukrainian accounting software developer Crystal Finance Millennium to distribute a new variant of the malicious Zeus banking trojan. The compromised website hosts the payload retrieved by a dropper distributed via a spam campaign.MalwareX IndividualCCUA
1204/01/2018?City of Belle FourcheThe city of Belle Fourche is hit by a ransomware attack.MalwareO Public administration and defence; compulsory social securityCCUS
1304/01/2018?GoldjoyGoldjoy, another travel agency in Hong Kong, reveals that unauthorised parties accessed its customer database containing personal information such as names and ID card numbers, passport details and phone numbers, asking for a ransom.MalwareR Arts entertainment and recreationCCHK
1405/01/2018?Android UsersSecurity researchers from Check Point uncover LightsOut, a new mobile adware program hidden in 22 fake applications on the Google Play Store. According to the researchers, the apps were downloaded between 1.5 million and 7.5 million times.MalwareX IndividualCC>1
1505/01/2018?RedditReddit confirms that one of its email providers, Mailgun, has been breached, resulting in the hacks of user profiles and their linked cryptocurrency accounts.Account HijackingJ Information and communicationCCUS
1605/01/2018?BeautyblenderBeautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.MalwareG Wholesale and retail trade; repair of motor vehicles and motorcyclesCCUS
1705/01/2018?Oklahoma State University Center for Health Sciences (OSUCHS)Oklahoma State University Center for Health Sciences notifies an undisclosed number of affected patients of an unauthorized third party occurred on November 2017.UnknownQ Human health and social work activitiesCCUS
1805/01/2018@0x55TaylorCreditsevaAfter defacing it, @0x55Taylor manages to gain access to creditseva main website server and a copy of the s3 bucket credentials.UnknownK Financial and insurance activitiesCCIN
1905/01/2018The Dark OverlordColumbia Falls School District Number 6The Columbia Falls School District Number 6 in Montana, sends out letters to notify the breach occurred after the attack carried on by The Dark Overlord begun on September 1st, 2017.UnknownP EducationCCUS
2006/01/2018?Olympic Games in South KoreaResearchers from McAfee uncover a campaign, dubbed Operation PowerShell Olympics, targeting organizations involved with next month's Games in South Korea, with the aim of controlling infected machines.Targeted AttackU Activities of extraterritorial organizations and bodiesCEKR
2106/01/2018?BlackBerry Mobile SiteThe Blackberry Mobile site is hacked exploiting a vulnerability of Magento. The attackers install a Monero miner using the Coinhive library.Magento VulnerabilityJ Information and communicationCCCA
2206/01/2018?Florida's Agency for Health Care Administration (FAHCA)A phishing attack on an employee at Florida's Agency for Health Care Administration (discovered in November 20, 2017) results in the exposure of sensitive information on 30,000 Medicaid patients.Account HijackingQ Human health and social work activitiesCCUS
2307/01/2018?CVE 2017-10271 Vulnerable MachinesA report published by the SANS Technology Institute reveals that attackers are exploiting a critical Oracle WebLogic flaw (CVE 2017-10271) to inject Monero cryptocurrency miners on victim’s machines.MalwareX IndividualCC>1
2408/01/2018?Health South-East RHFHealth South-East RHF, a healthcare organization that manages hospitals in Norway's southeast region, announces a security breach. A hacker or hacker group might have stolen healthcare data for more than half of Norway's population. (over 2.9 million individuals)UnknownQ Human health and social work activitiesCCNO
2508/01/2018?Single IndividualsAlien Vault reveals to have found malware that appears to install code for mining Monero cryptocurrency, sending any mined coins to a server at a North Korean university.MalwareX IndividualCC>1
2608/01/2018?Onco360Onco360 notifies a phishing incident involving an employee’s email account and affecting potentially 53,000 users.Account HijackingQ Human health and social work activitiesCCUS
2708/01/2018?Caremed Specialty PharmacyCaremed Specially Pharmacy is victim of the same event affecting Onco360Account HijackingQ Human health and social work activitiesCCUS
2809/01/2018TurlaEmbassies and consulates in East EuropeResearchers from ESET unveil the details of a new operation carried on by the Turla cyber espionage group, targeting embassies and consulates in East Europe using a fake Adobe Flash updater.Targeted AttackO Public administration and defence; compulsory social securityCE>1
2909/01/2018?Android UsersResearchers at Trend Micro find in the Google Play Store the first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language.MalwareX IndividualCC>1
3009/01/2018?Single IndividualsMalwarebytes reveal the details of a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising, exploiting the RIG Exploit Kit.MalvertisingX IndividualCC>1
3110/01/2018Pawn Storm AKA Fancy Bear AKA APT28International Olympic CommitteeAPT28 AKA Pawn Storm AKA Fancy Bear publish a set of apparently stolen emails purportedly belong to officials from the International Olympic Committee, the United States Olympic Committee, and third-party groups associated with the organizations.UnknownU Activities of extraterritorial organizations and bodiesCCN/A
3210/01/2018?Android UsersResearchers from Symantec discover a fake Telegram (Teligram) app on the Google Play Store that claims to be a new, updated version of the popular encrypted messenger app, but whose real purpose is to distribute malware.MalwareX IndividualCC>1
3310/01/2018?Russian Bank CustomersResearchers at Trend Micro discover a new mobile malware that primarily targets Russian banking customers, taking over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, The malware is dubbed FakeBank.MalwareX IndividualCCCC
3410/01/2018?Netflix UsersNetflix users are warned to avoid clicking on any suspicious email links after a phishing scam is uncovered by security firm Mailguard, which security experts say is designed to steal credit card details.Account HijackingX IndividualCC>1
3511/01/2018?Unpatched Windows and Linux serversResearchers from Check Point and Certego reveals the details of a new campaign distributing a malware dubbed RubyMiner, turning outdated web servers into Monero miners.MalwareY Multiple IndustriesCC>1
