2018 Master Table

This page collects all the attacks recorded so far in 2018. It will be updated when a new timeline is added. The table is shown in the bottom and it’s also available in Google Sheet. You will also find show some interactive graphs and statistics compared, whenever possible, with the same period in 2017. You can also download the charts.


The following chart compares the total events in 2017 and 2018 on a monthly basis.

The daily detail is provided in the following charts, which also shows the breakdown for each category. The chart is interactive so you can see the single value scrolling over it. You can also select the single categories.

The following charts compares the monthly distributions broken down across the different categories for  2018 and 2017:

Finally, the following charts compare the distribution of motivations.

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/01/2018?Faye Brookes2018 begins with a new round of Fappening leaks. This time the victim is Faye Brookes, whose explicit video is leaked on several video sharing websites.UnknownX IndividualCCUK
201/01/2018?Rockingham County SchoolsRockingham County Schools servers are compromised by the Emotet malware after an employee opens a phishing email.MalwareP EducationCCUS
302/01/2018AndarielUnnamed South Korean CompanyBloomberg reveals that a hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins, worth about $25,000 as of Dec. 29.UnknownZ UnknownCCKR
402/01/2018@0x55Taylorthefly.comA hacker using the twitter handle @0x55Taylor posts some screenshots of a breach affecting all users who registered at thefly.com a leading digital publisher of real-time financial news between 2006 and 2015. The leak contains the data of 100,000 individuals, and the credit card details of 27,000 among them.SQLi?J Information and communicationCCUS
503/01/2018?Uber UsersSymantec researchers discover a new malware strain, dubbed Android.Fakeapp, that sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over users’ accounts.MalwareX IndividualCC>1
603/01/2018?Android UsersResearchers from Trend Micro discover 36 apps on Google Play in disguise of security tools, but in reality able to secretly harvesting user data, tracking user location, and aggressively pushing advertisements.MalwareX IndividualCC>1
703/01/2018?City of FarmingtonThe city of Farmington is hit by a variant of the SamSam ransomware.MalwareQ Human health and social work activitiesCCUS
803/01/2018?Linux ServersResearchers at F5 discover a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over SSH. The Monero miner botnet is based on Python and leverages Pastebin as command and control server when the original C&C isn’t available.MalwareX IndividualCC>1
903/01/2018?Bank customers globallyResearchers from security company Quick Heal reveal the detail of Android.banker.A9480, an Android banking trojan targeting more than 232 banking apps of financial institutions globally.MalwareX IndividualCC>1
1003/01/2018?Big Line HolidayBig Line Holiday, a Hong Kong travel agency, reveals that hackers might have broken into its database a day before and gained possession of some of its customers’ personal information.MalwareR Arts entertainment and recreationCCHK
1104/01/2018?Ukrainian usersResearchers from Cisco Talos reveal that unknown attackers have compromised the official website of Ukrainian accounting software developer Crystal Finance Millennium to distribute a new variant of the malicious Zeus banking trojan. The compromised website hosts the payload retrieved by a dropper distributed via a spam campaign.MalwareX IndividualCCUA
1204/01/2018?City of Belle FourcheThe city of Belle Fourche is hit by a ransomware attack.MalwareO Public administration and defence; compulsory social securityCCUS
1304/01/2018?GoldjoyGoldjoy, another travel agency in Hong Kong, reveals that unauthorised parties accessed its customer database containing personal information such as names and ID card numbers, passport details and phone numbers, asking for a ransom.MalwareR Arts entertainment and recreationCCHK
1405/01/2018?Android UsersSecurity researchers from Check Point uncover LightsOut, a new mobile adware program hidden in 22 fake applications on the Google Play Store. According to the researchers, the apps were downloaded between 1.5 million and 7.5 million times.MalwareX IndividualCC>1
1505/01/2018?RedditReddit confirms that one of its email providers, Mailgun, has been breached, resulting in the hacks of user profiles and their linked cryptocurrency accounts.Account HijackingJ Information and communicationCCUS
1605/01/2018?BeautyblenderBeautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.MalwareG Wholesale and retail trade; repair of motor vehicles and motorcyclesCCUS
1705/01/2018?Oklahoma State University Center for Health Sciences (OSUCHS)Oklahoma State University Center for Health Sciences notifies an undisclosed number of affected patients of an unauthorized third party occurred on November 2017.UnknownQ Human health and social work activitiesCCUS
1805/01/2018@0x55TaylorCreditsevaAfter defacing it, @0x55Taylor manages to gain access to creditseva main website server and a copy of the s3 bucket credentials.UnknownK Financial and insurance activitiesCCIN
1905/01/2018The Dark OverlordColumbia Falls School District Number 6The Columbia Falls School District Number 6 in Montana, sends out letters to notify the breach occurred after the attack carried on by The Dark Overlord begun on September 1st, 2017.UnknownP EducationCCUS
2006/01/2018?Olympic Games in South KoreaResearchers from McAfee uncover a campaign, dubbed Operation PowerShell Olympics, targeting organizations involved with next month's Games in South Korea, with the aim of controlling infected machines.Targeted AttackU Activities of extraterritorial organizations and bodiesCEKR
2106/01/2018?BlackBerry Mobile SiteThe Blackberry Mobile site is hacked exploiting a vulnerability of Magento. The attackers install a Monero miner using the Coinhive library.Magento VulnerabilityJ Information and communicationCCCA
2206/01/2018?Florida's Agency for Health Care Administration (FAHCA)A phishing attack on an employee at Florida's Agency for Health Care Administration (discovered in November 20, 2017) results in the exposure of sensitive information on 30,000 Medicaid patients.Account HijackingQ Human health and social work activitiesCCUS
2307/01/2018?CVE 2017-10271 Vulnerable MachinesA report published by the SANS Technology Institute reveals that attackers are exploiting a critical Oracle WebLogic flaw (CVE 2017-10271) to inject Monero cryptocurrency miners on victim’s machines.MalwareX IndividualCC>1
2408/01/2018?Health South-East RHFHealth South-East RHF, a healthcare organization that manages hospitals in Norway's southeast region, announces a security breach. A hacker or hacker group might have stolen healthcare data for more than half of Norway's population. (over 2.9 million individuals)UnknownQ Human health and social work activitiesCCNO
2508/01/2018?Single IndividualsAlien Vault reveals to have found malware that appears to install code for mining Monero cryptocurrency, sending any mined coins to a server at a North Korean university.MalwareX IndividualCC>1
2608/01/2018?Onco360Onco360 notifies a phishing incident involving an employee’s email account and affecting potentially 53,000 users.Account HijackingQ Human health and social work activitiesCCUS
2708/01/2018?Caremed Specialty PharmacyCaremed Specially Pharmacy is victim of the same event affecting Onco360Account HijackingQ Human health and social work activitiesCCUS
2809/01/2018TurlaEmbassies and consulates in East EuropeResearchers from ESET unveil the details of a new operation carried on by the Turla cyber espionage group, targeting embassies and consulates in East Europe using a fake Adobe Flash updater.Targeted AttackO Public administration and defence; compulsory social securityCE>1
2909/01/2018?Android UsersResearchers at Trend Micro find in the Google Play Store the first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language.MalwareX IndividualCC>1
3009/01/2018?Single IndividualsMalwarebytes reveal the details of a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising, exploiting the RIG Exploit Kit.MalvertisingX IndividualCC>1
3110/01/2018Pawn Storm AKA Fancy Bear AKA APT28International Olympic CommitteeAPT28 AKA Pawn Storm AKA Fancy Bear publish a set of apparently stolen emails purportedly belong to officials from the International Olympic Committee, the United States Olympic Committee, and third-party groups associated with the organizations.UnknownU Activities of extraterritorial organizations and bodiesCCN/A
3210/01/2018?Android UsersResearchers from Symantec discover a fake Telegram (Teligram) app on the Google Play Store that claims to be a new, updated version of the popular encrypted messenger app, but whose real purpose is to distribute malware.MalwareX IndividualCC>1
3310/01/2018?Russian Bank CustomersResearchers at Trend Micro discover a new mobile malware that primarily targets Russian banking customers, taking over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, The malware is dubbed FakeBank.MalwareX IndividualCCCC
3410/01/2018?Netflix UsersNetflix users are warned to avoid clicking on any suspicious email links after a phishing scam is uncovered by security firm Mailguard, which security experts say is designed to steal credit card details.Account HijackingX IndividualCC>1
3511/01/2018?Unpatched Windows and Linux serversResearchers from Check Point and Certego reveals the details of a new campaign distributing a malware dubbed RubyMiner, turning outdated web servers into Monero miners.MalwareY Multiple IndustriesCC>1
3611/01/2018?German UsersGerman authorities warn about phishing emails trying to take advantage of the Spectre and Meltdown vulnerabilities, promising fake patches and distributing the Smoke Loader malware.MalwareX IndividualCCDE
3711/01/2018?Apple Mac usersPatrick Wardle, a security researcher, discovers OSX MaMi, a new, undetectable strain of malware affecting Apple Macs that can hijack a device's DNS settings and steal victims' personal data.MalwareX IndividualCC>1
3811/01/2018?North Korean defectorsResearchers at McAfee unveil the details of operation Sun Team, a campaign targeting North Korean defectors, along with those who help them, which aims to infect their devices with trojan malware for the purposes of spying on them.MalwareX IndividualCEKP
3911/01/2018?Adams Health NetworkAdams Health Network, which runs Adams Memorial Hospital, confirms that a ransomware attack targeted some of its computer servers.MalwareQ Human health and social work activitiesCCUS
4012/01/2018Pawn Storm AKA Fancy Bear AKA APT28US SenateResearchers from Trend Micro reveal that the state sponsored hackers behind APT28 (AKA Pawn Storm AKA Fancy Bear) targeted the US Senate in mid-2017).Targeted AttackO Public administration and defence; compulsory social securityCEUS
4112/01/2018?Hancock Regional HospitalThe Hancock Regional Hospital, in the state of Indiana, confirms to be running on pen and paper following a SAMSAM ransomware attack, which hit the day prior. The hospital eventually pays up hackers $55,000 to restore control.MalwareQ Human health and social work activitiesCCUS
4212/01/2018?Android UsersResearchers from Check Point reveals the details of 'AdultSwine', a malware displays pornographic advertising on Android applications, found in 60 gaming apps on Google Play and downloaded between three and seven million times.MalwareX IndividualCC>1
4313/01/2018?New Zealand FootballNew Zealand Football says it is investigating a potential hack of its official website after a fake news article popped up "announcing" the resignation of its CEO Andy Martin.DefacementR Arts entertainment and recreationCCNZ
4413/01/2018?BlackWalletAn unidentified thief reportedly steals more than $400,000 in Stellar lumens after hacking the digital wallet provider BlackWallet.DNS HijackingV FintechCCDE
4514/01/2018?Devices powered by ARC CPUsResearchers from infosec group Malware Must Die discover a new variant of the Mirai botnet capable of infecting devices powered by ARC CPUs. The botnet is dubbed "Okiru", which means "wake up" in Japanese.MalwareX IndividualCC>1
4614/01/2018Ayyıldız TimSyed Akbaruddin's Twitter Account @AkbaruddinIndiaThe verified Twitter account of Syed Akbaruddin. India's top diplomat to the United Nations, is briefly taken over by suspected Turkish hackers.Account HijackingX IndividualHIN
4714/01/2018Ayyıldız TimBorge Brende's Twitter Account @borgebrendeThe same hackers also manage to hijack the verified account of Borge Brende, the president of the World Economic Forum and former minister of foreign affairs for Norway.Account HijackingX IndividualHNO
4815/01/2018?OnePlusChinese smartphone manufacturer OnePlus launches an investigation after a number of customers who used its website to purchase products complain of attempted fraud. Few days after (January 19) the company confirms to have been hacked via a malicious script injected into its website, potentially compromising the payment card details of up to 40,000 customers.Malicious ScriptC ManufacturingCCCN
4915/01/2018?Chrome UsersSecurity researchers from ICEBRG find four malicious Chrome extensions available in the Chrome store, laced with suspicious code, and infecting more than 500,000 users across the globe, including workstations within major organizations.Malicious Browser ExtensionX IndividualCC>1
5015/01/2018?Financial Organizations in Latin AmericaResearchers from Trend Micro spot a new variant of the KillDisk disk-wiping malware targeting companies in the financial sector in Latin America.MalwareK Financial and insurance activitiesCC>1
5112/01/2018?Monticello Central Strict DistrictMonticello Central School District warns of a sophisticated e-mail phishing attack occurred on November 1st, 2017. Potentially 2,598 individuals are affected.Account HijackingP EducationCCUS
5216/01/2018Group 123Multiple targets mainly in South KoreaResearchers from Cisco Talos reveal the details of the malicious activities of Group 123, a malicious actor linked to North Korea, author of at least six malicious campaigns focused on South Korean targets.Targeted AttackY Multiple IndustriesCEKR
5316/01/2018?Several Italian IndividualsResearchers from Kaspersky Lab reveal the details of Skygofree, an Android malware, reminiscent of the Hacking Team surveillance malware, targeting some Italian individuals.MalwareX IndividualCEIT
5416/01/2018Ayyıldız TimEric Bolling (@ericbollingTR) and Greta Van Susteren (@greta) Twitter accountsFormer Fox News hosts Eric Bolling and Greta Van Susteren appear to have their Twitter accounts hijacked by a group of suspected Turkish hackers dubbed Ayyıldız Tim.Account HijackingX IndividualCCUS
5516/01/2018?Several cryptocurrency exchanges such as Coinlink.According to the security firm Recorded Future, the notorious North Korean hacking outfit Lazarus Group is behind cyberattacks that targeted South Korean cryptocurrency exchanges and users towards the end of 2017, security researchers have found. However Coinlink denies the claims.Account HijackingV FintechCC>1
5616/01/2018?Singing River Health SystemUnknown attackers try to break into the Singing River Health System’s network.UnknownQ Human health and social work activitiesCCUS
5717/01/2018?Bank Customers in the UK, France and AustraliaSecurity researchers at Forcepoint reveal a new improved version of the financial malware Dridex, targeting victims in the UK, France and Australia and using compromised FTP websites in phishing campaigns.MalwareK Financial and insurance activitiesCC>1
5817/01/2018?Several telecommunications, insurance and financial service firms.Researchers from security firm FireEye reveal a new spam campaign delivering the Zyklon HTTP malware, and exploiting three relatively new Microsoft Office vulnerabilities. The attackers are targeting telecommunications, insurance and financial service firms. The malware comes with a variety of features, like password stealing, keylogging, DDoS and crypto mining.MalwareY Multiple IndustriesCC>1
5917/01/2018?Claymore mining rigsA new variant of the Satori botnet springs back to life, targeting Claymore mining rigs, and replacing the device owner's mining credentials with the attacker's own.MalwareV FintechCC>1
6017/01/2018?Single IndividualsNecurs, the world's largest spam botnet, is back on track, sending millions of spam emails that push an obscure cryptocurrency named Swisscoin, used for Multi-Level-Marketing (MLM) Ponzi scheme.MalwareX IndividualCC>1
6118/01/2018Dark CaracalVictims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors in 21 different countriesSecurity researchers from digital rights organization Electronic Frontier Foundation and security firm Lookout reveal a long lasting campaign allegedly carried on by attackers tied to the Lebanese government, able to steal hundreds of gigabytes from thousands of victims all over the world. The group is dubbed Dark Caracal.Targeted AttackY Multiple IndustriesCE>1
6218/01/2018?Android UsersGoogle removes 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam, active since April 2017, that could steal Facebook credentials and push ads to infected phones.MalwareY Multiple IndustriesCC>1
6318/01/2018?AllscriptsA ransomware attack takes down some of the applications used by Allscripts.MalwareJ Information and communicationCCUS
6418/01/2018?Questar AssessmentA data breach at the company that develops New York State’s third-through-eighth grade reading and math tests allows an unauthorized user to access information about 52 students. Also students in another state are affected, but the company does not provide further details.UnknownJ Information and communicationCCUS
6519/01/2018?IOTAMalicious websites used to generate password details for the fintech network IOTA (online seed generators) are reportedly to blame for the theft of nearly $4m (£2.9m) from users' digital wallets.Account HijackingV FintechCC>1
6619/01/2018?Electronic Gas StationsRussian authorities identify a distributed malware campaign targeting electronic gas stations using software programs at the pumps. Dozens of gas stations have been attacked with customers paying more for fuel (around 3 to 7% increment per gallon).MalwareD Electricity gas steam and air conditioning supplyCCRU
6719/01/2018?Westminster Ingleside King Farm Presbyterian Retirement CommunitiesWestminster Ingleside King Farm Presbyterian Retirement Communities notifies 5,228 Residents of a malware attack occurred on November 21, 2017MalwareP EducationCCUS
6819/01/2018?Charlotte Housing Authority341 employees of the Charlotte Housing Authority have their W-2 forms compromised after scammers sent CHA staffers an e-mail pretending to be from CEO.Account HijackingO Public administration and defence, compulsory social securityCCUS
6921/01/2018?Android UsersSecurity researchers at Russian cybersecurity company Dr.Web discover a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks. The malware is dubbed Android.RemoteCode.127.origin and has been downloaded more than 4,000,000 times.MalwareX IndividualCC>1
7022/01/2018?Fire and Fury ReadersResearchers spot a copy of Michael Wolff’s book Fire and Fury infected with malware.MalwareX IndividualCCUS
7122/01/2018Ayyıldız TimDavid Clarke Jr. Twitter AccountThe Turkish Cyber Army hacking group strikes again and hijacks the Twitter account of vocal Donald Trump supporter and ex-Milwaukee County Sheriff David Clarke Jr.Account HijackingX IndividualCCUS
7222/01/2018?Charissa ThompsonFox Sports host Charissa Thompson is the latest celebrity whose nude photos are stolen by hackers and then published online as part of The Fappening scandal.Account HijackingX IndividualCCUS
7322/01/2018?Apache ServersResearchers from Trend Micro report a significant increase in the use of Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) vulnerabilities to implant Monero miners.Apache Struts VulnerabilitiesY Multiple IndustriesCC>1
7423/01/2018?Bell CanadaPolice are investigating a new data breach at Bell Canada (the second in eight months), which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses of up to 100,000 users.UnknownJ Information and communicationCCCA
7523/01/2018?MetrolinxOntario transit agency Metrolinx says it was the target of a cyberattack that originated in North Korea, but no personal information was compromised.UnknownH Transportation and storageCECA
7623/01/2018?220,000 Malaysian organ donors.Another data breach in Malaysia. A technology forum publishes details of a trove of data which includes the personal information of more than 220,000 organ donors.UnknownQ Human health and social work activitiesCCMY
7723/01/2018Nexus ZetaIoT Devices WorldwideAccording to a new report by Newsky Security, the author of the infamous Satori IoT botnet has created two new variants of the predecessor Mirai, called Masuta and PureMasuta.MalwareX IndividualCC>1
7823/01/2018?Turkish Defense ContractorsAccording to RiskIQ, an unknown actor purporting to be from the tax collection arm of the Turkish government is carrying out spear-phishing campaigns against Turkish defense contractors, using a RAT called Remcos.Targeted AttackO Public administration and defence, compulsory social securityCETR
7923/01/2018?Twitter UsersResearchers from Malwarebytes reveal a fresh malware campaign spreading via a spamming Twitter accounts.MalwareX IndividualCC>1
8023/01/2018?National Stores, Inc.National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.MalwareG Wholesale and retail tradeCCUS
8123/01/2018?Unnamed company in GreenbayUnknown hackers use a known vulnerability to get into a company’s computer system, stealing personal information from human resources files, and then using that to steal what police call “significant amounts” of money from several people.Undisclosed vulnerabilityZ UnknownCCUS
8224/01/2018?Single IndividualsResearchers from Sucuri reveal a new campaign targeting more than 2,000 compromised websites and aimed to both mine Monero and stealing the users credentials.Malicious Script InjectionX IndividualCC>1
8324/01/2018?Harris CountyHarrys County lose almost $900K in a phishing scam. The attack dates back to September 2017.Account HijackingO Public administration and defence, compulsory social securityCCUS
8424/01/2018?Victims based primarily in Thailand, Vietnam and EgyptResearchers from Palo Alto Networks discover A newly discover a malicious URL redirection campaign that infects users with the XMRig Monero cryptocurrency miner. The campaign has already victimized users between 15 and 30 million times.MalvertisingX IndividualCC>1
8524/01/2018?IoT Devices WorldwideBitdefender researchers uncover an emerging IoT botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot is dubbed Hide 'N Seek (HNS)MalwareX IndividualCC>1
8624/01/2018?5 universities, 23 private companies and several government organizations.Security researchers from Comodo spot a new strain of sophisticated malware, dubbed Lebal, targeting a number of high-profile entities, including five universities, 23 private companies and several government organizations.Targeted AttackY Multiple IndustriesCC>1
8725/01/2018?Single IndividualsResearchers from Crowdstrike discover a new strain of malware that uses the National Security Agency's EternalBlue exploit to hijack computers and secretly mine cryptocurrency. The malware is dubbed WannaMine.MalwareX IndividualCC>1
8825/01/2018?Single IndividualsA new ransomware called MoneroPay is discovered that tries to take advantage of the cryptocurrency craze by spreading itself as a wallet for a fake coin called SpriteCoin.MalwareX IndividualCC>1
8925/01/2018OilRig8 Middle Eastern government organizations, as well as one financial and one educational institution.Researchers from Palo Alto Networks reveal a new operation of the Iran-linked cyber-espionage group tracked as OilRig, carried on using a backdoor dubbed RGDoor to target Internet Information Services (IIS) Web servers.Targeted AttackY Multiple IndustriesCE>1
9026/01/2018?Financial Organizations in Latin AmericaNCR sends an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States. Sources say the malware behind the attack is Ploutus.D.MalwareK Financial and insurance activitiesCCUS
9126/01/2018?YouTube UsersYouTube is caught displaying ads that covertly use visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers.Malicious Script InjectionX IndividualCC>1
9226/01/2018?CoincheckJapanese cryptocurrency exchange Coincheck confirms that some $524 million worth of digital coins (a cryptocurrency called NEM) has been stolen—likely making it the largest single hack on an exchange.UnknownV FintechCCJP
9326/01/2018?Users in the Middle EastSecurity researchers from Palo Alto Networks detect a fresh wave of attacks targeting users in the Middle East. Attackers use Arabic language documents related to current political events to download and run malicious malware. The campaign is called 'TopHat' and makes use of a malware dubbed 'Scote'.Targeted AttackX IndividualCE>1
9426/01/2018?Chrome UsersTrend Micro publishes a list of malicious Chrome extensions making use of a recently discovered technique called "Session Replay" attack.Malicious ExtensionX IndividualCC>1
9526/01/2018?phpBBAn unknown attacker compromises download links for the phpBB forum software, according to a statement released today by the phpBB development team.UnknownJ Information and communicationCCN/A
9627/01/2018?ABN AmbroABN Ambro is the victim of a sustained DDoS attack. The wave of cyberattacks comes just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.DDoSK Financial and insurance activitiesCWNL
9727/01/2018?INGDuring the same weekend, also ING is targeted.DDoSK Financial and insurance activitiesCWNL
9828/01/2018?ExpertyA hacker tricks Experty ICO participants into sending Ethereum funds to the wrong wallet address. He is able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications. The bounty amounts to $150,000 worth of Ethereum.Account HijackingV FintechCCCH
9928/01/2018?Ontario Progressive Conservative PartyThe Ontario Progressive Conservative Party’s internal database is locked up by a ransomware attack in early November. The incident is first being acknowledged now.MalwareQ Human health and social work activitiesCCCA
10029/01/2018?RabobankRabobank is the third of the big Dutch banks to be targeted by a DDoS attack.DDoSK Financial and insurance activitiesCWNL
10129/01/2018?Dutch tax authorityThe Dutch Tax Authority is also taken down by a DDoS attack.DDoSO Public administration and defence, compulsory social securityCWNL
10229/01/2018?DigIDThe Dutch official online signature system DigID is also reportedly hit by the same wave of DDoS attacks.DDoSO Public administration and defence, compulsory social securityCWNL
10329/01/2018Suspected malicious actor tied to PakistanAndroid Users in IndiaSecurity researchers from Trend Micro unveil the details o a cyber espionage campaign targeting Android users in India, using the PoriewSpy and Droid.jack malware.MalwareX IndividualCEIN
10429/01/2018?Ransomware victimsThe operators of at least one Tor proxy service are caught replacing Bitcoin addresses on ransomware payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators. In this way the victims are damaged twice.Tor Traffic HijackingX IndividualCC>1
10529/01/2018?Chester County School DistrictChester County School District posts on its Facebook page that ransomware hit the district’s servers over the weekend.MalwareP EducationCCUS
10630/01/2018?Ukrainian IndividualsResearchers from Palo Alto Networks uncovered a two-year-old cyber espionage campaign that's been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.Targeted AttackX IndividualCEUA
10730/01/2018?ABN AmbroABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.DDoSK Financial and insurance activitiesCCRU
10830/01/2018?INGAnd during the same wave of DDoS attacks, also ING is targeted (once again).DDoSK Financial and insurance activitiesCCRU
10930/01/2018?Single IndividualsSecurity researchers from Malwarebytes uncover a new strain of ransomware called GandCrab that is being distributed through two separate exploit kits: the RIG EK and GrandSoft EK.MalwareX IndividualCC>1
11030/01/2018?Spartanburg Public LibraryThe Spartanburg Public Library system is shut down after it is hit with a ransomware attack.MalwareP EducationCCRU
11131/01/2018?More than 526,000 infected Windows hostsResearchers from Proofpoint reveal the details of the Smominru botnet. A Monero miner, active since May 2017, exploiting the Eternal Blue (CVE-2017-0144) and EsteemAudit (CVE-2017-0176) vulnerabilities to spread.MalwareX IndividualCC>1
11231/01/2018?Users participating to the ICO of the Bee Token Crypto CurrencyUsers who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.Account HijackingV FintechCCUS
11331/01/2018?GoGetCar-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.UnknownH Transportation and storageCCAU
11431/01/2018?Firefox UsersA Firefox extension called Image Previewer is discovered, injecting a Monero in-browser miner into Firefox. While we have seen numerous Chrome.Malicious ExtensionX IndividualCC>1
11531/01/2018North KoreaSouth KoreaSouth Korea’s Internet & Security Agency (KISA) warns of a Flash zero-day vulnerability (CVE-2018-4878) reportedly exploited in attacks by North Korea’s hackers.Targeted AttackX IndividualCEKR
11601/02/2018?Single IndividualsThe FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam.Account HijackingX IndividualCC>1
11701/02/2018Iron TigerInstitutions in the government, technology, education and telecommunications sector in Asia and the US.Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.Targeted AttackY Multiple IndustriesCE>1
11801/02/2018?Google Chrome UsersSecurity researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."MalwareX IndividualCC>1
11901/02/2018?IoT DevicesResearchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-2017–17215).VulnerabilityX IndividualCC>1
12001/02/2018?City of Pittsburg in KansasThe City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.Account HijackingO Public administration and defence, compulsory social securityCCUS
12101/02/2018?HORNE LLPHORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.Account HijackingK Financial and insurance activitiesCCUS
12201/02/2018?City of BataviaThe city of Batavia reports employees’ personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings.Account HijackingO Public administration and defence, compulsory social securityCCUS
12301/02/2018?Kinetics SystemsKinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.Account HijackingC ManufacturingCCUS
12401/02/2018?Purchase Line School DistrictThe Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.Account HijackingP EducationCCUS
12501/02/2018?Coastal Cape Fear Eye AssociatesCoastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients.MalwareQ Human health and social work activitiesCCUS
12601/02/2018?AperioAperio informs of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts.Account HijackingK Financial and insurance activitiesCCUS
12702/02/2018?Redis and OrientDB serversResearchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution.Brute Force/Remote Code Execution VulnerabilityX IndividualCC>1
12802/02/2018?Mac UsersResearchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications.MalwareX IndividualCC>1
12902/02/2018?Ron’s Pharmacy ServicesRon’s Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron’s Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017.Account HijackingG Wholesale and retail tradeCCUS
13003/02/2018?Android UsersResearchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner.MalwareX IndividualCC>1
13104/02/2018?Reddit UsersSecurity Researcher Alec Muffett discovers a clone of the popular social news aggregation and discussion site Reddit on the reddit.co domain.Account HijackingX IndividualCC>1
13204/02/2018?City of KeokukThe City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a “criminal phishing email.”Account HijackingO Public administration and defence, compulsory social securityCCUS
13305/02/2018?Waldo CountyA phishing attack compromised the information of 100 Waldo County employeesAccount HijackingO Public administration and defence, compulsory social securityCCUS
13405/02/2018?City of KeokukThe city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.Account HijackingO Public administration and defence, compulsory social securityCCUS
13505/02/2018?Partners HealthCare SystemPartners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients’ information.MalwareQ Human health and social work activitiesCCUS
13605/02/2018?University of Northern ColoradoThe private information of 12 University of Northern Colorado employees is compromised lafter an “unknown person or group” accessed their profiles on Ursa, UNC’s online portal.UnknownP EducationCCUS
13706/02/2018Hidden Cobra, aka Lazarus GroupMultiple TargetsThe Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server.Targeted AttackY Multiple IndustriesCE>1
13806/02/2018AnonPlusItalian Democratic Party (PD)The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.UnknownU Activities of extraterritorial organizations and bodiesHIT
13906/02/2018AnonPlusProvince of MilanThe same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy.SQLiO Public administration and defence, compulsory social securityHIT
14007/02/2018?SwisscomSwisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers.Account HijackingJ Information and communicationCCCH
14107/02/2018?The Sacramento BeeThe Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper.MalwareJ Information and communicationCCUS
14207/02/2018?Nova PoshtaPersonal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web.UnknownS Other service activitiesCCUA
14307/02/2018?City of EnumclawThe city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees.Account HijackingO Public administration and defence, compulsory social securityCCUS
14407/02/2018?Twitter UsersOnline scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways."Fake Twitter AccountsX IndividualCC>1
14507/02/2018?Targets in Middle EastResearchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region.Targeted AttackY Multiple IndustriesCE>1
14607/02/2018?Business WirePress release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week.DDoSJ Information and communicationCCUS
14707/02/2018?Smith DentalSmith Dental notifies of a ransomware attack affecting 1,500 patients.MalwareQ Human health and social work activitiesCCUS
14808/02/2018?Undisclosed Water Utility CompanyResearchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency,MalwareE Water supply, sewerage waste management, and remediation activitiesCCN/A
14908/02/2018?Decatur County General HospitalDecatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware.MalwareQ Human health and social work activitiesCCUS
15008/02/2018?Single IndividualsResearchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware.MalwareX IndividualCC>1
15108/02/2018?Mikaela HooverThe Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim.Account HijackingX IndividualCCUS
15208/02/2018?Multiple TargetsResearchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server.PoS MalwareY Multiple IndustriesCC>1
15308/02/2018?Cisco ASA UsersFive days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability."Cisco ASA VulnerabilityY Multiple IndustriesCC>1
15408/02/2018?Single IndividualsA new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.MalwareX IndividualCC>1
15509/02/2018?Single IndividualsA new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran.MalwareX IndividualCC>1
15610/02/2018Vietnamese HackerNewtek Business Services Corp.,Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend.DNS HijackingJ Information and communicationCCUS
15710/02/2018?BitGrailItalian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months.UnknownV FintechCCIT
15811/02/2018?Pyeongchang Winter OlympicsPyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems.Targeted AttackU Activities of extraterritorial organizations and bodiesCWKR
15911/02/2018?4,275 sites4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.Malicious ScriptY Multiple IndustriesCC>1
16012/02/2018?Wordpress WebsitesTwo malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page.Wordpress Malicious PluginsX IndividualCC>1
16112/02/2018?Android UsersMalwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency.Drive-ByX IndividualCC>1
16212/02/2018Hidden Cobra, aka Lazarus GroupBitcoin users and global financial organizations.Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations.Targeted AttackK Financial and insurance activitiesCC>1