3611/01/2018?German UsersGerman authorities warn about phishing emails trying to take advantage of the Spectre and Meltdown vulnerabilities, promising fake patches and distributing the Smoke Loader malware.MalwareX IndividualCCDE
3711/01/2018?Apple Mac usersPatrick Wardle, a security researcher, discovers OSX MaMi, a new, undetectable strain of malware affecting Apple Macs that can hijack a device's DNS settings and steal victims' personal data.MalwareX IndividualCC>1
3811/01/2018?North Korean defectorsResearchers at McAfee unveil the details of operation Sun Team, a campaign targeting North Korean defectors, along with those who help them, which aims to infect their devices with trojan malware for the purposes of spying on them.MalwareX IndividualCEKP
3911/01/2018?Adams Health NetworkAdams Health Network, which runs Adams Memorial Hospital, confirms that a ransomware attack targeted some of its computer servers.MalwareQ Human health and social work activitiesCCUS
4012/01/2018Pawn Storm AKA Fancy Bear AKA APT28US SenateResearchers from Trend Micro reveal that the state sponsored hackers behind APT28 (AKA Pawn Storm AKA Fancy Bear) targeted the US Senate in mid-2017).Targeted AttackO Public administration and defence; compulsory social securityCEUS
4112/01/2018?Hancock Regional HospitalThe Hancock Regional Hospital, in the state of Indiana, confirms to be running on pen and paper following a SAMSAM ransomware attack, which hit the day prior. The hospital eventually pays up hackers $55,000 to restore control.MalwareQ Human health and social work activitiesCCUS
4212/01/2018?Android UsersResearchers from Check Point reveals the details of 'AdultSwine', a malware displays pornographic advertising on Android applications, found in 60 gaming apps on Google Play and downloaded between three and seven million times.MalwareX IndividualCC>1
4313/01/2018?New Zealand FootballNew Zealand Football says it is investigating a potential hack of its official website after a fake news article popped up "announcing" the resignation of its CEO Andy Martin.DefacementR Arts entertainment and recreationCCNZ
4413/01/2018?BlackWalletAn unidentified thief reportedly steals more than $400,000 in Stellar lumens after hacking the digital wallet provider BlackWallet.DNS HijackingV FintechCCDE
4514/01/2018?Devices powered by ARC CPUsResearchers from infosec group Malware Must Die discover a new variant of the Mirai botnet capable of infecting devices powered by ARC CPUs. The botnet is dubbed "Okiru", which means "wake up" in Japanese.MalwareX IndividualCC>1
4614/01/2018Ayyıldız TimSyed Akbaruddin's Twitter Account @AkbaruddinIndiaThe verified Twitter account of Syed Akbaruddin. India's top diplomat to the United Nations, is briefly taken over by suspected Turkish hackers.Account HijackingX IndividualHIN
4714/01/2018Ayyıldız TimBorge Brende's Twitter Account @borgebrendeThe same hackers also manage to hijack the verified account of Borge Brende, the president of the World Economic Forum and former minister of foreign affairs for Norway.Account HijackingX IndividualHNO
4815/01/2018?OnePlusChinese smartphone manufacturer OnePlus launches an investigation after a number of customers who used its website to purchase products complain of attempted fraud. Few days after (January 19) the company confirms to have been hacked via a malicious script injected into its website, potentially compromising the payment card details of up to 40,000 customers.Malicious ScriptC ManufacturingCCCN
4915/01/2018?Chrome UsersSecurity researchers from ICEBRG find four malicious Chrome extensions available in the Chrome store, laced with suspicious code, and infecting more than 500,000 users across the globe, including workstations within major organizations.Malicious Browser ExtensionX IndividualCC>1
5015/01/2018?Financial Organizations in Latin AmericaResearchers from Trend Micro spot a new variant of the KillDisk disk-wiping malware targeting companies in the financial sector in Latin America.MalwareK Financial and insurance activitiesCC>1
5112/01/2018?Monticello Central Strict DistrictMonticello Central School District warns of a sophisticated e-mail phishing attack occurred on November 1st, 2017. Potentially 2,598 individuals are affected.Account HijackingP EducationCCUS
5216/01/2018Group 123Multiple targets mainly in South KoreaResearchers from Cisco Talos reveal the details of the malicious activities of Group 123, a malicious actor linked to North Korea, author of at least six malicious campaigns focused on South Korean targets.Targeted AttackY Multiple IndustriesCEKR
5316/01/2018?Several Italian IndividualsResearchers from Kaspersky Lab reveal the details of Skygofree, an Android malware, reminiscent of the Hacking Team surveillance malware, targeting some Italian individuals.MalwareX IndividualCEIT
5416/01/2018Ayyıldız TimEric Bolling (@ericbollingTR) and Greta Van Susteren (@greta) Twitter accountsFormer Fox News hosts Eric Bolling and Greta Van Susteren appear to have their Twitter accounts hijacked by a group of suspected Turkish hackers dubbed Ayyıldız Tim.Account HijackingX IndividualCCUS
5516/01/2018?Several cryptocurrency exchanges such as Coinlink.According to the security firm Recorded Future, the notorious North Korean hacking outfit Lazarus Group is behind cyberattacks that targeted South Korean cryptocurrency exchanges and users towards the end of 2017, security researchers have found. However Coinlink denies the claims.Account HijackingV FintechCC>1
5616/01/2018?Singing River Health SystemUnknown attackers try to break into the Singing River Health System’s network.UnknownQ Human health and social work activitiesCCUS
5717/01/2018?Bank Customers in the UK, France and AustraliaSecurity researchers at Forcepoint reveal a new improved version of the financial malware Dridex, targeting victims in the UK, France and Australia and using compromised FTP websites in phishing campaigns.MalwareK Financial and insurance activitiesCC>1
5817/01/2018?Several telecommunications, insurance and financial service firms.Researchers from security firm FireEye reveal a new spam campaign delivering the Zyklon HTTP malware, and exploiting three relatively new Microsoft Office vulnerabilities. The attackers are targeting telecommunications, insurance and financial service firms. The malware comes with a variety of features, like password stealing, keylogging, DDoS and crypto mining.MalwareY Multiple IndustriesCC>1