16312/02/2018?Single IndividualsA new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service.MalwareX IndividualCC>1
16412/02/2018?Single IndividualsResearchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentine’s Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks.MalwareX IndividualCC>1
16512/02/2018?Idaho Transportation Department (ITD)A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified.Account HijackingO Public administration and defence, compulsory social securityCCUS
16612/02/2018?EntergyEntergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data.UnknownD Electricity gas steam and air conditioning supplyCCUS
16713/02/2018?Telegram UsersResearchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily).Zero-Day Vulnerability in TelegramX IndividualCC>1
16813/02/2018?Android UsersResearchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016.MalwareX IndividualCC>1
16913/02/2018?Military personnel and businessmen, among others, in various South Asian countriesValentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps.Targeted AttackX IndividualCE>1
17013/02/2018?Vulnerable FirewallsResearchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-2015–7755 and CVE-2016–10401 to bypass respectively Juniper and Zyxel firewalls.MalwareY Multiple IndustriesCC>1
17113/02/2018?Advertisement Screen in LondonAnd the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner.MalwareZ UnknownCCUK
17214/02/2018?Staybridge Suites Lexington HotelThe Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.PoS MalwareR Arts entertainment and recreationCCUS
17314/02/2018?Single IndividualsResearchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro.MalwareX IndividualCC>1
17414/02/2018?Single IndividualsA Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder.SEO PoisoningX IndividualCC>1
17514/02/2018?Bitmessage usersMaintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.Zero-Day Vulnerability in BitmessageX IndividualCC>1
17614/02/2018?AtosReports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics.Targeted AttackJ Information and communicationCEFR
17714/02/2018?Western UnionWestern Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storageUnknownK Financial and insurance activitiesCCUS
17815/02/2018?Jenkins CI ServersResearchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are ableMalwareY Multiple IndustriesCC>1
17915/02/2018?Retina-X StudiosA vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products.UnknownJ Information and communicationCCUS
18015/02/2018GOLD LOWELLMultiple TargetsResearchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks.MalwareY Multiple IndustriesCCUS
18115/02/2018?Single IndividualsResearchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins.MalwareX IndividualCC>1
18213/02/2018?US TaxpayersThe Internal Revenue Service warns taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts.Account HijackingX IndividualCCUS
18313/02/2018?City of AllentownThe city of Allentown is hit by the Emotet Trojan. The City believes that the cost of remediation is closeto$1 million.MalwareO Public administration and defence, compulsory social securityCCUS
18413/02/2018?City of SavannahThe city of Savannah is in recovery mode after being hit by a malware attack when a city worker most likely opened a malicious email.MalwareO Public administration and defence, compulsory social securityCCUS
18514/02/2018?poorly secured Linux serversAccording to researchers from GoSecure, attacks are launching SSH brute-force attacks on poorly secured Linux servers to deploy a backdoor dubbed Chaos backdoorBrute-ForceY Multiple IndustriesCC>1
18616/02/2018?Unnamed Russian BankThe Russian Central Bank reveals that unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system.UnknownK Financial and insurance activitiesCCRU
18716/02/2018?Snapchat UsersDetails emerge on a phishing attack occurred on July 2017 able to score credentials for 50,000 Snapchat users.Account HijackingX IndividualCC>1
18816/02/2018rmsrfRoomsurfRoomsurf notifies his users of a data breach in which the attacker has been able to obtain usernames, phone numbers, and email addresses.UnknownI Accommodation and food service activitiesCCUS
18916/02/2018?Davidson CountyThe Davidson County computers are hit by an unspecified ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
19016/02/2018?Jemison Internal MedicineJemison Internal Medicine notifies 6,550 patients of a ransomware attack. However the investigation reveals that the systems had already been compromised.MalwareQ Human health and social work activitiesCCUS
19116/02/2018?Laufer Group InternationalLaufer Group International is the victim of a W-2 scam.Account HijackingN Administrative and support service activitiesCCUS
19216/02/2018?White and Bright Family DentalWhite and Bright Family Dental notifies patients of a hack occurred on January 30 2018.UnknownQ Human health and social work activitiesCCUS
19317/02/2018?Mac UsersResearchers from Digita Security warn users about the Coldroot remote access Trojan that is going undetected by AV engines since more than one year and targets MacOS computers.MalwareX IndividualCC>1
19418/02/2018?India’s City Union BankIndia’s City Union Bank reveals that cyber criminals have been able to hack its systems and transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.UnknownK Financial and insurance activitiesCCIN
19518/02/2018Flight Sim Labs (FSLabs)Microsoft Flight Simulator PlayersMod developer Flight Sim Labs (FSLabs) has been accused of embedding malware in its flight simulation add-ons to steal pirates' Chrome passwords.MalwareX IndividualCC>1
19619/02/2018?Blac ChynaAmerican model and entrepreneur Blac Chyna falls victim of The Fappening, having intimate content posted online.Account HijackingX IndividualCCUS
19720/02/2018?TeslaResearchers at security firm RedLock say hackers accessed one of Tesla's Amazon cloud accounts and used it to run currency-mining software. The breach started with a Kubernetes console left exposed.Account HijackingC ManufacturingCCUS
19820/02/2018APT37 AKA ReaperMultiple TargetsSecurity Firm FireEye reveals the details of a lesser-known North Korean cyberespionage group targeting Korean Peninsula, Japan, Vietnam and the Middle East in 2017.Targeted AttackY Multiple IndustriesCE>1
19920/02/2018?The Colorado Department of Transportation (CDOT)CDOT is hit with a ransomware attack, attributed to SamSam, which forces the organization to shut down 2,000 computers.MalwareO Public administration and defence, compulsory social securityCCUS
20020/02/2018?Los Angeles TimesTroy Mursch, a security researcher at Bad Packets Report, finds cryptojacking code hidden (based on Coinhive) on the Los Angeles Times’ interactive Homicide Report webpage.Malicious Script InjectionJ Information and communicationCCUS
20120/02/2018?HardwareZone (HWZ) Forum websiteThe HardwareZone (HWZ) Forum website is hacked and approximately 685,000 user profiles are affected. A senior moderator’s account has been compromised by an unidentified hacker, and used to access the user profiles since September 2017.Account HijackingJ Information and communicationCCSG
20220/02/2018APT28 AKA Fancy BearMultiple Targets in Middle East and AsiaResearchers from Kaspersky Lab publish a new report highlighting a shift in the activities of the infamous APT28 from Nato and Ukraine to Middle East and Central Asia.Targeted AttackY Multiple IndustriesCE>1
20321/02/2018?Facebook UsersResearchers at Avast report a sophisticated campaign in which attackers use Facebook and Facebook messenger to trick users into installing a highly sophisticated Android spyware. The operation is dubbed Tempting Cedar.MalwareX IndividualCC>1
20421/02/2018?SWIFTIT security researchers at Comodo Labs discover a new phishing scam targeting SWIFT financial messaging service. The scam does not only aim at stealing banking credentials but also infects victims computers with the Adwind RAT.Account HijackingK Financial and insurance activitiesCC>1
20521/02/2018Attackers of likely Nigerian originMultiple Fortune 500 companiesResearchers from IBM X-Force uncover an active Business Email Compromise campaign targeting multiple Fortune 500 companies.Account HijackingY Multiple IndustriesCC>1
20621/02/2018?IoT and networking equipmentSecurity researchers from Fortinet spot a new variant of the Mirai malware (dubbed Mirai OMG) that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.MalwareY Multiple IndustriesCC>1
20721/02/2018?University of Virginia Health System (uvahealth.com)The University of Virginia Health System notifies almost 2,000 patients that their health records may have been exposed when an unauthorized third party implanted malware on a staffer's computer active between May 2015 and December 2016.MalwareQ Human health and social work activitiesCCUS
20821/02/2018?ASCDASCD is the victim of a W-2 scam.Account HijackingQ Human health and social work activitiesCCUS
20922/02/2018?The Los Angeles PhilharmonicThe Los Angeles Philharmonic falls victim to a cyberattack that results in the theft of W-2 information for everyone that worked there in 2017. The security beach happened as the result of a "spear phishing" attack.Account HijackingR Arts entertainment and recreationCCUS
21022/02/2018LulzSecITAMatteo Salvini BlogThe Italian elections are approaching, so Hacktivists from the collective LulzSecITA hack the blog of Matteo Salvini, the leader of right-wind Italian party "La Lega" and dump 70,000 emails.UnknownS Other service activitiesHIT
21122/02/2018?University of AlaskaDozens of current and former employees and students of the University of Alaska are unable to access their Alaska.edu accounts. According to the investigation, user passwords have been changed by a third party.Account HijackingP EducationCCUS
21222/02/2018?MobistealthA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCCUS
21322/02/2018?Spy Master ProA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCCUS
21422/02/2018?Curtis LumberCurtis Lumber is the victim of a spear phishing attackAccount HijackingG Wholesale and retail tradeCCUS
21522/02/2018?Punjab National Bank (PNB)10,000 Credit Cards details from Punjab National Bank are leaked in the dark web.UnknownK Financial and insurance activitiesCCIN
21622/02/2018?Harper’s MagazineHarper’s Magazine, the monthly longform journalism and essay publication, warns subscribers that their passwords may have been stolen by hackers.UnknownJ Information and communicationCCUS
21723/02/2018?About one dozen Connecticut government agenciesAbout one dozen Connecticut government agencies are hit with what one published report says is a WannaCry attack that knocks about 160 computers offline.MalwareO Public administration and defence, compulsory social securityCCUS
21823/02/2018OilRig APTAn insurance agency and a financial institution in the Middle EastResearchers from Palo Alto Networks reveal that the Iran-linked OilRig APT group is now using a new Trojan called OopsIE in recent attacks against an insurance agency and a financial institution in the Middle East.Targeted AttackK Financial and insurance activitiesCEN/A
21923/02/2018?Chinese WebsitesResearchers from Malwarebytes unveil the details of a drive-by attack targeting Chinese websites, and dropping an updated version of the Avzhan DDoS bot.MalwareY Multiple IndustriesCCCN
22023/02/2018?Children’s Aid Society of Oxford County Family and Children’s Services of Lanark, Leeds and GrenvilleTwo Ontario children’s aid societies are hit by Ransomware.MalwareQ Human health and social work activitiesCCCA
22124/02/2018AnonymousMatteo Salvini Facebook PageAnd after the personal blog, hacktivists from Anonymous also deface Matteo Salvini's blog page.DefacementS Other service activitiesHIT
22224/02/2018?Teesside UniversityStudents at Teesside University are warned about a possible email security breach and urged to reset their university password.UnknownP EducationCCUS
22324/02/2018?Wallace Community College SelmaPersonal and financial information of current and former employees of Wallace Community College Selma is leaked through a phishing scam.Account HijackingP EducationCCUS
22424/02/2018?Single IndividualsAccording to security researchers from Qihoo 360 Netlab, an advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves since December 2017.Malicious Script InjectionX IndividualCC>1
22525/02/2018?Jorgie PorterEnglish actress and model Jorgie Porter is the latest victim of The Fappening hackers, who manage to steal her intimate pictures and videos and post them online.Account HijackingX IndividualCCUK
22625/02/2018AnonymousSome Ohio State WebsitesIn name of #opUSA, hacktivists from the Anonymous collective take down some Ohio State websites.DDoSO Public administration and defence, compulsory social securityHUS
22725/02/2018?Inland Revenue DepartmentThousands of Inland Revenue files are locked up after New Zealand’s tax department becomes the target of a Cryptolocker attack in November.MalwareO Public administration and defence, compulsory social securityCCNZ
22826/02/2018Deep PandaSome UK think tanksCrowdstrike reveals that some UK think tanks specializing in international security were hacked by China-based group 'Deep Panda' beginning in April 2017.Targeted AttackM Professional scientific and technical activitiesCEUK
22926/02/2018?Four British SchoolsHackers break into CCTV systems of at least four British schools and stream footage of pupils live on the internet.UnknownP EducationCCUK
23026/02/2018?Porsche JapanThe Japanese arm of Porsche says more than 28,000 email addresses have been leaked via a hack.UnknownC ManufacturingCCJP
23126/02/2018?Vulnerable Oracle WebLogic ServersSecurity researchers from Trend Micro uncover a new campaign, which involves hackers exploiting an Oracle server vulnerability (an Oracle WebLogic WLS-WSAT flaw CVE-2017-10271) to deliver two cryptominers: a 64-bit variant and a 32-bit variant of the XMRig Monero miner.MalwareY Multiple IndustriesCC>1
23226/02/2018Hackers with connections to IranUnnamed Australian UniversitiesAustralian universities have been targeted by hackers with connections to Iran in recent months, and "a number of investigations" are in progress, according to cybersecurity firm Crowdstrike.Targeted AttackP EducationCEAU
23326/02/2018?Travel CorporationTravel Corporation falls victim of a W-2 Scam.Account HijackingR Arts entertainment and recreationCCUS
23426/02/2018?U.S. Residents in 20 statesAccording to federal court documents, russian hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million.MalwareX IndividualCCUS
23527/02/2018?Android UsersSecurity Firm Wandera reveals the details of RedDrop, a sophisticated strain of mobile malware targeting Android devices can extract sensitive data and audio recordings, run up premium SMS charges and then tries to extort money from victims.MalwareX IndividualCC>1
23627/02/2018?Single IndividualsResearcher from cybersecurity firm Morphisec reveal the details of a new campaign carried on via spam messages delivering a malicious Word document. The document attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) to let the attackers take control of the infected machines.MalwareX IndividualCC>1
23727/02/2018?Wordpress, Joomla and CodeIgniter websitesSecurity researchers from SiteLock warn WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware creates backdoors on vulnerable websites. The malware has been found on over 800 sites.MalwareY Multiple IndustriesCC>1
23827/02/2018?Tim HortonsA computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.MalwareI Accommodation and food service activitiesCCCA
23927/02/2018?FastHealthFastHealth reveals that in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.UnknownQ Human health and social work activitiesCCUS
24028/02/2018?Financial Services Information Sharing and Analysis Center (FS-ISAC)The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.Account HijackingU Activities of extraterritorial organizations and bodiesCCUS
24128/02/2018APT28 AKA Fancy BearVarious German government agenciesAccording to a report issued by the German news agency dpa, malicious actors from APT28 AKA Fancy Bear infiltrated several German government agencies for more than a year.Targeted AttackO Public administration and defence, compulsory social securityCEDE
24228/02/2018APT28 AKA Fancy BearUndisclosed North American and European foreign ministry agencyAnd nearly in contemporary, researchers from Palo Alto Networks reveal that the same attackers from APT28 targeted a North American and European foreign ministry agency.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
24328/02/2018?GitHubGitHub suvives the largest DDoS attack recorded (so far), reching a stunning 1.35 terabits/sec. leveraging memcached servers.DDoSJ Information and communicationCCUS
24428/02/2018?Undiclosed Brazilian public sector management school.Researchers from Cisco Talos identify two different versions of a RAT, dubbed CannibalRAT, written entirely in Python, impacting users of a Brazilian public sector management school.Targeted AttackP EducationCCBR
24528/02/2018ChaferEntities across the Middle EastResearchers from Symantec reveal the detalils of an Iranian hacking outfit, dubbed Chafer, previously focused on domestic surveillance, expanding its scope and cyber arsenal to target entities across the Middle East.Targeted AttackY Multiple IndustriesCC>1
24628/02/2018?Single IndividualsResearchers from Malwarebytes reveal the details of a malvertising campaign using decoy websites pushing cryptocurrencies and to redirect users to the RIG exploit kit.MalvertisingX IndividualCC>1
24728/02/2018?rTorrent Client usersResearchers from F5 detect an attack actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability on XML-RPC for deploying a Monero (XMR) crypto-miner operation.MalwareX IndividualCC>1
24828/02/2018?Single IndividualsA bulk breach dump is discovered totaling over 3.4 billion credentials.UnknownX IndividualCC>1
24901/03/2018?NIS AmericaJapanese gaming developer Nippon Ichi Software reveals that its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. The breach, due to malware implanted in the checkout page, took place sometime between 23 January and 26 February.MalwareR Arts entertainment and recreationCCUS