5917/01/2018?Claymore mining rigsA new variant of the Satori botnet springs back to life, targeting Claymore mining rigs, and replacing the device owner's mining credentials with the attacker's own.MalwareV FintechCC>1
6017/01/2018?Single IndividualsNecurs, the world's largest spam botnet, is back on track, sending millions of spam emails that push an obscure cryptocurrency named Swisscoin, used for Multi-Level-Marketing (MLM) Ponzi scheme.MalwareX IndividualCC>1
6118/01/2018Dark CaracalVictims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors in 21 different countriesSecurity researchers from digital rights organization Electronic Frontier Foundation and security firm Lookout reveal a long lasting campaign allegedly carried on by attackers tied to the Lebanese government, able to steal hundreds of gigabytes from thousands of victims all over the world. The group is dubbed Dark Caracal.Targeted AttackY Multiple IndustriesCE>1
6218/01/2018?Android UsersGoogle removes 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam, active since April 2017, that could steal Facebook credentials and push ads to infected phones.MalwareY Multiple IndustriesCC>1
6318/01/2018?AllscriptsA ransomware attack takes down some of the applications used by Allscripts.MalwareJ Information and communicationCCUS
6418/01/2018?Questar AssessmentA data breach at the company that develops New York State’s third-through-eighth grade reading and math tests allows an unauthorized user to access information about 52 students. Also students in another state are affected, but the company does not provide further details.UnknownJ Information and communicationCCUS
6519/01/2018?IOTAMalicious websites used to generate password details for the fintech network IOTA (online seed generators) are reportedly to blame for the theft of nearly $4m (£2.9m) from users' digital wallets.Account HijackingV FintechCC>1
6619/01/2018?Electronic Gas StationsRussian authorities identify a distributed malware campaign targeting electronic gas stations using software programs at the pumps. Dozens of gas stations have been attacked with customers paying more for fuel (around 3 to 7% increment per gallon).MalwareD Electricity gas steam and air conditioning supplyCCRU
6719/01/2018?Westminster Ingleside King Farm Presbyterian Retirement CommunitiesWestminster Ingleside King Farm Presbyterian Retirement Communities notifies 5,228 Residents of a malware attack occurred on November 21, 2017MalwareP EducationCCUS
6819/01/2018?Charlotte Housing Authority341 employees of the Charlotte Housing Authority have their W-2 forms compromised after scammers sent CHA staffers an e-mail pretending to be from CEO.Account HijackingO Public administration and defence, compulsory social securityCCUS
6921/01/2018?Android UsersSecurity researchers at Russian cybersecurity company Dr.Web discover a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks. The malware is dubbed Android.RemoteCode.127.origin and has been downloaded more than 4,000,000 times.MalwareX IndividualCC>1
7022/01/2018?Fire and Fury ReadersResearchers spot a copy of Michael Wolff’s book Fire and Fury infected with malware.MalwareX IndividualCCUS
7122/01/2018Ayyıldız TimDavid Clarke Jr. Twitter AccountThe Turkish Cyber Army hacking group strikes again and hijacks the Twitter account of vocal Donald Trump supporter and ex-Milwaukee County Sheriff David Clarke Jr.Account HijackingX IndividualCCUS
7222/01/2018?Charissa ThompsonFox Sports host Charissa Thompson is the latest celebrity whose nude photos are stolen by hackers and then published online as part of The Fappening scandal.Account HijackingX IndividualCCUS
7322/01/2018?Apache ServersResearchers from Trend Micro report a significant increase in the use of Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) vulnerabilities to implant Monero miners.Apache Struts VulnerabilitiesY Multiple IndustriesCC>1
7423/01/2018?Bell CanadaPolice are investigating a new data breach at Bell Canada (the second in eight months), which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses of up to 100,000 users.UnknownJ Information and communicationCCCA
7523/01/2018?MetrolinxOntario transit agency Metrolinx says it was the target of a cyberattack that originated in North Korea, but no personal information was compromised.UnknownH Transportation and storageCECA
7623/01/2018?220,000 Malaysian organ donors.Another data breach in Malaysia. A technology forum publishes details of a trove of data which includes the personal information of more than 220,000 organ donors.UnknownQ Human health and social work activitiesCCMY
7723/01/2018Nexus ZetaIoT Devices WorldwideAccording to a new report by Newsky Security, the author of the infamous Satori IoT botnet has created two new variants of the predecessor Mirai, called Masuta and PureMasuta.MalwareX IndividualCC>1
7823/01/2018?Turkish Defense ContractorsAccording to RiskIQ, an unknown actor purporting to be from the tax collection arm of the Turkish government is carrying out spear-phishing campaigns against Turkish defense contractors, using a RAT called Remcos.Targeted AttackO Public administration and defence, compulsory social securityCETR
7923/01/2018?Twitter UsersResearchers from Malwarebytes reveal a fresh malware campaign spreading via a spamming Twitter accounts.MalwareX IndividualCC>1
8023/01/2018?National Stores, Inc.National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.MalwareG Wholesale and retail tradeCCUS
8123/01/2018?Unnamed company in GreenbayUnknown hackers use a known vulnerability to get into a company’s computer system, stealing personal information from human resources files, and then using that to steal what police call “significant amounts” of money from several people.Undisclosed vulnerabilityZ UnknownCCUS
8224/01/2018?Single IndividualsResearchers from Sucuri reveal a new campaign targeting more than 2,000 compromised websites and aimed to both mine Monero and stealing the users credentials.Malicious Script InjectionX IndividualCC>1
8324/01/2018?Harris CountyHarrys County lose almost $900K in a phishing scam. The attack dates back to September 2017.Account HijackingO Public administration and defence, compulsory social securityCCUS
8424/01/2018?Victims based primarily in Thailand, Vietnam and EgyptResearchers from Palo Alto Networks discover A newly discover a malicious URL redirection campaign that infects users with the XMRig Monero cryptocurrency miner. The campaign has already victimized users between 15 and 30 million times.MalvertisingX IndividualCC>1
8524/01/2018?IoT Devices WorldwideBitdefender researchers uncover an emerging IoT botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot is dubbed Hide 'N Seek (HNS)MalwareX IndividualCC>1
8624/01/2018?5 universities, 23 private companies and several government organizations.Security researchers from Comodo spot a new strain of sophisticated malware, dubbed Lebal, targeting a number of high-profile entities, including five universities, 23 private companies and several government organizations.Targeted AttackY Multiple IndustriesCC>1
8725/01/2018?Single IndividualsResearchers from Crowdstrike discover a new strain of malware that uses the National Security Agency's EternalBlue exploit to hijack computers and secretly mine cryptocurrency. The malware is dubbed WannaMine.MalwareX IndividualCC>1
8825/01/2018?Single IndividualsA new ransomware called MoneroPay is discovered that tries to take advantage of the cryptocurrency craze by spreading itself as a wallet for a fake coin called SpriteCoin.MalwareX IndividualCC>1
8925/01/2018OilRig8 Middle Eastern government organizations, as well as one financial and one educational institution.Researchers from Palo Alto Networks reveal a new operation of the Iran-linked cyber-espionage group tracked as OilRig, carried on using a backdoor dubbed RGDoor to target Internet Information Services (IIS) Web servers.Targeted AttackY Multiple IndustriesCE>1
9026/01/2018?Financial Organizations in Latin AmericaNCR sends an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States. Sources say the malware behind the attack is Ploutus.D.MalwareK Financial and insurance activitiesCCUS
9126/01/2018?YouTube UsersYouTube is caught displaying ads that covertly use visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers.Malicious Script InjectionX IndividualCC>1
9226/01/2018?CoincheckJapanese cryptocurrency exchange Coincheck confirms that some $524 million worth of digital coins (a cryptocurrency called NEM) has been stolen—likely making it the largest single hack on an exchange.UnknownV FintechCCJP
9326/01/2018?Users in the Middle EastSecurity researchers from Palo Alto Networks detect a fresh wave of attacks targeting users in the Middle East. Attackers use Arabic language documents related to current political events to download and run malicious malware. The campaign is called 'TopHat' and makes use of a malware dubbed 'Scote'.Targeted AttackX IndividualCE>1
9426/01/2018?Chrome UsersTrend Micro publishes a list of malicious Chrome extensions making use of a recently discovered technique called "Session Replay" attack.Malicious ExtensionX IndividualCC>1
9526/01/2018?phpBBAn unknown attacker compromises download links for the phpBB forum software, according to a statement released today by the phpBB development team.UnknownJ Information and communicationCCN/A
9627/01/2018?ABN AmbroABN Ambro is the victim of a sustained DDoS attack. The wave of cyberattacks comes just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.DDoSK Financial and insurance activitiesCWNL
9727/01/2018?INGDuring the same weekend, also ING is targeted.DDoSK Financial and insurance activitiesCWNL
9828/01/2018?ExpertyA hacker tricks Experty ICO participants into sending Ethereum funds to the wrong wallet address. He is able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications. The bounty amounts to $150,000 worth of Ethereum.Account HijackingV FintechCCCH
9928/01/2018?Ontario Progressive Conservative PartyThe Ontario Progressive Conservative Party’s internal database is locked up by a ransomware attack in early November. The incident is first being acknowledged now.MalwareQ Human health and social work activitiesCCCA
10029/01/2018?RabobankRabobank is the third of the big Dutch banks to be targeted by a DDoS attack.DDoSK Financial and insurance activitiesCWNL
10129/01/2018?Dutch tax authorityThe Dutch Tax Authority is also taken down by a DDoS attack.DDoSO Public administration and defence, compulsory social securityCWNL
10229/01/2018?DigIDThe Dutch official online signature system DigID is also reportedly hit by the same wave of DDoS attacks.DDoSO Public administration and defence, compulsory social securityCWNL
10329/01/2018Suspected malicious actor tied to PakistanAndroid Users in IndiaSecurity researchers from Trend Micro unveil the details o a cyber espionage campaign targeting Android users in India, using the PoriewSpy and Droid.jack malware.MalwareX IndividualCEIN
10429/01/2018?Ransomware victimsThe operators of at least one Tor proxy service are caught replacing Bitcoin addresses on ransomware payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators. In this way the victims are damaged twice.Tor Traffic HijackingX IndividualCC>1
10529/01/2018?Chester County School DistrictChester County School District posts on its Facebook page that ransomware hit the district’s servers over the weekend.MalwareP EducationCCUS
10630/01/2018?Ukrainian IndividualsResearchers from Palo Alto Networks uncovered a two-year-old cyber espionage campaign that's been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.Targeted AttackX IndividualCEUA
10730/01/2018?ABN AmbroABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.DDoSK Financial and insurance activitiesCCRU
10830/01/2018?INGAnd during the same wave of DDoS attacks, also ING is targeted (once again).DDoSK Financial and insurance activitiesCCRU
10930/01/2018?Single IndividualsSecurity researchers from Malwarebytes uncover a new strain of ransomware called GandCrab that is being distributed through two separate exploit kits: the RIG EK and GrandSoft EK.MalwareX IndividualCC>1
11030/01/2018?Spartanburg Public LibraryThe Spartanburg Public Library system is shut down after it is hit with a ransomware attack.MalwareP EducationCCRU
11131/01/2018?More than 526,000 infected Windows hostsResearchers from Proofpoint reveal the details of the Smominru botnet. A Monero miner, active since May 2017, exploiting the Eternal Blue (CVE-2017-0144) and EsteemAudit (CVE-2017-0176) vulnerabilities to spread.MalwareX IndividualCC>1
11231/01/2018?Users participating to the ICO of the Bee Token Crypto CurrencyUsers who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.Account HijackingV FintechCCUS