25001/03/2018?FS-ISACThe Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.Account HijackingS Other service activitiesCCUS
25101/03/2018?Hope HicksHope Hicks tells the House Intelligence Committee that one of her email accounts was hacked, according to people who were present for her testimony in the panel's Russia probe.Account HijackingX IndividualCEUS
25201/03/2018?ASI Constructors, Inc.ASI Constructors, Inc. reveals to have suffered a phishing attack targeting employees' 2017 W-2 forms. The attack occurred on January 31, 2018.Account HijackingC ManufacturingCCUS
25301/03/2018?Greyhealth GroupGreyhealth Group reveals to have suffered a phishing attack compromising the personal information of 683 individuals.Account HijackingQ Human health and social work activitiesCCUS
25401/03/2018?Scottsboro City Board of EducationThe Payroll Department of the Scottsboro City Board of Education falls victim of a phishing scam. The attackers requested W-2 information from all employees.Account HijackingP EducationCCUS
25501/03/2018?Rockdale Independent School DistrictAn email phishing scheme causes several Rockdale ISD employees' taxes to be falsely filed and compromises confidential tax information for all employees.Account HijackingP EducationCCUS
25601/03/2018?b-tor[.]ru UsersResearchers from Palo Alto Networks discover a Russian BitTorrent Site distributing a Monero Miner.MalwareX IndividualCCRU
25701/03/2018?Colorado Department of Transportation (CDOT)For the second time in two weeks, the computers at the Colorado Department of Transportation Agency shut down 2,000 computers after a ransomware infection.MalwareO Public administration and defence, compulsory social securityCCUS
25801/03/2018?Primary Health CarePrimary Health Care notifies patients after discovering hack of employee email accounts.Account HijackingQ Human health and social work activitiesCCUS
25902/03/2018?Android Phone BuyersSecurity Firm Dr.Web publishes a list of 42 Android phones sold already infected with the Triada banking trojan.MalwareY Multiple IndustriesCC>1
26002/03/2018?160 Applebee’s RestaurantsRMH Franchise Holdings reveals that PoS systems at the Applebee’s network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018.PoS MalwareI Accommodation and food service activitiesCCUS
26102/03/2018?Humanitarian Aid GroupsMcAfee uncovers Operation Honeybee, a malicious document campaign targeting Humanitarian Aid Groups, using North Korean political topics as bait.Targeted AttackY Multiple IndustriesCE>1
26202/03/2018?St. Peter's Surgery & Endoscopy CenterSt. Peter's Surgery & Endoscopy Center reveal that hackers potentially compromised medical records of about 135,000 patients earlier this year.MalwareQ Human health and social work activitiesCCUS
26304/03/2018Peter Andre and wife Emily MacDonaghThe intimate photos of singer Peter Andre and wife Emily MacDonagh have reportedly been stolen and published online as part of a new episode from the Fappening saga.Account HijackingX IndividualCCUK
26405/03/2017?Unidentified US Service ProviderFew days after GitHub suffered a massive 1.3 Tbps DDoS attack, Arbor Networks unveil the details of a new record DDoS attack that clocked at 1.7 Tbps. The attack was aimed at a yet-to-be-identified "US service provider."DDoSJ Information and communicationCCUS
26505/03/2017?Single IndividualsResearchers from Palo Alto Networks and Proofpoint discover a new malware, dubbed Combojack, that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.MalwareX IndividualCC>1
26605/03/2017?Single IndividualsA new report from Kaspersky Lab reveals that one cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware.MalwareX IndividualCC>1
26705/03/2017?ABC Bus Companies, Inc.An employee falls victim of a phising email and delivers to the attacker the personal information of ABC employees.Account HijackingH Transportation and storageCCUS
26806/03/2017?Single IndividualsResearchers from Cisco Talos reveal a surge of campaigns distributing the Gozi ISFB financial malware.MalwareK Financial and insurance activitiesCC>1
26906/03/2017?Flexible Benefit Service CorporationFlexible Benefit Service Corporation notifies 5,123 of a phishing incident occurred on February 16.Account HijackingK Financial and insurance activitiesCCUS
27007/03/2018?BinanceA large scale phishing campaign causes a massive unauthorized cryptocurrency sell-off activity for the users of Binance, a Chinese cryptocurrency trader.Account HijackingV FintechCCCN
27107/03/2018?Individuals in Russia, Turkey and UkraineMicrosoft says to have discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner. In total more than 400,000 instances were recorded: 73 percent, hitting Russians with Turkey,18 percent, and the Ukraine 4 percent being the other main targets. The attack was carried on via an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary.MalwareX IndividualCC>1
27207/03/2018?Pinelands Regional School DistrictThe Pinelands Regional School District is hit by the Emotet malware.MalwareP EducationCCUS
27308/03/2018?Italian Ministry of EducationThe Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses.UnknownO Public administration and defence, compulsory social securityHIT
27408/03/2018Hidden CobraSeveral Financial Turkish InstitutionsResearchers from McAfee reveal that the reputed state-sponsored North Korean hacking group Hidden Cobra has once again been fingered in a malware attack against financial organizations, this time apparently targeting Turkish institutions in a spear phishing campaign in early March, leveraging CVE-2018-4878.Targeted AttackK Financial and insurance activitiesCETR
27508/03/2018?Misconfigured Redis servers, and Windows servers vulnerable to the EternalBlue NSA exploit.Researchers from Imperva reveal a new unusually sophisticated cryptojacking attack attempting to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit. The Campaign is dubbed RedisWannaMine.MalwareY Multiple IndustriesCC>1
27608/03/2018?Dutch women's handball teamAccording to local reports in the Netherlands, hackers manage to breach the surveillance camera system in a dressing room of a sauna hosting the women handball team, and post the recordings on adult websites last December.UnknownX IndividualCCNL
27708/03/2018?Former Tennessee Gov. Phil Bredesen's Senate campaignFormer Tennessee Gov. Phil Bredesen's Senate campaign tells the FBI in a letter that it fears it was hacked.UnknownX IndividualCCUS
27809/03/2018Slingshot APTTargets in the Middle East and AfricaKaspersky Lab reveal the details of Slingshot, an extremely sophisticated cyber espionage campaign, leveraging malware to spy on international targets for six years. The APT group exploited zero-day vulnerabilities (CVE-2007-5633; CVE-2010-1592, CVE-2009-0824) in routers used by the Latvian network hardware provider Mikrotik.Targeted AttackY Multiple IndustriesCE>1
27909/03/2018Turkish GovernmentTurkish NationalsSecurity researchers from Citizen Lab publish a report where they reveal how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.MalwareX IndividualCETR
28009/03/2018?14 unnamed countriesESET researchers reveal to have discovered a new version of the infamous Hacking Team surveillance tool, dubbed RCS (Remote Control System), active in 14 countries.MalwareX IndividualCE>1
28109/03/2018?Multiple IndustriesResearchers at Kroll Cyber Security reveal the details of a new family of point-of-sale malware, dubbed PinkKite, very tiny in size, potentially devastating for POS endpoints.PoS MalwareY Multiple IndustriesCC>1
28209/03/2018APT15UK government contractorResearchers at NCC Group reveal to have discovered multiple backdoors on a UK government contractor’s computer designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15. According to researchers, the attackers were able to deploy three backdoors – identified as RoyalCli, RoyalDNS and BS2005. The networks were compromised from May 2016 until late 2017 and infected over 30 contractor controlled hosts.Targeted AttackO Public administration and defence, compulsory social securityCEUK
28309/03/2018APT28 AKA Fancy Bear AKA SofacyFar East TargetsResearchers at Kaspersky Lab reveal a new analysis on the infamous APT28 indicating that the group is shifting its interest to Far East TargetsTargeted AttackY Multiple IndustriesCE>1
28409/03/2018?Single IndividualsResearchers from Proofpoint reveal the details of a remote access tool dubbed FlawedAmmyy, developed using the leaked source code of Ammyy Admin, a legitimate remote desktop software.MalwareX IndividualCC>1
28509/03/2018?Unpatched Apache Solr ServersResearchers from the ISC SANS discover a campaign targeting Apache Solr servers that hadn't received patches for the CVE-2017-12629 vulnerability. The campaign is aimed to install miners.MalwareY Multiple IndustriesCC>1
28609/03/2018$2a$45Florida Virtual Learning School (FVLS)Florida Virtual Learning School notifies 368,000 current and former students, after an individual with the moniker $2a$45 uploads information of 35,000 students on a forum. Leon County Schools is among the affected organizations.UnknownP EducationCCUS
28709/03/2018[email protected]JJ MedsJJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand.UnknownG Wholesale and retail tradeCCCA
28810/03/2018?National Rifle Association (NRA)According to a report released by Netlab, three different National Rifle Association (NRA) websites experienced Distributed Denial of Service (DDoS) attacks.DDoSS Other service activitiesCCUS
28910/03/2018?Mississippi Valley State UniversityMississippi Valley State University’s campus was temporary without internet service this week after university officials said the school was hit by a SamSam ransomware attack.MalwareP EducationCCUS
29012/03/2018MuddyWater AKA TEMP.ZagrosTargets in Turkey, Pakistan and TajikistanResearchers from Palo Alto Networks and FireEye reveal that the Iran-Linked MuddyWater campaign (AKA TEMP.Zagros) appears to be still active against targets in Turkey, Pakistan and Tajikistan.Targeted AttackY Multiple IndustriesCE>1
29112/03/2018?ATI Physical TherapyATI Physical Therapy notifies patients of a security incident that appears to have targeted employees’ email accounts.Account HijackingQ Human health and social work activitiesCCUS
29212/03/2018?Okaloosa Water and SewerOkaloosa Water and Sewer warns its users of a security breach involving external vendors which process electronic credit/debit card payments for water and sewer bills.UnknownE Water supply, sewerage waste management, and remediation activitiesCCUS
29313/03/2018OceanLotus APT aka APT32 aka APT-C-00Targets in East Asian countries such as Vietnam, the Philippines, Laos and CambodiaResearchers from ESET reveal that the suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files.Targeted AttackY Multiple IndustriesCE>1
29413/03/2018?UyghursResearchers from Palo Alto Networks reveal the details of a new Android malware family dubbed “HenBox”, targeting the Uyghurs, a minority Turkic ethnic group living in China.MalwareX IndividualCECN
29513/03/2018?Multiple TargetsResearchers from Imperva identify a new but unusually distributed Monero cryptominer scam campaign hidden in a picture of Scarlett Johansson.MalwareY Multiple IndustriesCC>1
29613/03/2018?Single IndividualsResearchers from AVAST reveal the details of a campaign where Criminals hosted their cryptominers in forked projects on GitHub.MalwareX IndividualCC>1
29713/03/2018?Port of LongviewThe Port of Longview is hit by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors.UnknownH Transportation and storageCCUS
29813/03/2018?Gwent PoliceGwent Police is being investigated after failing to inform up to 450 people that hackers may have accessed their confidential reports to the force.UnknownO Public administration and defence, compulsory social securityCCUK
29914/03/2018?FortniteSeveral news reports surface of the suspected hacking of player accounts of popular video game Fortnite, with some gamers apparently faced with large credit card charges from fraudulent purchases.Account HijackingR Arts entertainment and recreationCCUS
30014/03/2018?Visitors of download.cnet.comESET researchers discover three trojanized applications (bitcoin stealing malware) hosted on download.cnet.com, the163th most visited site in the world according to Alexa rankings. The researchers estimate that as of March 13, the attacker managed to steal the equivalent of $80,000 USD. The malware had been hosted since May 2, 2016 and had been downloaded more than 4,500 times in total.MalwareX IndividualCC>1
30114/03/2018?Android UsersResearchers from Check Point reveal the details of RottenSys, a massive botnet composed of 5 million Android smartphones, active primarily in China.MalwareX IndividualCCCN
30214/03/2018?Multiple TargetsResearchers from Forcepoint publish a detailed analysis of the Qrypter Remote Access Tool. The analysis reveals that 243 organizations worldwide have been hit by the RAT.MalwareY Multiple IndustriesCC>1
30314/03/2018?Queensland Transport DepartmentABC News reveals that overseas hackers breached the Queensland Transport Department's security network last year, before attempting to steal information from staff members from other sections of government.UnknownO Public administration and defence, compulsory social securityCEAU
30415/03/2018DragonflyWest's energy utilities and other critical infrastructuresThe US Department of Homeland Security and the Federal Bureau of Investigation issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructures by individuals acting on behalf of the Russian government. The report points the finger at the Dragonfly group.Targeted AttackD Electricity gas steam and air conditioning supplyCC>1
30515/03/2018APT28 AKA Fancy Bear AKA SofacyUnnamed European GovernmentResearchers from Palo Alto Networks reveal a new campaign carried on by the infamous APT28 (AKA Fancy Bear AKA Sofacy) targeting an unnamed European Government, exploiting an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
30615/03/2018?Meghan MarkleThe Fappening saga continues with new photo leaks published online. The most recent victim is none other than Meghan Markle, the soon-to-be Mrs. Prince Harry. Some believe ISIS could be involved in the hack, even if no official claim is made.Account HijackingX IndividualCCUK
30715/03/2018?Single Individuals in South KoreaResearchers from Symantec reveal the details of a new version of the infamous FakeBank trojan distributed via malicious Android apps in South Korea.MalwareK Financial and insurance activitiesCCKR
30815/03/2018?Unnamed Petrochemical Company in Saudi ArabiaThe New York Times reveals that back in August, a petrochemical company with a plant in Saudi Arabia was hit by a cyberattack aimed to sabotage the firm’s operations and trigger an explosion.Targeted AttackD Electricity gas steam and air conditioning supplyCWSA
30915/03/2018?Single IndividualsSecurity researchers from Kaspersky reveal that the PoS Malware Prilex has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.PoS MalwareX IndividualCC>1
31015/03/2018?Nampa School DistrictThe Nampa School District informed its employees of a potential security issue involving personally identifiable information of about 3,983 of its current and past employees.UnknownP EducationCCUS
31115/03/2018?SvitzerThe shipping company Svitzer suffers a significant data breach affecting almost half its Australian employees when three employees have had emails auto-forwarded in the past 11 months.Account HijackingH Transportation and storageCCAU
31216/03/2018TEMP.Periscope AKA LeviathanU.S. Maritime EntitiesSecurity firm FireEye reveals the details of TEMP.Periscope, a Chinese group focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea.Targeted AttackH Transportation and storageCEUS
31316/03/2018?UK National LotteryThe UK National Lottery advises all 10.5million people with online accounts to change their passwords following an attempt by hackers to access accounts using credential stuffing.Brute Force (Credential Stuffing)R Arts entertainment and recreationCCUK
31416/03/2018?Atrium HospitalityAtrium Hospitality notifies 376 hotel guests of a ransomware attack occurred on December 2017.MalwareI Accommodation and food service activitiesCCUS
31516/03/2018?Frost BankFrost Bank investigates a breach after the company discovered unauthorized access to digital images stored in those customers’ commercial image archives.UnknownK Financial and insurance activitiesCCUS
31616/03/2018?TheDarkOverlordTheDarkOverlord claims to have breached H-E Parts Morgan. The breach seems to have occurred in November.UnknownG Wholesale and retail tradeCCUS
31718/03/2018?Russian Central Election CommissionThe Russian Central Election Commission is hit by a DDoS attack.DDoSO Public administration and defence, compulsory social securityCWRU
31820/03/2018?OrbitzOrbitz, a subsidiary of online travel agency Expedia Inc reveals that hackers may have accessed personal information from about 880,000 payment cards. The breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016 and June 22, 2016 for its consumer platform.UnknownJ Information and communicationCCUS
31920/03/2018?David NottDavid Nott, a British surgeon who helped carry out operations in Aleppo, reveals that the hacking of his computer could have led to a hospital being bombed by suspected Russian warplanes.Targeted AttackX IndividualCESY
32020/03/2018?Puerto Rico’s Power Utility, PREPAPuerto Rico’s Power Utility, PREPA reveals to have been hacked over the weekend, but customer information was not compromised.UnknownD Electricity gas steam and air conditioning supplyCCPR
32120/03/2018?Trusted QuidTrusted Quid reports a theft of data from unauthorised access to its website. The incident relates to data directly entered by people applying for a loan only on the Trusted Quid website between 1 July 2016 and 17 February 2018. Up to 65,925 people may have been affected.UnknownK Financial and insurance activitiesCCUK
32220/03/2018?Finger Lakes HealthFinger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware.MalwareQ Human health and social work activitiesCCUS
32321/03/2018?Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL)Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL), a power distribution company suffers a cyber attack on its Automatic Meter Reading System (AMR) in which billing data of about 4,000 industrial consumers are encrypted. The attackers demand a ransomware equivalent to $150,000.MalwareD Electricity gas steam and air conditioning supplyCCIN