11331/01/2018?GoGetCar-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.UnknownH Transportation and storageCCAU
11431/01/2018?Firefox UsersA Firefox extension called Image Previewer is discovered, injecting a Monero in-browser miner into Firefox. While we have seen numerous Chrome.Malicious ExtensionX IndividualCC>1
11531/01/2018North KoreaSouth KoreaSouth Korea’s Internet & Security Agency (KISA) warns of a Flash zero-day vulnerability (CVE-2018-4878) reportedly exploited in attacks by North Korea’s hackers.Targeted AttackX IndividualCEKR
11601/02/2018?Single IndividualsThe FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam.Account HijackingX IndividualCC>1
11701/02/2018Iron TigerInstitutions in the government, technology, education and telecommunications sector in Asia and the US.Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.Targeted AttackY Multiple IndustriesCE>1
11801/02/2018?Google Chrome UsersSecurity researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."MalwareX IndividualCC>1
11901/02/2018?IoT DevicesResearchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-2017–17215).VulnerabilityX IndividualCC>1
12001/02/2018?City of Pittsburg in KansasThe City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.Account HijackingO Public administration and defence, compulsory social securityCCUS
12101/02/2018?HORNE LLPHORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.Account HijackingK Financial and insurance activitiesCCUS
12201/02/2018?City of BataviaThe city of Batavia reports employees’ personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings.Account HijackingO Public administration and defence, compulsory social securityCCUS
12301/02/2018?Kinetics SystemsKinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.Account HijackingC ManufacturingCCUS
12401/02/2018?Purchase Line School DistrictThe Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.Account HijackingP EducationCCUS
12501/02/2018?Coastal Cape Fear Eye AssociatesCoastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients.MalwareQ Human health and social work activitiesCCUS
12601/02/2018?AperioAperio informs of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts.Account HijackingK Financial and insurance activitiesCCUS
12702/02/2018?Redis and OrientDB serversResearchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution.Brute Force/Remote Code Execution VulnerabilityX IndividualCC>1
12802/02/2018?Mac UsersResearchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications.MalwareX IndividualCC>1
12902/02/2018?Ron’s Pharmacy ServicesRon’s Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron’s Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017.Account HijackingG Wholesale and retail tradeCCUS
13003/02/2018?Android UsersResearchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner.MalwareX IndividualCC>1
13104/02/2018?Reddit UsersSecurity Researcher Alec Muffett discovers a clone of the popular social news aggregation and discussion site Reddit on the reddit.co domain.Account HijackingX IndividualCC>1
13204/02/2018?City of KeokukThe City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a “criminal phishing email.”Account HijackingO Public administration and defence, compulsory social securityCCUS
13305/02/2018?Waldo CountyA phishing attack compromised the information of 100 Waldo County employeesAccount HijackingO Public administration and defence, compulsory social securityCCUS
13405/02/2018?City of KeokukThe city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.Account HijackingO Public administration and defence, compulsory social securityCCUS
13505/02/2018?Partners HealthCare SystemPartners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients’ information.MalwareQ Human health and social work activitiesCCUS
13605/02/2018?University of Northern ColoradoThe private information of 12 University of Northern Colorado employees is compromised lafter an “unknown person or group” accessed their profiles on Ursa, UNC’s online portal.UnknownP EducationCCUS
13706/02/2018Hidden Cobra, aka Lazarus GroupMultiple TargetsThe Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server.Targeted AttackY Multiple IndustriesCE>1
13806/02/2018AnonPlusItalian Democratic Party (PD)The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.UnknownU Activities of extraterritorial organizations and bodiesHIT
13906/02/2018AnonPlusProvince of MilanThe same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy.SQLiO Public administration and defence, compulsory social securityHIT
14007/02/2018?SwisscomSwisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers.Account HijackingJ Information and communicationCCCH
14107/02/2018?The Sacramento BeeThe Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper.MalwareJ Information and communicationCCUS
14207/02/2018?Nova PoshtaPersonal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web.UnknownS Other service activitiesCCUA
14307/02/2018?City of EnumclawThe city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees.Account HijackingO Public administration and defence, compulsory social securityCCUS
14407/02/2018?Twitter UsersOnline scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways."Fake Twitter AccountsX IndividualCC>1
14507/02/2018?Targets in Middle EastResearchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region.Targeted AttackY Multiple IndustriesCE>1
14607/02/2018?Business WirePress release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week.DDoSJ Information and communicationCCUS
14707/02/2018?Smith DentalSmith Dental notifies of a ransomware attack affecting 1,500 patients.MalwareQ Human health and social work activitiesCCUS
14808/02/2018?Undisclosed Water Utility CompanyResearchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency,MalwareE Water supply, sewerage waste management, and remediation activitiesCCN/A
14908/02/2018?Decatur County General HospitalDecatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware.MalwareQ Human health and social work activitiesCCUS
15008/02/2018?Single IndividualsResearchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware.MalwareX IndividualCC>1
15108/02/2018?Mikaela HooverThe Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim.Account HijackingX IndividualCCUS
15208/02/2018?Multiple TargetsResearchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server.PoS MalwareY Multiple IndustriesCC>1
15308/02/2018?Cisco ASA UsersFive days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability."Cisco ASA VulnerabilityY Multiple IndustriesCC>1
15408/02/2018?Single IndividualsA new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.MalwareX IndividualCC>1
15509/02/2018?Single IndividualsA new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran.MalwareX IndividualCC>1
15610/02/2018Vietnamese HackerNewtek Business Services Corp.,Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend.DNS HijackingJ Information and communicationCCUS
15710/02/2018?BitGrailItalian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months.UnknownV FintechCCIT
15811/02/2018?Pyeongchang Winter OlympicsPyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems.Targeted AttackU Activities of extraterritorial organizations and bodiesCWKR
15911/02/2018?4,275 sites4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.Malicious ScriptY Multiple IndustriesCC>1
16012/02/2018?Wordpress WebsitesTwo malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page.Wordpress Malicious PluginsX IndividualCC>1
16112/02/2018?Android UsersMalwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency.Drive-ByX IndividualCC>1
16212/02/2018Hidden Cobra, aka Lazarus GroupBitcoin users and global financial organizations.Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations.Targeted AttackK Financial and insurance activitiesCC>1
16312/02/2018?Single IndividualsA new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service.MalwareX IndividualCC>1
16412/02/2018?Single IndividualsResearchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentine’s Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks.MalwareX IndividualCC>1
16512/02/2018?Idaho Transportation Department (ITD)A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified.Account HijackingO Public administration and defence, compulsory social securityCCUS
16612/02/2018?EntergyEntergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data.UnknownD Electricity gas steam and air conditioning supplyCCUS
16713/02/2018?Telegram UsersResearchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily).Zero-Day Vulnerability in TelegramX IndividualCC>1
16813/02/2018?Android UsersResearchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016.MalwareX IndividualCC>1
16913/02/2018?Military personnel and businessmen, among others, in various South Asian countriesValentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps.Targeted AttackX IndividualCE>1
17013/02/2018?Vulnerable FirewallsResearchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-2015–7755 and CVE-2016–10401 to bypass respectively Juniper and Zyxel firewalls.MalwareY Multiple IndustriesCC>1
17113/02/2018?Advertisement Screen in LondonAnd the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner.MalwareZ UnknownCCUK
17214/02/2018?Staybridge Suites Lexington HotelThe Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.PoS MalwareR Arts entertainment and recreationCCUS
17314/02/2018?Single IndividualsResearchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro.MalwareX IndividualCC>1
17414/02/2018?Single IndividualsA Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder.SEO PoisoningX IndividualCC>1
17514/02/2018?Bitmessage usersMaintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.Zero-Day Vulnerability in BitmessageX IndividualCC>1
17614/02/2018?AtosReports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics.Targeted AttackJ Information and communicationCEFR
17714/02/2018?Western UnionWestern Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storageUnknownK Financial and insurance activitiesCCUS
17815/02/2018?Jenkins CI ServersResearchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are ableMalwareY Multiple IndustriesCC>1
17915/02/2018?Retina-X StudiosA vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products.UnknownJ Information and communicationCCUS
18015/02/2018GOLD LOWELLMultiple TargetsResearchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks.MalwareY Multiple IndustriesCCUS
18115/02/2018?Single IndividualsResearchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins.MalwareX IndividualCC>1
18213/02/2018?US TaxpayersThe Internal Revenue Service warns taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts.Account HijackingX IndividualCCUS
18313/02/2018?City of AllentownThe city of Allentown is hit by the Emotet Trojan. The City believes that the cost of remediation is closeto$1 million.MalwareO Public administration and defence, compulsory social securityCCUS
18413/02/2018?City of SavannahThe city of Savannah is in recovery mode after being hit by a malware attack when a city worker most likely opened a malicious email.MalwareO Public administration and defence, compulsory social securityCCUS
18514/02/2018?poorly secured Linux serversAccording to researchers from GoSecure, attacks are launching SSH brute-force attacks on poorly secured Linux servers to deploy a backdoor dubbed Chaos backdoorBrute-ForceY Multiple IndustriesCC>1
18616/02/2018?Unnamed Russian BankThe Russian Central Bank reveals that unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system.UnknownK Financial and insurance activitiesCCRU
18716/02/2018?Snapchat UsersDetails emerge on a phishing attack occurred on July 2017 able to score credentials for 50,000 Snapchat users.Account HijackingX IndividualCC>1
18816/02/2018rmsrfRoomsurfRoomsurf notifies his users of a data breach in which the attacker has been able to obtain usernames, phone numbers, and email addresses.UnknownI Accommodation and food service activitiesCCUS
18916/02/2018?Davidson CountyThe Davidson County computers are hit by an unspecified ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
19016/02/2018?Jemison Internal MedicineJemison Internal Medicine notifies 6,550 patients of a ransomware attack. However the investigation reveals that the systems had already been compromised.MalwareQ Human health and social work activitiesCCUS
19116/02/2018?Laufer Group InternationalLaufer Group International is the victim of a W-2 scam.Account HijackingN Administrative and support service activitiesCCUS
19216/02/2018?White and Bright Family DentalWhite and Bright Family Dental notifies patients of a hack occurred on January 30 2018.UnknownQ Human health and social work activitiesCCUS