32421/03/2018?Vulnerable Cacti ServersResearchers from Trend Micro reveal that a hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin (CVE-2013-2618). The researchers believe this is the same group that recently exploited CVE-2017-1000353 to inject Monero miners into vulnerable Jenikins installations.MalwareY Multiple IndustriesCC>1
32521/03/2018?SIngle IndividualsResearchers from security firm Webroot reveal the details of a new variant of the well-known Trickbot financial trojan.MalwareK Financial and insurance activitiesCC>1
32621/03/2018OilRig APTA number of organizations across the Middle EastAccording to a new analysis by security firm Nyotron, the Iran-linked OilRig APT is back with a new more advanced malware toolkit.Targeted AttackY Multiple IndustriesCE>1
32722/03/2018?Russian Defense MinistryThe Russian Defense Ministry reveals that a total of 7 DDoS attacks are carried out against its website during the final vote of the general elections.DDoSO Public administration and defence, compulsory social securityCWRU
32822/03/2018?City of AtlantaIT systems used by the City of Atlanta, are hit by a SamSam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.MalwareO Public administration and defence, compulsory social securityCCUS
32922/03/2018?Android UsersResearchers from SophosLabs reveal the details of Andr/HiddnAd-AJ, a malicious app in disguise of an Ad blocker, downloaded more than 500,000 times before being pulled off the Google Play Store.MalwareX IndividualCC>1
33022/03/2018?Some Government AgenciesResearchers from FireEye discover a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.Targeted AttackO Public administration and defence, compulsory social securityCE>1
33124/03/2018?Baltimore's Automated Dispatch System.Unknown actors temporarily cause a shutdown of Baltimore's automated dispatch system, impacting the messaging functions within the Computer Aided Dispatch (CAD) system used by both of the city's 911 and 311 services.UnknownQ Human health and social work activitiesCCUS
33226/03/2018APT28 AKA Fancy BearUK Anti-Doping AgencyThe UK Anti-Doping Agency revels to have foiled an attempted cyberattack during the weekend that tried to access confidential medical and drug‑testing data.Targeted AttackS Other service activitiesCEUK
33326/03/2018?Vulnerable Linux-based systemsResearchers from Cisco Talos reveal the details of GoScanSSH, a new strain of malware that targets vulnerable Linux-based systems, avoiding government and military networks.MalwareY Multiple IndustriesCC>1
33427/03/2018Alleged Nigerian HackersNaukri.comNigerian hackers hack into Naukri.com’s servers, stealing 100,000 resumes and contacting 10,000 job seekers for fake interviews.UnknownM Professional scientific and technical activitiesCCIN
33527/03/2018?Stormont (Northern Ireland Parliament)Stormont (the Northern Irish Parliament)issues a warning to all staff, including political parties, after discovering its email service was hit by a cyber attack.Targeted AttackO Public administration and defence, compulsory social securityCEIE
33627/03/2018?YouTube UsersResearchers at Russian anti-virus vendor Dr. Web discover a dangerous malware campaign spread by cybercriminals from comments posted on YouTube. The malware is dubbed Trojan.PWS.Stealer.23012.MalwareX IndividualCC>1
33728/03/2018?Android UsersResearchers from Trend Micro discover HiddenMiner, a new type of Android malware that infects devices and untetheredly mines Monero in the phone's background until the battery is exhausted or the device gives out.MalwareX IndividualCC>1
33828/03/2018?BoeingA Boeing facility in South Carolina is hit by the Wannacry ransomware.MalwareC ManufacturingCCUS
33928/03/2018?Vulnerable MicroTik devicesAnother IoT Botnet: a new Hajime variant infects MicroTik devices vulnerable to an exploit known as "Chimay Red".MalwareY Multiple IndustriesCC>1
34028/03/2018?Single IndividualsResearchers from security company Cybereason reveal the details of "Fauxpersky", a simple and efficient keylogger impersonating the Russian antivirus software Kaspersky.MalwareX IndividualCC>1
34128/03/2018?S.S. LazioItalian newspaper "Il Tempo" reports that Italian football team Lazio have fallen for an email scam and paid £1.75m (€2m) of the final instalment for defender Stefan de Vrij's transfer from Dutch club Feyenoord to fraudsters.Account HijackingR Arts entertainment and recreationCCIT
34228/03/2018?Indian Bank CustomersA complaint reveals that 1,020 bank accounts in different banks were used by fraudsters to receive money from victim's bank accounts through phishing.Account HijackingK Financial and insurance activitiesCCIN
34329/03/2018?Under ArmourUnder Armour, Inc. announces that it is notifying users of MyFitnessPal - the company's food and nutrition application and website, about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company investigation reveals that approximately 150 million user accounts were affected by this issue.UnknownC ManufacturingCCUS
34429/03/2018?Bank Negara MalaysiaBank Negara Malaysia reveals to have foiled cyberattack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform.UnknownK Financial and insurance activitiesCCMY
34529/03/2018?Unnamed Bestiality WebsiteThousands of user account details—many related to a bestiality website—are circulating on public image boards, according to data obtained by Motherboard.UnknownS Other service activitiesCCN/A
34630/03/2018?CareFirst BlueCross BlueShieldA phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members’ personal data. The insurer learned on March 12 that one of its employees fell victim to a phishing email that compromised his or her email account. The hacker used the email account to send spam messages to an email list of individuals not associated with CareFirst.Account HijackingQ Human health and social work activitiesCCUS
34701/04/2018?Guardian Pharmacy of JacksonvilleGuardian Pharmacy of Jacksonville notifies 11,521 patients of email compromise of protected health information.Account HijackingQ Human health and social work activitiesCCUS
34801/04/2018JokerStash AKA Fin7 AKA CarbanakHudson's Bay CompanyRetailer Hudson's Bay Company discloses that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. Millions of cards may have been compromised (5 millions are already offered for sale).UnknownG Wholesale and retail tradeCCCA
34902/04/2018?Four U.S. pipeline companies (Oneok Inc, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, Eastern Shore Natural Gas)At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down, with three confirming it resulted from a cyberattack to Latitude Technology, a third-party provider. It is not clear is the outage is the result of a ransomware or DDoS attack.UnknownD Electricity gas steam and air conditioning supplyCCUS
35002/04/2018?1,000 Magento SitesSecurity researchers from FlashPoint say they've identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details, perform cryptojacking, or redirect the visitors to malware distribution sites.Brute-Force/Credential StuffingY Multiple IndustriesCC>1
35102/04/2018?Android UsersResearchers from Trustlook reveal the details of a new strain of Android malware specifically aimed at stealing private conversations on IM applications like Facebook Messenger, Skype, Telegram, Twitter, Viber, and others.Malware/PoS MalwareX IndividualCC>1
35202/04/2018?Government of Sint MaartenThe entire government of Sint Maarten, an independent country within the Kingdom of the Netherlands, is taken down for a week by a cyber attack.UnknownO Public administration and defence, compulsory social securityCCSX
35303/04/2018?Vadim Lavrusik Twitter and Flipboard accountsLess than an hour after tweeting about being safe during the active shooting at YouTube's headquarters, the Twitter and Flipboard accounts of Vadim Lavrusik, a product manager at Youtube, are hit by hackers.Account HijackingX IndividualCCUS
35403/04/2018Dark-Coder or Th3Falcon.More than a dozen major Israeli websitesIn name of OpIsrael, more than a dozen major Israeli websites, belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans Organization are defaced apparently in response to clashes between the IDF and Gazan protesters the previous weekend.DefacementY Multiple IndustriesHIL
35503/04/2018Lazarus AKA Hidden CobraOnline Casino in Central AmericaResearchers from ESET reveal that the infamous Lazarus Group, a malicious actor linked to North Korea, has used a new toolset, including the destructive KillDisk, to target the network of an online Casino in Central America.Targeted AttackR Arts entertainment and recreationCEN/A
35604/04/2018APT32 AKA OceanLotusMultiple TargetsResearchers from Trend Micro reveal the details of a new backdoor affecting MacOS linked to the OceanLotus threat group. The backdoor is called OSX_OCEANLOTUS.D.Targeted AttackY Multiple IndustriesCE>1
35704/04/2018?Single IndividualsResearchers from Trend Micro discover a campaign aimed to inject the widely-used Coinhive code into an ad supplied by the AOL advertising network, in order to mine crypto currency.Malicious Code InjectionX IndividualCC>1
35804/04/2018?Verge CryptocurrencyAn unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid paceUnknownV FintechCCN/A
35904/04/2018?Facebook UsersFacebook reveals that "malicious actors" took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.VulnerabilityX IndividualCCUS
36004/04/2018?Japan Ministry EmployeesThe Japanese government’s cybersecurity center reveals that the email addresses and passwords of thousands of ministry employees have been leaked and are being sold on the Internet.UnknownO Public administration and defence, compulsory social securityCCJP
36104/04/2018?Oakton High SchoolA police investigation reveals that hackers attempted to change grades at Oakton High School, using an attack carried on via a malicious email.Account HijackingP EducationCCUS
36205/04/2018?[24]7.ai[24]7.ai, a firm providing online customer support services based on artificial intelligence and machine learning, is breached. As consequence other companies using its services suffer a theft of customer payment information. The breach occurred between September 26, 2017 and October 12, 2017. The list of the victims include Sears, Kmart, and Delta Airlines. Even Best Buy is involved.UnknownJ Information and communicationCCUS
36305/04/2018?Several Financial FirmsResearchers from Recorded Future reveal the details of the IoTroop botnet, a botnet made up of hijacked internet-connected televisions and web cameras used to target financial firms with DDoS attacks.DDoSK Financial and insurance activitiesCC>1
36405/04/2018?Multiple Financial TargetsResearchers from Netskope discover a new ATM jackpotting malware dubbed ATMJackpot. The malware seems to have originated from Hong Kong and to be still in development.Malware/PoS MalwareK Financial and insurance activitiesCC>1
36505/04/2018?Multiple TargetsResearchers from Fortinet discover a new variant of the Agent Tesla spyware, spreading via weaponized Microsoft Word Documents.Malware/PoS MalwareY Multiple IndustriesCC>1
36606/04/2018Suspected Chinese HackersIndia's Ministry of DefenceThe website of India's Ministry of Defence is defaced by suspected Chinese attackers.DefacementO Public administration and defence, compulsory social securityCCIN
36707/04/2018
36808/04/2018?Drake BellDrake Bell appears to be the most recent victim of hackers as part of another episode of the Fappening saga.Account HijackingX IndividualCCUS
36908/04/2018?Natalie CassidyEastEnders star Natalie Cassidy is the latest celebrity to have her intimate pictures leaked online in yet another evolution of the Fappening 2018 scandal.Account HijackingX IndividualCCUK
37009/04/2018JHTCisco switches around the worldThe Iranian IT Ministry reveals that Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”. The attack, exploiting CVE-2018-0171, affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in Iran.VulnerabilityY Multiple IndustriesH>1
37109/04/2018?Armed Forces Recreation Center Edelweiss Lodge and ResortThe Armed Forces Recreation Center Edelweiss Lodge and Resort investigates a data breach that left some guests open to identity theft. At least 18 guests — primarily soldiers and retirees — who stayed at the resort between November 2017 and February 2018 reported that their credit cards were misused after their stays.Malware/PoS MalwareI Accommodation and food service activitiesCCDE
37209/04/2018?Sodexo FilmologySodexo food services and facilities management company notifies a number of customers that it was the victim of a targeted attack on its cinema vouchers platform Sodexo Filmology.Targeted AttackR Arts entertainment and recreationCCUK
37309/04/2018?Telco companies in Brazil, Columbia and other Latin American countriesResearchers from Flashpoint observe a spike of activity in Telegram messaging channels being used to exchange HTTP injectors. HTTP injectors can be used to obtain free mobile internet access.HTTP InjectorsJ Information and communicationCC>1
37410/04/2018?Vulnerable CMS Systems.Security researchers at Malwarebytes report to have uncovered evidence of a sophisticated campaign of thousands of compromised websites running vulnerable CMS' and abused to distribute malware to visiting users via fake updates. The campaign is called FakeUpdates and is used to distribute the ZeusVM variant Chtonic banking malware or a NetSupport Remote Access ToolMalicious Code InjectionX IndividualCC>1
37510/04/2018Kuroi’SH and ProsoxVevo Youtube AccountTwo hackers manage to deface several popular YouTube music videos, changing titles and thumbnail images. The list of the victims include the most-viewed YouTube video of all time, “Despacito”. The two claim to have done it for Palestine.DefacementR Arts entertainment and recreationHUS
37610/04/2018?Single IndividualsResearchers from Barracuda reveal the details of a recent spate of attacks using phishing, social engineering, exploits, and obfuscation to spread a Quant Loader trojan capable of distributing ransomware and password stealers. The attack uses a “.url” file extension claiming to be billing documents but actually lead to remote script files using a variation of CVE-2016-3353Malware/PoS MalwareX IndividualCC>1
37710/04/2018?Victoria Independent School DistrictVictoria independent School District notifies employees that some email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information.Account HijackingP EducationCCUS
37811/04/2018?Great Western RailwayGreat Western Railway reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them. According to the operator, about 1,000 of its passengers' details have been exposed.Brute-Force/Credential StuffingX IndividualCCUK
37912/04/2018UKIslamic StateThe director of the intelligence agency GCHQ, Jeremy Fleming reveals that the UK has conducted a "major offensive cyber-campaign" against the Islamic State group.DDoSS Other service activitiesCWN/A
38012/04/2018?Governments and high-level officials in the Middle East and North Africa (MENA)Kaspersky Labs details a large-scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions and more specifically Palestine.Targeted AttackO Public administration and defence, compulsory social securityCEPS
38112/04/2018?Single IndividualsResearchers from Menlo Security reveal the details of a new multi-stage campaign using malicious attachments to infect the endpoint with content hosted on a remote host (and exploiting CVE-2017-8570 to drop the executable in the endpoint), The campaign is used to deliver the Formbook malware.Malware/PoS MalwareX IndividualCC>1
38212/04/2018?SucuriThe California based website security provider Sucuri suffers a series of massive DDoS attacks causing service outage in West Europe, South America and parts of Eastern United States.DDoSM Professional scientific and technical activitiesCCUS
38313/04/2018?Diagnostic Radiology & ImagingDiagnostic Radiology & Imaging notifies 800 patients of phishing incident occurred in November 2017.Account HijackingQ Human health and social work activitiesCCUS
38413/04/2018?Vulnerable Drupal CMS SystemsAfter the publication of PoC code, attackers start to exploit the Drupalgeddon2 vulnerability (CVE-2018-7600).VulnerabilityY Multiple IndustriesCC>1
38513/04/2018?Vulnerable routersSecurity researchers at Akamai discover a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol.VulnerabilityY Multiple IndustriesCC>1
38613/04/2018?InogenInogen, a California-based medical device manufacturer, reports that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised sometime between Jan. 2, 2018, and Mar. 14, 2018.Account HijackingC ManufacturingCCUS
38713/04/2018?Mise En Place Restaurant ServicesMise En Place Restaurant Services announces that it was subject to a ransomware attack, which may have potentially exposed some information of clients and individuals.Malware/PoS MalwareI Accommodation and food service activitiesCCUS
38814/04/2018?Texas Health ResourcesTexas Health Resources reveals that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts. The breach was discovered in January 4,000 and might impact 4,000 users.Account HijackingQ Human health and social work activitiesCCUS
38915/04/2018?UnityPoint HealthUnityPoint Health notifies patients of a phishing attack occurred between November 1, 2017 and February 7, 2018Account HijackingQ Human health and social work activitiesCCUS
39004/04/2018?Single IndividualsResearchers from Palo Alto Networks reveal the details of Rarog, a previously unseen cryptomining trojan.Malware/PoS MalwareX IndividualCC>1
39112/04/2018?IIS 6.0 Vulnerable serversResearchers from F5 discover a massive campaign exploiting an old IIS 6.0 vulnerability (CVE-2017-7269) to mine Electroneum.VulnerabilityY Multiple IndustriesCC>1
39216/04/2018Russian state-sponsored actors (Grizzly Steppe)Government and private-sector organizations, critical infrastructure providers, and the internet service providers (ISPs)The UK NCSC (National Cyber Security Centre), FBI (Federal Bureau of Investigation) and DHS (Department of Homeland Security) issue a joint Technical Alert about malicious cyber activity carried out by the Russian Government. The attackers use compromised routers to conduct man-in-the-middle attacks.Man-in-the-MiddleO Public administration and defence, compulsory social securityCE>1
39316/04/2018APT-C-32Middle Eastern IndividualsResearchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.Targeted AttackO Public administration and defence, compulsory social securityCE>1
39416/04/2018mobile APT (mAPT)Several targetsResearchers from Lookout reveal a new campaign using a modified version of the infamous ViperRAT hosted in Google Play.Targeted AttackY Multiple IndustriesCE>1
39516/04/2018?TaskRabbitTaskRabbit, a web-based service owned by IKEA that connects freelance handymen with clients in various local US markets, emails customers admitting it suffered a security breach. The company takes down its app and website while investigating the incident and later admits that some personal information might have been compromised.UnknownN Administrative and support service activitiesCCUS
39616/04/2018?Android UsersResearchers from Kaspersky Lab reveal the detail of Roaming Mantis, an operation where malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware on clone apps of Google Chrome and Facebook.DNS HijackingX IndividualCC>1
39716/04/2018?Multiple TargetsAccording to multiple sources, hackers have started to actively exploit the Drupalgeddon 2 Drupal CMS vulnerability CVE-2018-7600 to inject cryptominers.VulnerabilityY Multiple IndustriesCC>1
39816/04/2018?African Embassy in DublinResearchers from Lastline reveal that an African ambassador in Dublin was compromised by cyber criminals with hackers gaining access to entire nation’s digital data.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
39916/04/2018?Hong Kong Broadband NetworkHong Kong Broadband Network, the city’s second largest fixed-line residential broadband provider, discovers that an inactive customer database has been accessed without authorization. The personal data of some 380,000 customers, including details for more than 40,000 credit cards, are compromised.UnknownJ Information and communicationCCHK
40016/04/2018?Irvington School DistrictPartial social security numbers of more than 1,200 employees at Irvington schools are distributed via email to an unknown number of recipients by an unidentified attacker.UnknownP EducationCCUS
40117/04/2018?Chrome UsersResearchers from AdGuard uncover five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them.Malware/PoS MalwareX IndividualCC>1
40217/04/2018?TheBottleResearchers from Palo Alto Networks reveal the details of SquirtDanger, a new strain of malware that allows hackers to take action screenshots, steal passwords, download files and even steal the contents of cryptocurrency wallets.Malware/PoS MalwareX IndividualCC>1
40317/04/2018?Minecraft usersAccording to Avast’s Threat Labs, nearly 50,000 Minecraft users have been infected with a malware aiming at reformatting hard drives, wiping out backup data from the targeted system along with deleting other important files.Malware/PoS MalwareX IndividualCC>1
40417/04/2018AnoaGhostinsights.london.nhs.ukAn NHS website is defacedDefacementO Public administration and defence, compulsory social securityCCUK
40518/04/2018Gold GalleonMultiple Maritime Shipping FirmsResearchers from Secureworks discover a previously unidentified "Gold Galleon" threat group, specialized in business email compromise (BEC) and business email spoofing (BES) fraud against maritime shipping firms in order to try and steal millions of dollars on an annual basis.Account HijackingH Transportation and storageCC>1
40618/04/2018?Single IndividualsSecurity researchers from Radware spot a new information stealer that collects Chrome login data from infected victims, along with session cookies, and appears to be looking for Facebook and Amazon details in particular. The malware is called Stresspaint and has infected so far more than 40,000 users.Malware/PoS MalwareX IndividualCC>1
40718/04/2018?California's Center for Orthopaedic Specialists (COS)California's Center for Orthopaedic Specialists (COS) discloses to have been hit by a ransomware attack. The incident impacts the records of approximately 85,000 patients across three facilities in West Hills, Simi Valley and Westlake Village.Malware/PoS MalwareQ Human health and social work activitiesCCUS
40818/04/2018?Ian BalinaIan Balina, a well-known sponsored YouTube blogger is hacked, while streaming, loosing roughly $2 million in tokens.Account HijackingX IndividualCCUS
40918/04/2018?Sangamo TherapeuticsSangamo Therapeutics announces a data security incident involving compromise of a senior executive’s company email account.Account HijackingQ Human health and social work activitiesCCUS
41018/04/2018?Minecraft and Counter-Strike: Global Offensive playersResearchers discover two strains of a fake ransomware targeting players of Minecraft and Counter-Strike: Global Offensive (CS:GO)Malware/PoS MalwareX IndividualCC>1
41118/04/2018?QuestarAnnual tests in several states are delayed by what appears to be a suspected hack to Questar, a K12 assessment solutions provider.UnknownP EducationCCUS
41219/04/2018HighTech Brazil HackteamSupreme Court of IndiaThe website of Supreme Court of India is defaced.DefacementO Public administration and defence, compulsory social securityCCIN
41319/04/2018?Single IndividualsResearchers from Trend Micro discover a spam campaign delivering the Adwind RAT bundled with the XTRAT and DUNIHI Backdoors.Malware/PoS MalwareX IndividualCC>1
41419/04/2018?Single IndividualsResearchers at MalwareHunterTeam discover a new strain of ransomware, targeting Brazilian users, called RansSIRIA, which encrypts victim’s files and then states it will donate the ransom to Syrian refugees. The malware target Brazilian victims.Malware/PoS MalwareX IndividualCCBR
41520/04/2018?Multiple TargetsSecurity researchers from antivirus maker Qihoo 360 Core discover a new Internet Explorer 0-day exploited by a state-sponsored threat actor. The vulnerability is called "double kill".Targeted AttackY Multiple IndustriesCE>1
41620/04/2018?Multiple TargetsResearchers from Qihoo 360 Netlab and GreyNoise Intelligence discover a botnet made up of servers and smart devices exploiting the severe Drupal CMS vulnerability CVE-2018-7600 also known as Drupalgeddon 2. The botnet is dubbed Muhstik.Malware/PoS MalwareY Multiple IndustriesCC>1
41721/04/2018?Equihash mining poolsSecurity researchers at 360 Core Security detect a new type of attack which targets some Equihash mining pools.VulnerabilityY Multiple IndustriesCC>1
41821/04/2018?City of HamiltonThe emails of about 1,100 Hamilton residents have been compromised following a data breach of two waste collection apps, according to the city of Hamilton.UnknownO Public administration and defence, compulsory social securityCCCA
41922/04/2018AnonPlusilgiornale.itHackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail.DefacementJ Information and communicationHIT
42022/04/2018Prosox ShadeRed Bull WebsiteThe Red Bull website is defaced twice in few hours, probably exploiting the Drupalgeddon 2 vulnerability.DefacementI Accommodation and food service activitiesCCAT
42123/04/2018?Prince Edward Island (PEI) Government WebsiteA ransomware attack takes down the Prince Edward Island Government website.Malware/PoS MalwareO Public administration and defence, compulsory social securityCCCA
42223/04/2018OrangewormHealthcare organizations in the United States, Europe and AsiaResearchers from Symantec reveal the details of Orangeworm, a threat group targeting healthcare organizations in the United States, Europe and Asia via a custom backdoor dubbed Kwampirs.Targeted AttackQ Human health and social work activitiesCE>1
42323/04/2018?CareemCareem, Uber’s main ride-hailing app rival in the Middle East, is hit by a cyber attack that compromises the data of 14 million users. The breach was discovered on January 14.UnknownH Transportation and storageCCAE
42423/04/2018APT10Japanese defense companiesAccording to FireEye, the Chinese group APT10 has targeted Japanese defense companies, possibly to get information on Tokyo’s policy toward resolving the North Korean nuclear impasse.Targeted AttackO Public administration and defence, compulsory social securityCEJP
42523/04/2018Hunter buttThai Airways WebsiteThe official website of Thai Airways is hacked by a Pakistani with the moniker “Hunter butt”. The hacker uploads a deface page on 23 subdomains.DefacementH Transportation and storageCCTH
42624/04/2018?MyEtherWallet.comA hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts. The total bounty is $152,000.DNS HijackingV FintechCCUS
42724/04/2018?Ukraine's Energy Ministry WebsiteUnknown hackers use ransomware to take the website of Ukraine's energy ministry offline and encrypt its files.Malware/PoS MalwareO Public administration and defence, compulsory social securityCCUA
42824/04/2018?Single IndividualsResearchers from FortiGuard Labs uncover a new python-based Monero cryptocurrency mining malware, dubbed "PyRoMine" that uses the ETERNALROMANCE exploit to spread.Malware/PoS MalwareX IndividualCC>1
42924/04/2018?Brazilian companiesResearchers from FireEye identify a widespread spam campaign, dubbed Metamorfo, targeting Brazilian companies with the goal of delivering banking Trojans.Malware/PoS MalwareY Multiple IndustriesCCBR
43024/04/2018?Americas CardroomPoker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom.DDoSR Arts entertainment and recreationCCUS
43124/04/2018?Multiple industries including critical infrastructure, entertainment, finance, health care, and telecommunicationsResearchers from McAfee uncover a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. The campaign is dubbed Operation GhostSecret.Targeted AttackY Multiple IndustriesCE>1
43224/04/2018?WebLogic ServersAttackers start to exploit Oracle WebLogic servers for CVE-2018-2628.VulnerabilityY Multiple IndustriesCC>1
43325/04/2018?HPE UsersThreat actors target internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware.Malware/PoS MalwareY Multiple IndustriesCC>1
43426/04/2018?Single IndividualsResearchers from Vade Secure reveal the details of a massive phishing campaign targeting more than 550 million email users globally since the first quarter of 2018.Account HijackingX IndividualCC>1
43526/04/2018?Single IndividualsResearchers from Trend Micro discover a new variant of the infamous Necurs botnet using .url files (internet shortcuts) to bypass conventional detection methods.Malware/PoS MalwareX IndividualCC>1
43626/04/2018The Invincible The MartianSeveral targets in IndiaResearchers from Cisco Talos unveil the details of GravityRAT, a tool being used in targeted attacks, allegedly coming from Pakistan, against India with sophisticated anti-evasion techniques.Targeted AttackO Public administration and defence, compulsory social securityCWIN
43726/04/2018Team Kerala Cyber WarriorsPakistanTeam Kerala Cyber Warriors, a hacking group based out of India, begin to install ransomware on web sites based out of Pakistan. The ransomware is called KCW Ransomware.Malware/PoS MalwareY Multiple IndustriesCWPK
43826/04/2018?Sen. Richard Pan, D-SacramentoSen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year.Account HijackingX IndividualCCUS
43927/04/2018?Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext)Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext) are targeted by a cyber attack aimed to penetrate Mexico’s electronic payment systems (SPEI).UnknownK Financial and insurance activitiesCCMX
44027/04/2018?Zippy's RestaurantsThe Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.Malware/PoS MalwareI Accommodation and food service activitiesCCUS
44127/04/2018?Highway Sign in ArizonaSomeone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text.UnknownH Transportation and storageCCUS
44227/04/2018?Leominster Schools DistrictLeominster Schools District pays $10,000 worth of Bitcoins ransom following a cyberattack on their system.Malware/PoS MalwareP EducationCCUS
44327/04/2018AnonPlusCity of BolognaThe website of the City of Bologna is defaced by AnonPlusDefacementO Public administration and defence, compulsory social securityHIT
44427/04/2018?Scenic Bluffs Community Health CentersScenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party.Account HijackingQ Human health and social work activitiesCCUS
44527/04/2018?Billings ClinicBillings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February.Account HijackingQ Human health and social work activitiesCCUS
44628/04/2018
44729/04/2018
44830/04/2018?Single IndividualsResearchers from Trend Micro reveal the details of FacexWorm, a malicious Chrome extension, targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive.Malware/PoS MalwareX IndividualCC>1
44901/05/2018?Rail Europe North AmericaRail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.MalwareR Arts entertainment and recreationCCUS
45001/05/2018APT28 AKA Fancy BearLojack UsersSecurity researchers from Arbor Networks reveal that malware with suspected links to Russian cyber-espionage group Fancy Bear is turning up in installations of Lojack, an anti-computer theft program used by many corporations to guard their assets.Targeted AttackY Multiple IndustriesCE>1
45101/05/2018?Vulnerable serversResearchers from AlienVault reveal the details of MassMiner, a new wave of cryptocurrency-mining malware using exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts).VulnerabilityY Multiple IndustriesCC>1
45201/05/2018SB315City of Augusta Calvary Baptist Church Georgia Southern University, Two Augusta restaurants: Blue Sky Kitchen and Soy Noodle HouseA group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if the bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, Blue Sky Kitchen and Soy Noodle House.DefacementY Multiple IndustriesHUS
45301/05/2018?Knox County's websiteThe Tennessee county's website is taken down by a DDoS attack on election night.DDoSO Public administration and defence, compulsory social securityCCUS
45401/05/2018?Leominster Public SchoolLeominster Public School is the victim of a ransomware attack, forcing them to pay $10,000 to have the computers back.MalwareP EducationCCUS
45502/05/2018?Drupal ServersResearchers from Imperva/Incapsula discover another strain of malware, dubbed Kitty, aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600) to mine cryptocurrencyVulnerabilityY Multiple IndustriesCC>1
45602/05/2018AllaniteBusiness and ICS networks at electric utilities in the US and UK.Researchers from Dragos unveil the details of a threat actor dubbed Allanite, active at least since May 2017 and still targeting both business and ICS networks at electric utilities in the US and UK.Targeted AttackD Electricity gas steam and air conditioning supplyCEUS UK
45702/05/2018?Fredericksburg School SystemA Fredericksburg school system employee falls for phishing attackAccount HijackingP EducationCCUS
45802/05/2018AkincilarGreek Foreign Ministry Athens-Macedonia News Agency (ANA) Greek Handball Federation Suzuki-GreeceThe Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016.DefacementO Public administration and defence, compulsory social securityCWGR
45902/05/2018DefacementI Accommodation and food service activitiesCWGR
46002/05/2018DefacementR Arts entertainment and recreationCWGR
46102/05/2018DefacementC ManufacturingCWGR
46203/05/2018?Targets in Middle EastResearchers from Kaspersky reveal the details of ZooPark, a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware.Targeted AttackY Multiple IndustriesCE>1
46303/05/2018?World Rugby Training and Education WebsiteWorld Rugby is forced to suspend its training and education website after the governing body is the target of a cyber attack that sees hackers obtain personal data from thousands of subscribers.UnknownR Arts entertainment and recreationCCN/A
46403/05/2018?JavaScript usersThe Node Package Manager (npm) team discovers and blocks the distribution of a backdoor inside getcookies, a popular, albeit deprecated, JavaScript package.MalwareX IndividualCC>1
46503/05/2018?Airbnb usersResearchers from Redscan discover a GDPR-related phishing scam with emails claiming to be from Airbnb.Account HijackingX IndividualCC>1
46603/05/2018?Several Florida Hospital WebsitesSeveral Florida Hospital Websites are taken offline after being affected by a malware that could have compromised patient information. The list of the affected hospitals include: FloridaBariatric.com, FHOrthoInstitute.com and FHExecutiveHealth.com.MalwareQ Human health and social work activitiesCCUS
46703/05/2018Anonymous24TV Turk TelekomAs a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.DDoSJ Information and communicationCWTR
46803/05/2018?Meituan DianpingMeituan Dianping, the internet giant backed by Tencent, China’s most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users. This happens after tens of thousands of data snippets -- everything from names and mobile numbers to home addresses -- on food-delivery customers went on sale online.UnknownG Wholesale and retail tradeCCCN
46903/05/2018?Fleetcor TechnologiesFleetcor Technologies, a company specializing in fuel cards and workforce payment products and services, publicly discloses that its gift card systems were accessed last month by an unauthorized party. A "significant number" of gift cards that are at least six months old, as well as PIN numbers, were accessed.UnknownR Arts entertainment and recreationCCUS
47004/05/2018?Copenhagen city’s bicycle sharing system “Bycyklen"Unknown hackers disrupt the Copenhagen city’s bicycle sharing system “Bycyklen”, erasing the data of 1,860 bicycles.UnknownH Transportation and storageCCDK
47104/05/2018AnonPlusK9 Web ProtectionHackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec).DefacementJ Information and communicationHUS
47204/05/2018?Riverside Fire and Police departmentRansomware infects the servers of the Riverside Fire and Police department for the second time in a month.MalwareO Public administration and defence, compulsory social securityCCUS
47304/05/2018?W.S. Neal High SchoolWhile finalizing end-year school rankings, W.S. Neal High School realizes that someone has been changing grades since 2016.UnknownP EducationCCUS
47404/05/2018?City of TulsaThe City of Tulsa confirms that computer hackers broke into several City controlled accounts but says it appears there have been no effects on city systems.UnknownO Public administration and defence, compulsory social securityCCUS