19317/02/2018?Mac UsersResearchers from Digita Security warn users about the Coldroot remote access Trojan that is going undetected by AV engines since more than one year and targets MacOS computers.MalwareX IndividualCC>1
19418/02/2018?India’s City Union BankIndia’s City Union Bank reveals that cyber criminals have been able to hack its systems and transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.UnknownK Financial and insurance activitiesCCIN
19518/02/2018Flight Sim Labs (FSLabs)Microsoft Flight Simulator PlayersMod developer Flight Sim Labs (FSLabs) has been accused of embedding malware in its flight simulation add-ons to steal pirates' Chrome passwords.MalwareX IndividualCC>1
19619/02/2018?Blac ChynaAmerican model and entrepreneur Blac Chyna falls victim of The Fappening, having intimate content posted online.Account HijackingX IndividualCCUS
19720/02/2018?TeslaResearchers at security firm RedLock say hackers accessed one of Tesla's Amazon cloud accounts and used it to run currency-mining software. The breach started with a Kubernetes console left exposed.Account HijackingC ManufacturingCCUS
19820/02/2018APT37 AKA ReaperMultiple TargetsSecurity Firm FireEye reveals the details of a lesser-known North Korean cyberespionage group targeting Korean Peninsula, Japan, Vietnam and the Middle East in 2017.Targeted AttackY Multiple IndustriesCE>1
19920/02/2018?The Colorado Department of Transportation (CDOT)CDOT is hit with a ransomware attack, attributed to SamSam, which forces the organization to shut down 2,000 computers.MalwareO Public administration and defence, compulsory social securityCCUS
20020/02/2018?Los Angeles TimesTroy Mursch, a security researcher at Bad Packets Report, finds cryptojacking code hidden (based on Coinhive) on the Los Angeles Times’ interactive Homicide Report webpage.Malicious Script InjectionJ Information and communicationCCUS
20120/02/2018?HardwareZone (HWZ) Forum websiteThe HardwareZone (HWZ) Forum website is hacked and approximately 685,000 user profiles are affected. A senior moderator’s account has been compromised by an unidentified hacker, and used to access the user profiles since September 2017.Account HijackingJ Information and communicationCCSG
20220/02/2018APT28 AKA Fancy BearMultiple Targets in Middle East and AsiaResearchers from Kaspersky Lab publish a new report highlighting a shift in the activities of the infamous APT28 from Nato and Ukraine to Middle East and Central Asia.Targeted AttackY Multiple IndustriesCE>1
20321/02/2018?Facebook UsersResearchers at Avast report a sophisticated campaign in which attackers use Facebook and Facebook messenger to trick users into installing a highly sophisticated Android spyware. The operation is dubbed Tempting Cedar.MalwareX IndividualCC>1
20421/02/2018?SWIFTIT security researchers at Comodo Labs discover a new phishing scam targeting SWIFT financial messaging service. The scam does not only aim at stealing banking credentials but also infects victims computers with the Adwind RAT.Account HijackingK Financial and insurance activitiesCC>1
20521/02/2018Attackers of likely Nigerian originMultiple Fortune 500 companiesResearchers from IBM X-Force uncover an active Business Email Compromise campaign targeting multiple Fortune 500 companies.Account HijackingY Multiple IndustriesCC>1
20621/02/2018?IoT and networking equipmentSecurity researchers from Fortinet spot a new variant of the Mirai malware (dubbed Mirai OMG) that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.MalwareY Multiple IndustriesCC>1
20721/02/2018?University of Virginia Health System (uvahealth.com)The University of Virginia Health System notifies almost 2,000 patients that their health records may have been exposed when an unauthorized third party implanted malware on a staffer's computer active between May 2015 and December 2016.MalwareQ Human health and social work activitiesCCUS
20821/02/2018?ASCDASCD is the victim of a W-2 scam.Account HijackingQ Human health and social work activitiesCCUS
20922/02/2018?The Los Angeles PhilharmonicThe Los Angeles Philharmonic falls victim to a cyberattack that results in the theft of W-2 information for everyone that worked there in 2017. The security beach happened as the result of a "spear phishing" attack.Account HijackingR Arts entertainment and recreationCCUS
21022/02/2018LulzSecITAMatteo Salvini BlogThe Italian elections are approaching, so Hacktivists from the collective LulzSecITA hack the blog of Matteo Salvini, the leader of right-wind Italian party "La Lega" and dump 70,000 emails.UnknownS Other service activitiesHIT
21122/02/2018?University of AlaskaDozens of current and former employees and students of the University of Alaska are unable to access their Alaska.edu accounts. According to the investigation, user passwords have been changed by a third party.Account HijackingP EducationCCUS
21222/02/2018?MobistealthA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCCUS
21322/02/2018?Spy Master ProA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCCUS
21422/02/2018?Curtis LumberCurtis Lumber is the victim of a spear phishing attackAccount HijackingG Wholesale and retail tradeCCUS
21522/02/2018?Punjab National Bank (PNB)10,000 Credit Cards details from Punjab National Bank are leaked in the dark web.UnknownK Financial and insurance activitiesCCIN
21623/02/2018?About one dozen Connecticut government agenciesAbout one dozen Connecticut government agencies are hit with what one published report says is a WannaCry attack that knocks about 160 computers offline.MalwareO Public administration and defence, compulsory social securityCCUS
21723/02/2018OilRig APTAn insurance agency and a financial institution in the Middle EastResearchers from Palo Alto Networks reveal that the Iran-linked OilRig APT group is now using a new Trojan called OopsIE in recent attacks against an insurance agency and a financial institution in the Middle East.Targeted AttackK Financial and insurance activitiesCEN/A
21823/02/2018?Chinese WebsitesResearchers from Malwarebytes unveil the details of a drive-by attack targeting Chinese websites, and dropping an updated version of the Avzhan DDoS bot.MalwareY Multiple IndustriesCCCN
21923/02/2018?Children’s Aid Society of Oxford County Family and Children’s Services of Lanark, Leeds and GrenvilleTwo Ontario children’s aid societies are hit by Ransomware.MalwareQ Human health and social work activitiesCCCA