47504/05/2018?Northwest UniversityThe email account of the Northwest University’s CFO is hacked. As a consequence $60,000 are stolen.Account HijackingP EducationCCUS
47604/05/2018?Banco InterShares in Banco Inter fall as much as 11 percent after reports that a hacking attack had obtained sensitive data pertaining to clients. Banco Inter reveals it was “the victim of attempted extortion.”UnknownK Financial and insurance activitiesCCBR
47705/05/2018?Vulnerable Drupal ServersResearcher Troy Mursch discovers another campaign aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602). In this campaign more than 350 servers are compromised to inject cryptominers.VulnerabilityY Multiple IndustriesCC>1
47805/05/2018?Mason Law OfficeMason Law Office discovers evidence of unauthorized access to their mycase.com instance by an unknown individual or group of individuals. Client data is potentially accessed.UnknownM Professional scientific and technical activitiesCCUS
47906/05/2018?Canon Security Cameras“I’m Hacked. bye2”— That’s the message left behind on most of the 60 hacked Canon security cameras in Japan with many more hacked in the previous weeks.UnknownY Multiple IndustriesCCJP
48006/05/2018?Android and Windows UsersResearchers from Trend Micro identify a new spyware distributed via adult games. Dubbed as Maikspy spyware (from a famous adult film actress). The main target of this malicious new campaign are Android and Windows users, and the primary objective is to steal sensitive personal data. The malware is dubbed AndroidOS_MaikSpy.HRX.MalwareX IndividualCC>1
48107/05/2018?SSH Decorator (Python Module) usersSSH Decorator, a Python module, is compromised by unknown attacker who inject a backdoor.MalwareX IndividualCC>1
48207/05/2018?Roseburg Public SchoolsA ransomware attack targets Roseburg Public Schools, blocking access to the district’s email, website and software.MalwareP EducationCCUS
48307/05/2018AkincilarHonda GreeceTurkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.DefacementC ManufacturingCWGR
48408/05/2018?Marketing/Advertising/Public Relations and Retail/Manufacturing industriesProofpoint observes a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers.MalwareY Multiple IndustriesCC>1
48508/05/2018?Sheffield Credit UnionSheffield Credit Union is the victim of a Cyber attack, which is believed to have taken place on 14 February 2018 but only recently comes to light after a blackmailing attempt by the attackers. The personal data of about 15,000 members is compromised.UnknownK Financial and insurance activitiesCCUK
48608/05/2018SilverTerrierMultiple Targets Around the WorldResearchers from Palo Alto Networks reveal the details of a ring of Nigerian criminals dubbed SilverTerrier, conducting hacking campaigns against targets around the world. The researchers have attributed 181,000 attacks, using 15 families of malware, to the group in the last year, with expected losses estimated more than $3B.MalwareY Multiple IndustriesCC>1
48708/05/2018?City of GoodyearThe City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers.PoS MalwareO Public administration and defence, compulsory social securityCCUS
48809/05/2018?Several financial targets in the USResearchers from F5 reveal a new campaign carried on via the infamous Panda malware targeting US financials targets.MalwareK Financial and insurance activitiesCCUS
48909/05/2018?The SunThe Sun calls in the UK's cybersecurity authorities after detecting Russian hackers trying to access the tabloid newspaper's internal computer systems.Targeted AttackJ Information and communicationCEUK
49009/05/2018?Morinaga Milk Industry Co.After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked.UnknownI Accommodation and food service activitiesCCJP
49109/05/2018?The Oregon ClinicThe Oregon Clinic announces that a data security incident may have affected protected health information (PHI) after an unauthorized third party accessed an internal email account.Account HijackingQ Human health and social work activitiesCCUS
49210/05/2018AnonymousOfficial website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo)The Anonymous deface several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country especially the recent ban on Telegram.DefacementO Public administration and defence, compulsory social securityHRU
49310/05/2018?Multiple TargetsResearchers from Radware reveal the details of Nigelthorn, a crypto-mining malware abusing Chrome extensions, and using Facebook to spread. The analysis reveals that the group has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries.MalwareY Multiple IndustriesCC>1
49410/05/2018?Vulnerable Dasan GPON routersResearchers from Qihoo 360 Netlab reveal that at least five IoT botnets are targeting Dasan GPON routers, exploiting the two recently discovered vulnerabilities CVE-2018-10561 and CVE-2018-10562. The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori.VulnerabilityY Multiple IndustriesCC>1
49510/05/2018?Wasaga BeachWasaga Beach pays the ransom to hackers who took over its computer system earlier this month.MalwareO Public administration and defence, compulsory social securityCCCA
49610/05/2018?Malley’s ChocolatesMalley’s Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.UnknownI Accommodation and food service activitiesCCUS
49711/05/2018?Android UsersResearchers from Symantec discover a new wave of 45 malicious on the Android store known under the definition of Android.Reputation.1. Of these apps, 7 are rebranded versions of previously removed apps, whereas 38 are completely new,MalwareX IndividualCC>1
49811/05/2018?Chili's RestaurantChili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.PoS MalwareI Accommodation and food service activitiesCCUS
49911/05/2018?Ubuntu UsersA user has spots a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store. The app's name is 2048buntu, a clone of the popular 2024 game.MalwareX IndividualCC>1
50011/05/2018?DSBThe Danish state rail operator DSB is hit by a massive DDoS attack, paralyzing some operations, including ticketing systems and the communication infrastructure.DDoSH Transportation and storageCCDK
50111/05/2018?Bemus Point School DistrictBemus Point School District Superintendent reveals that some students in the district might have been compromised amid the breach of Maia Learning by a competitor.UnknownP EducationCCUS
50212/05/2018?Capitol AdministratorsCapitol Administrators notifies individuals of a phishing attack.Account HijackingN Administrative and support service activitiesCCUS
50312/05/2018?Five Mexican Banks including No. 2 BanorteThieves siphon 300 million pesos ($15.4 million) out of five Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money.Account HijackingK Financial and insurance activitiesCCMX
50413/05/2018
50514/05/2018Hackers linked to the Turkish GovernmentTurkish Dissident and ProtestersAccording to a new report by digital rights organization Access Now, hackers, apparently working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters by spreading the infamous FinFisher spyware on Twitter.MalwareX IndividualCCTR
50614/05/2018?Family Planning NSWFamily Planning NSW tells customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack. Around 8,000 users might be affected.MalwareQ Human health and social work activitiesCCAU
50715/05/2018Stealth MangoGovernment officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab EmiratesResearchers from Lookout discover a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. The campaign is called Stealth Mango, and has been used to collect over 30 gigabytes of compromised data on attacker infrastructureMalwareO Public administration and defence, compulsory social securityCE>1
50810/05/2018?NuanceSpeech recognition software firm Nuance announces the breach of thousands of patient records after a former employee breached its servers and accessed the personal information of 45,000 individuals from several contracted clients between November 20 and December 9 of 2017.Account HijackingM Professional scientific and technical activitiesCCUS
50911/05/2018?Multiple UsersResearchers from Qihoo 360 discover a miner campaign hidden behind a potentially unwanted program dubbed One System Care.MalwareY Multiple IndustriesCC>1
51011/05/2018Satori BotnetExposed Ethereum Mining RigsThe operators of the Satori botnet are mass-scanning the Internet for exposed Ethereum mining rigs, according to three sources in the infosec community who've observed the malicious behavior —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.Brute-ForceV FintechCC>1
51115/05/2018?Multiple UsersResearchers from Qihoo 360 discover a particular miner dubbed IdleBuddyMiner, which asks nicely for permission to mine via a popup.MalwareY Multiple IndustriesCC>1
51216/05/2018?SecurusA hacker provides Motherboard with 2,800 login details for Securus, a company that buys phone location data from major telecom companies and then sells it to law enforcement. The company confirms the breach few days later.UnknownX IndividualCCUS
51316/05/2018?Windows UsersResearchers from Qihoo 360 discover a massive malware campaign spreading a new coinminer, which appears to have made roughly 500,000 victims in three days alone. The miner is called WinstarNssmMiner.MalwareX IndividualCC>1
51416/05/2018?Ethereum WalletsResearchers from RiskIQ unveil the details of MEWKit, a sophisticated phishing campaign aimed at stealing credentials of Ethereum wallets, and in the same time, perform and automated transfer with the stolen details.Account HijackingX IndividualCC>1
51516/05/2018?ZooPark APT GroupA vigilante hacker claims to have hacked the alleged Iran-linked group behind the ZooPark campaign discovered by Kaspersky earlier this month, and dumps the files purportedly stolen from a server controlled by the attackers.UnknownO Public administration and defence, compulsory social securityCCIR
51616/05/2018?LifeBridge Health and LifeBridge Potomac ProfessionalsLifeBridge Health and LifeBridge Potomac Professionals notify patients about a malware incident occurred back in March 18, 2018. The number of affected patients could be 500,000.MalwareQ Human health and social work activitiesCCUS
51716/05/2018?Wordpress WebsitesA report from security firm Wordfence reveals that hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin.Account HijackingY Multiple IndustriesCC>1
51816/05/2018Racoon HackerRussian-speaking Telegram usersResearchers from Cisco Talos reveal the details of TeleGrab, a malware harvesting cache and key files from Telegram.MalwareX IndividualCCRU
51916/05/2018?Android UsersResearchers from security company Avast discover 26 apps on the Google Play Store that include adware forcing ads on compromised systems.MalwareX IndividualCC>1
52017/05/2018?blackphoenixalchemylab.comblackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16.MalwareR Arts entertainment and recreationCCUS
52117/05/2018?Corporation Service Company (CSC)Hackers steal the personally identifiable information of 5,678 customers of the Corporation Service Company (CSC), according to a notice the company sent to the California attorney general's office.UnknownN Administrative and support service activitiesCCUS
52217/05/2018?Fortnite PlayersResearchers at Zscaler’s ThreatLabZ discover malicious apps on Google Play, in disguise of a mobile version of the popular game Fortnite.MalwareX IndividualCC>1
52317/05/2018?Vulnerable IoT devicesResearchers from Fortinet discover a new variant of the Mirai botnet dubbed ‘Wicked Mirai’MalwareY Multiple IndustriesCC>1
52417/05/2018?Independent Like the North State Group ForumAn online forum designated for California’s First Congressional District debate was hacked by unknown hackers, who take over the live stream to broadcast gay pornography.UnknownS Other service activitiesCCUS
52518/05/2018Sun TeamNorth Korean defectors and journalistsResearchers from McAfee discover RedDawn, a new campaign on Google Play targeting North Korean defectors and journalists.Targeted AttackX IndividualCEKR
52618/05/2018?DrayTek routersDrayTek, a Taiwan-based manufacturer of broadband CPE devices, announces that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.VulnerabilityX IndividualCC>1
52718/05/2018?University of BuffaloUniversity of Buffalo confirms to be investigating and responding to a breach of 2,690 UBITName accounts.Account HijackingP EducationCCUS
52818/05/2018?TidalJay-Z’s Tidal streaming platform announces to have enlisted an “independent, third party cyber-security firm” to investigate a possible data breach, after reports of inflated subscriber and streaming numbers.UnknownR Arts entertainment and recreationCCUS
52918/05/2018?Mobile UsersResearchers from Kaspersky reveal a new campaign carried on using the Roaming Mantis mobile trojan, targeting Europe and Middle East, and adding new features, like a phishing option for iOS devices, and crypto-mining capabilities for the PC.MalwareX IndividualCC>1
53018/05/2018?Shona McGartyActress Shona McGarty, who plays Whitney Carter in EastEnders, is the latest celebrity to have intimate pictures leaked on the internet. Apparently her photos were stolen from the iCloud account.Account HijackingX IndividualCCUK
53118/05/2018?Bitcoin GoldAn unidentified hacker performs several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and manages to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process.51% attackV FintechCCN/A
53219/05/2018Two unidentified studentsBloomfield Hills High SchoolTwo students from Bloomfield Hills High School are the main suspects of a recent hack discovered at the school. The two broke into the school's MISTAR Student Information System portal where they changed grades, attendance records, and attempted to refund lunch purchases.VulnerabilityP EducationCCUS
53320/05/2018?200 million JapaneseA hacker suspected to be operating out of China has put on sale the data of around 200 million Japanese users on an underground cybercrime forum, according to a FireEye iSIGHT Intelligence report. The data appears to have been assembled by hacking up to 50 smaller Japanese sites.UnknownY Multiple IndustriesCCJP
53420/05/2018?Allied PhysiciansAllied Physicians reports it was hit with a SamSam ransomware attack earlier this month (May 17).MalwareQ Human health and social work activitiesCCUS
53520/05/2018?Manuel Delia's BlogManuel Delia's blog (a Maltese journalist and blogger) is the target of a DDoS attack. Apparently the attack comes from Ukraine.DDoSJ Information and communicationCCMT
53621/05/2018?Gigabit Passive Optical Network (GPON) routersSecurity researchers from Qihoo 360 Netlab discover that the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers.MalwareY Multiple IndustriesCC>1
53721/05/2018?Gigabit Passive Optical Network (GPON) routersTrend Micro researchers detect a new attack mimicking the Mirai botnet modus operandi, originating from Mexico and targeting Gigabit Passive Optical Network (GPON)-based home routers via two vulnerabilities (CVE-2018-10561 and CVE-2018-10562).VulnerabilityY Multiple IndustriesCC>1
53821/05/2018?Twitter account of Charlie LeeThe Twitter account of Charlie Lee, the creator of Litecoin is hacked.Account HijackingX IndividualCCUS
53921/05/2018?BombasBombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015.MalwareG Wholesale and retail tradeCCUS
54022/05/2018?Verge CryptocurrencyA hacker finds a way around a previous patch in the Verge cryptocurrency source code and takes advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace. He is able to mine over 35 million XVG coins in just a few hours for a profit of $1.65 million.51% attackV FintechCCN/A
54122/05/2018?Mac UsersAccording to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems noticed the presence of a process named “mshelper” had been consuming a lot of CPU power and draining their batteries.MalwareX IndividualCC>1
54223/05/2018State sponsored attackers (Russia?)500,000 organizations worldwideResearchers from Cisco Talos unveil the details of VPNFilter, a massive campaign lasting since 2016 and carried on by nation-state hackers, infecting at least 500,000 victims in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP NAS devices. An update of June 6 reveals new capabilities, such as the possibility to perform MITM attacks, and other vulnerable devices (ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE).MalwareY Multiple IndustriesCE>1
54323/05/2018?University of VermontUniversity of Vermont officials say they have no reason to believe the personal information of 37,000 current and former faculty, staff and students fell into the wrong hands following an intrusion of the school’s computer systems.UnknownP EducationCCUS
54424/05/2018Trisis, AKA Xenotime, AKA HatManMultiple TargetsSecurity researchers from CyberX reveal that the threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems.Targeted AttackY Multiple IndustriesCE>1
54524/05/2018?Android UsersAvast reveals a list of 140 Android devices whose firmware is infected with a malware called Cosiloon.MalwareX IndividualCC>1
54624/05/2018?Screens at the Mashhad airport in IranHackers deface the screens at the Mashhad airport in Iran to protest against the Government and the military’s activities in the Middle East.DefacementH Transportation and storageHIR
54724/05/2018?Associates in Psychiatry and PsychologyAssociates in Psychiatry and Psychology notifies 6,546 patients and the U.S. Department of Health and Human Services (HHS) of a ransomware incident that occurred in March.MalwareQ Human health and social work activitiesCCUS
54825/05/2018?Oxnard CityOxnard city officials are contacted by a bank representative about fraudulent purchases being made with the cards people used to pay their utility billsAccount HijackingO Public administration and defence, compulsory social securityCCUS
54925/05/2018?American Family Life Assurance Company of Columbus (Aflac)American Family Life Assurance Company of Columbus (Aflac) issues a press release concerning the breach of independent contractor sales agents’ email accounts. The breach occurred between Jan. 17 and April 2 and has reportedly affected some clients’ personal information.UnknownK Financial and insurance activitiesCCUS
55025/05/2018?Aultman Health FoundationAbout 42,600 patients tied to AultWorks Occupational Medicine, Aultman Hospital, and some Aultman physician offices may have had personal health and identification information stolen in a data breach after unknown and unauthorized individuals gained access to certain email accounts in February and March.UnknownQ Human health and social work activitiesCCUS
55126/05/2018?Afghan diplomats in PakistanAfghan diplomats in Pakistan are warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.Targeted AttackO Public administration and defence, compulsory social securityCEAF
55226/05/2018?ArloArlo advises its customers to change their passwords after credential-stuffing attempts detected.Brute-ForceC ManufacturingCCUS
55327/05/2018?Goliath and GoliathComedy and entertainment agency Goliath and Goliath suffered a loss of more than 300,000 ZAR (22,000 USD worth) in what appears to be a phishing scam.Account HijackingR Arts entertainment and recreationCCZA
55428/05/2018?Bank of MontrealBank of Montreal, the country's fourth bank, announces to have been contacted by fraudsters claiming to have stolen personal and financial information of a limited number of the bank's customers. According to the bank, less than 50,000 c customers are affected by the incident.UnknownK Financial and insurance activitiesCCCA
55528/05/2018?Canadian Imperial Bank of Commerce (CIBC)Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial.UnknownK Financial and insurance activitiesCCCA
55628/05/2018?Taylor CryptocurrencyThe creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets.Account HijackingV FintechCCEE
55728/05/2018Cobalt AKA CarbanakSeveral Russian BanksGroup-IB reveals that, despite the alleged arrest of its leader, the Cobalt (AKA Carbanak) hacker group that's specialized in stealing money from banks and financial institutions is still active, even launching a new campaign.Targeted AttackK Financial and insurance activitiesCCUS
55828/05/2018?Harare Institute of TechnologyA database from the Harare Institute of Technology is leaked, containing 3,500 users.UnknownP EducationCCZW
55929/05/2018Hidden CobraMultiple TargetsThe FBI and Department of Homeland Security jointly release two technical alerts via the US-CERT, warning of two malware families dating back to at least 2009 that they say are tied to the suspected North Korea-sponsored APT group Hidden Cobra. The two malware families are the remote access tool (RAT) Joanap and the Server Message Block-based (SMB) worm Brambul.Targeted AttackY Multiple IndustriesCEUS
56029/05/2018?Brazilian IndividualsResearchers from IBM X-Force uncover a new Brazilian, Delphi-based banking malware, dubbed MnuBot. The malware uses Microsoft SQL Server as ITS command and control server.MalwareK Financial and insurance activitiesCCBR
56129/05/2018?EOS Blockchain nodesThreat Intelligence firm GreyNoise discovers that a mysterious attacker is scanning the Internet for EOS blockchain nodes that are accidentally exposing private keys through an API misconfiguration.Brute-ForceV FintechCCN/A
56230/05/2018IsHaKdZTicketflyThe Ticketfly website is defaced with an image of V from the film V for Vendetta. Unfortunately, after refusing to pay a 1 BTC ransom, Ticketfly reveals that the personal information of 27 million accounts, including ticket buyers and venue operators, was accessed by the attacker.VulnerabilityR Arts entertainment and recreationCCUS
56330/05/2018?Purdue University Pharmacy and the Family Health Clinic of Carroll CountyPatients of the Purdue University Pharmacy and the Family Health Clinic of Carroll County receive notices that their information might be compromised because of a security breach. A malicious file was installed on some computers on September 1st.MalwareQ Human health and social work activitiesCCUS
56431/05/2018North Korean APT actor Group123?South KoreansResearchers from Cisco Talos discover NavRAT, a remote access trojan that apparently went undiscovered for at least two years, targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure. The tool leverages the email platform from South Korea-based Naver Corporation to communicate with the attackers.Targeted AttackX IndividualCEKR
56531/05/2018Andariel GroupSouth KoreansLocal media in South Korea reveal that a North Korean cyber-espionage group has exploited at least nine ActiveX zero-day vulnerabilities, including a new 0-day, to infect South Korean targets with malware or steal data from compromised systems.Targeted AttackO Public administration and defence, compulsory social securityCEKR
56631/05/2018?Sooke School DistrictThe Sooke School District warns parents about a privacy invasion after an employee’s email was hacked.Account HijackingP EducationCCUS
56701/06/2018?Buffalo Wild WingsA hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the “secret recipe” for the company’s wings.Account HijackingI Accommodation and food service activitiesCCUS
56801/06/2018?Several Rhode Island State AgenciesRhode Island officials say several state agencies are targeted by malware. The list of victims include: the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare.MalwareO Public administration and defence, compulsory social securityCCUS
56902/06/2018?Several Australian citizensSeveral Australian citizens are the victims of a tech support scam, through which the attackers are able to take over their webcams and upload videos to YouTube.Account HijackingX IndividualCCAU
57002/06/2018Todd Davis aka LifelockHolland Eye Surgery & Laser CenterHolland Eye Surgery & Laser Center notifies 42,200 patients about a hack occurred in 2016.UnknownQ Human health and social work activitiesCCUS
57102/06/2018?Shiawassee CountyThe Shiawassee County financial administrator resigns after being caught in a phishing scam and mistakenly wiring $50,000 to an overseas bank account.Account HijackingO Public administration and defence, compulsory social securityCCUS
57203/06/2018?ZenCashZenCash, an upcoming privacy coin, is the victim of a 51% attack.51% attackV FintechCCUS
57303/06/2018?Booking.com usersAccording to multiple reports, unknown cybercriminals launch a phishing campaign targeting Booking.com customers whose information was illegally obtained, possibly by breaching certain partner hotels.Account HijackingX IndividualCC>1
57404/06/2018?MyHeritageMyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.UnknownQ Human health and social work activitiesCCUS
57504/06/2018?New York Giants defensive end Avery MossExplicit videos and pictures of New York Giants defensive end Avery Moss are posted on his Twitter timeline after his account is hacked.Account HijackingX IndividualCCUS
57604/06/2018?Morinaga Milk Industry Co.Morinaga Milk Industry Co. says that personal data on up to 92,822 customers may have been stolen as its health food shopping website was hacked. Credit card information belonging to up to 29,773 of the affected customers was leaked and that around 300 cases of illicit use of the information, involving some ¥20 million ($180,000), have been confirmed so far.UnknownI Accommodation and food service activitiesCCJP
57705/06/2018?Undisclosed Japanese Syndicate WalletShopin, a universal shopper profile using blockchain and Artificial Intelligence, releases an official statement indicating that a significant token distributor was hacked on June 1st, resulting in a loss of more than $10 million USD of a variety of tokens, including Ethereum, Level Up, Orbs, and Shopin Tokens.Account HijackingV FintechCCJP
57805/06/2018?WordPress SitesSecurity researchers from Wordfence reveal the details of BabaYaga, a malware targeting WordPress sites characterized by sophisticated self-preserving mechanisms.MalwareY Multiple IndustriesCC>1
57906/06/2018?PageUpAustralia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.MalwareS Other service activitiesCCAU
58006/06/2018?Multiple TargetsResearchers from the GuardiCore security team reveal the details of Operation Prowli, a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, used for cryptocurrency mining, and for redirecting users to malicious sites.>1Y Multiple IndustriesCC>1
58106/06/2018SofacyGovernment organizations dealing with foreign affairResearchers from Palo Alto Networks Unit 42 reveal the details of Zebrocy, a new campaign carried on by the Sofacy group via phishing attacks that contain malicious Microsoft Office documents with macros as well as simple executable file attachments.Targeted AttackO Public administration and defence, compulsory social securityCE>1
58206/06/2018?Litecoin CashLitecoin Cash is the latest crypto currency to suffer a 51% attack.51% attackV FintechCCN/A
58306/06/2018?Brazilian users of online banking services.Researchers from Kaspersky Lab discover a malicious Chrome Extension available in the Chrome Web Store, targeting Brazilian users of online banking services.MalwareK Financial and insurance activitiesCCBR
58407/06/2018?High-profile targets in Russia and UkraineResearchers from ESET reveal the details of Invisimole, a campaign active since 2013 targeting entities in Russia and Ukraine.Targeted AttackY Multiple IndustriesCERU UA
58507/06/2018?Targets in Middle EastResearchers from ICEBRG and 360 Core Security reveal a wave of attacks leveraging the unpatched CVE-2018-5002 Adobe vulnerability.VulnerabilityY Multiple IndustriesCC>1
58607/06/2018?Russian service centers offering maintenance and support for various electronic goods.Security researchers from Fortinet spot a series of attacks targeting Russian service centers offering maintenance and support for various electronic goods.VulnerabilityN Administrative and support service activitiesCCRU
58707/06/2018?City of WellingtonWellington officials reveal to have been recently notified by Superion, their software vendor, about potential unauthorized charges on credit cards used by customers to pay their utility bills.VulnerabilityX IndividualCCUS
58807/06/2018?RISE WisconsinRISE Wisconsin formerly Community Partnerships and Center for Families) notifies its participants of a ransomware attack occurred on April 8, 2018.MalwareQ Human health and social work activitiesCCUS
58908/06/2018Alleged State-sponsored Chinese hackersUS Navy ContractorChinese government hackers have compromised the computers of a Navy contractor, stealing 600+ Gb of highly sensitive data related to undersea warfare, including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The attack occurred in January and February.Targeted AttackO Public administration and defence, compulsory social securityCEUS
59008/06/2018?Elmcroft Senior LivingThe personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May.Account HijackingQ Human health and social work activitiesCCUS
59108/06/2018?Terros HealthTerros Health warns that 1,600 patient records were exposed in a data breach earlier this spring. The breach, due to a phishing attack, was discovered on April 12 and happened November 16, 2017.Account HijackingQ Human health and social work activitiesCCUS
59208/06/2018?Multiple TargetsResearchers from Barkly reveal a malicious spam campaign distributing .IQY files, simple text files that open by default in Excel and are used to download data from the Internet. These files are highly evasive for AVs.MalwareX IndividualCC>1
59308/06/2018?Undisclosed Italian CompaniesResearchers from Yoroi reveal the details of DMOSK, a malware targeting specifically Italian firms.MalwareY Multiple IndustriesCCIT
59409/06/2018
59510/06/2018
59611/06/2018?Bank of ChileShares in the Bank of Chile are down after it confirms hackers siphon off $10 million of its funds, mainly to Hong Kong. However the bank says no client accounts have been impacted. Apparently a wiper malware was used to conceal the real purpose of the attack.Fraudulent SWIFT TransactionsK Financial and insurance activitiesCCCL
59711/06/2018?CoinrailCoinrail, a South Korean cryptocurrency exchange, says that its systems have been hacked. It is believed that hackers stole about 40 billion won (US$37.2 million) worth of cryptocurrency from Coinrail, including 21 billion won worth of Pundi X and 14.9 billion won worth of Aston.UnknownV FintechCCKR
59811/06/2018Lazarus GroupSouth Korean Think TankNorth Korea-linked Lazarus APT Group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security.Targeted AttackO Public administration and defence, compulsory social securityCEKR
59912/06/2018?Misconfigured Ethereum Mining Rigs and applicationsAccording to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications.Misconfigured Ethereum RigsV FintechCC>1
60012/06/2018One or more people in Russia?ClarifaiA lawsuit filed by a former employee alleges that AI startup Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military. The lawsuit says Clarifai learned of the breach last November, but did not promptly report it to the Pentagon.Targeted AttackM Professional scientific and technical activitiesCEUS
60112/06/2018?Mexican National Action Party (PAN)The website of the Mexican National Action Party is hit by a cyber attack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.DDoSS Other service activitiesCCMX
60212/06/2018?Single IndividualsResearchers from Fortinet discover PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread.MalwareX IndividualCC>1
60312/06/2018?Multiple TargetsResearchers from Kromtech reveal that over a dozen malicious docker images have been available on Docker Hub for 30 days, allowing hackers to earn $90,000 in cryptojacking profits.MalwareX IndividualCC>1
60412/06/2018?Massachusetts Clean Energy CenterAn audit reveals that a scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year.Account HijackingO Public administration and defence, compulsory social securityCCUS
60512/06/2018?National Network and Electronic Services Agency (NASES) Slovak Hydro-meteorological Institute (SHMÚ) slovensko.skSeveral Slovakian websites are hit by a wave of DDoS attacks.DDoSO Public administration and defence, compulsory social securityCCSK
60613/06/2018?Dixons CarphoneDixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. The breach began in July last year and 105,000 cards without chip-and-pin protection have been leaked.UnknownG Wholesale and retail tradeCCUK
60713/06/2018LuckyMouse AKA EmissaryPanda AKA APT27MongoliaResearchers from Kaspersky reveal that the Chinese hacking group LuckyMouse broke into a national data center in Mongolia late last year and planted the HyperBro malware into government websites.Targeted AttackO Public administration and defence, compulsory social securityCEMN
60813/06/2018?SyscoinMalicious actors replace the legitimate Windows installer for Syscoin's cryptocurrency with a version containing malware, which was available on the company's Github page for several days.MalwareV FintechCCCA
60913/06/2018?Single IndividualsResearchers from Qihoo 360 Total Security reveal the details of ClipboardWalletHijacker, a malware campaign infecting over 300,000 computers. The malware's purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware's authors.MalwareX IndividualCC>1
61013/06/2018?AcFunAccording to a statement by the company, millions of user accounts of the Chinese video sharing platform AcFun are hacked. According to the same statement, the accessed data includes the user IDs, nicknames and passwords of nearly 10 million users. The company urges them to change their password.UnknownR Arts entertainment and recreationCCCN
61114/06/2018Hidden CobraMultiple TargetsThe US Department of Home Security issues a new warning over a new type of malware coming from the Hidden Cobra group. The new variant is known as “TYPEFRAME".Targeted AttackY Multiple IndustriesCEUS
61214/06/2018?HealthEquityAbout 23,000 accounts are compromised by a data breach that took place at HealthEquity in April when an employee fell for a phishing scam.Account HijackingQ Human health and social work activitiesCCUS
61314/06/2018?Multiple TargetsResearchers from Trend Micro reveal another version of the MuddyWater campaign using a Powershell-based PRB-Backdoor. The malware is dubbed W2KM_DLOADR.UHAOEEN.Targeted AttackO Public administration and defence, compulsory social securityCE>1
61414/06/2018?Android usersResearchers from ThreatFabric discover a new malware strain still under development, dubbed MysteryBot, which blends the features of a banking trojan, keylogger, and mobile ransomware.MalwareX IndividualCC>1
61514/06/2018?Med AssociatesMed Associates, notifies of a security incident that may have compromised its patients protected information.MalwareQ Human health and social work activitiesCCUS
61615/06/2018?Vulnerable IoT devicesResearchers from Qihoo 360 Total Security discover a spike in traffic, coming from the infamous Satori botnet, and directed to port TCP 8000, attempting to exploit CVE-2018-10088.VulnerabilityY Multiple IndustriesCC>1
61715/06/2018?Multiple Targets in SingaporeResearchers at F5 Labs and Loryka observe a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un.>1Y Multiple IndustriesCW>1
61806/06/2018?Danielle LloydDanielle Lloyd, English model and former Miss England and Miss Great Britain, has her iCloud account hacked, with attackers stealing intimate images that were eventually posted online.Account HijackingX IndividualCCUK
61913/06/2018?Black River Medical CenterBlack River Medical Center in Missouri notifies an unspecified number of patients potentially affected by a phishing incident discovered on April 23.Account HijackingQ Human health and social work activitiesCCUS
62016/06/2018?Liberty LifeLiberty Life's IT system are attacked by unknown hackers, who reportedly obtain sensitive data about some of the insurer's top clients and ask for a ransom.UnknownK Financial and insurance activitiesCCZA
62117/06/2018?Andy Android Emulator usersA GPU Miner Trojan is installed along with the popular Andy Android emulator.MalwareX IndividualCCUS
62218/06/2018?CarepartnersCarePartners' computer system is breached and as a result patient and employee information including personal health and financial information, are inappropriately accessed.UnknownQ Human health and social work activitiesCCCA
62319/06/2018ThripSatellite operators, defense contractors and telecommunications companies in the United States and southeast AsiaResearchers from Symantec reveal the details of Thrip, a sophisticated hacking campaign launched from computers in China targeting satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, active from 2013.Targeted AttackY Multiple IndustriesCE>1
62418/06/2018?