22024/02/2018AnonymousMatteo Salvini Facebook PageAnd after the personal blog, hacktivists from Anonymous also deface Matteo Salvini's blog page.DefacementS Other service activitiesHIT
22124/02/2018?Teesside UniversityStudents at Teesside University are warned about a possible email security breach and urged to reset their university password.UnknownP EducationCCUS
22224/02/2018?Wallace Community College SelmaPersonal and financial information of current and former employees of Wallace Community College Selma is leaked through a phishing scam.Account HijackingP EducationCCUS
22324/02/2018?Single IndividualsAccording to security researchers from Qihoo 360 Netlab, an advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves since December 2017.Malicious Script InjectionX IndividualCC>1
22425/02/2018?Jorgie PorterEnglish actress and model Jorgie Porter is the latest victim of The Fappening hackers, who manage to steal her intimate pictures and videos and post them online.Account HijackingX IndividualCCUK
22525/02/2018AnonymousSome Ohio State WebsitesIn name of #opUSA, hacktivists from the Anonymous collective take down some Ohio State websites.DDoSO Public administration and defence, compulsory social securityHUS
22625/02/2018?Inland Revenue DepartmentThousands of Inland Revenue files are locked up after New Zealand’s tax department becomes the target of a Cryptolocker attack in November.MalwareO Public administration and defence, compulsory social securityCCNZ
22726/02/2018Deep PandaSome UK think tanksCrowdstrike reveals that some UK think tanks specializing in international security were hacked by China-based group 'Deep Panda' beginning in April 2017.Targeted AttackM Professional scientific and technical activitiesCEUK
22826/02/2018?Four British SchoolsHackers break into CCTV systems of at least four British schools and stream footage of pupils live on the internet.UnknownP EducationCCUK
22926/02/2018?Porsche JapanThe Japanese arm of Porsche says more than 28,000 email addresses have been leaked via a hack.UnknownC ManufacturingCCJP
23026/02/2018?Vulnerable Oracle WebLogic ServersSecurity researchers from Trend Micro uncover a new campaign, which involves hackers exploiting an Oracle server vulnerability (an Oracle WebLogic WLS-WSAT flaw CVE-2017-10271) to deliver two cryptominers: a 64-bit variant and a 32-bit variant of the XMRig Monero miner.MalwareY Multiple IndustriesCC>1
23126/02/2018Hackers with connections to IranUnnamed Australian UniversitiesAustralian universities have been targeted by hackers with connections to Iran in recent months, and "a number of investigations" are in progress, according to cybersecurity firm Crowdstrike.Targeted AttackP EducationCEAU
23226/02/2018?Travel CorporationTravel Corporation falls victim of a W-2 Scam.Account HijackingR Arts entertainment and recreationCCUS
23326/02/2018?U.S. Residents in 20 statesAccording to federal court documents, russian hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million.MalwareX IndividualCCUS
23427/02/2018?Android UsersSecurity Firm Wandera reveals the details of RedDrop, a sophisticated strain of mobile malware targeting Android devices can extract sensitive data and audio recordings, run up premium SMS charges and then tries to extort money from victims.MalwareX IndividualCC>1
23527/02/2018?Single IndividualsResearcher from cybersecurity firm Morphisec reveal the details of a new campaign carried on via spam messages delivering a malicious Word document. The document attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) to let the attackers take control of the infected machines.MalwareX IndividualCC>1
23627/02/2018?Wordpress, Joomla and CodeIgniter websitesSecurity researchers from SiteLock warn WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware creates backdoors on vulnerable websites. The malware has been found on over 800 sites.MalwareY Multiple IndustriesCC>1
23727/02/2018?Tim HortonsA computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.MalwareI Accommodation and food service activitiesCCCA
23827/02/2018?FastHealthFastHealth reveals that in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.UnknownQ Human health and social work activitiesCCUS
23928/02/2018?Financial Services Information Sharing and Analysis Center (FS-ISAC)The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.Account HijackingU Activities of extraterritorial organizations and bodiesCCUS
24028/02/2018APT28 AKA Fancy BearVarious German government agenciesAccording to a report issued by the German news agency dpa, malicious actors from APT28 AKA Fancy Bear infiltrated several German government agencies for more than a year.Targeted AttackO Public administration and defence, compulsory social securityCEDE
24128/02/2018APT28 AKA Fancy BearUndisclosed North American and European foreign ministry agencyAnd nearly in contemporary, researchers from Palo Alto Networks reveal that the same attackers from APT28 targeted a North American and European foreign ministry agency.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
24228/02/2018?GitHubGitHub suvives the largest DDoS attack recorded (so far), reching a stunning 1.35 terabits/sec. leveraging memcached servers.DDoSJ Information and communicationCCUS
24328/02/2018?Undiclosed Brazilian public sector management school.Researchers from Cisco Talos identify two different versions of a RAT, dubbed CannibalRAT, written entirely in Python, impacting users of a Brazilian public sector management school.Targeted AttackP EducationCCBR
24428/02/2018ChaferEntities across the Middle EastResearchers from Symantec reveal the detalils of an Iranian hacking outfit, dubbed Chafer, previously focused on domestic surveillance, expanding its scope and cyber arsenal to target entities across the Middle East.Targeted AttackY Multiple IndustriesCC>1
24528/02/2018?Single IndividualsResearchers from Malwarebytes reveal the details of a malvertising campaign using decoy websites pushing cryptocurrencies and to redirect users to the RIG exploit kit.MalvertisingX IndividualCC>1
24628/02/2018?rTorrent Client usersResearchers from F5 detect an attack actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability on XML-RPC for deploying a Monero (XMR) crypto-miner operation.MalwareX IndividualCC>1
24728/02/2018?Single IndividualsA bulk breach dump is discovered totaling over 3.4 billion credentials.UnknownX IndividualCC>1

%d bloggers like this: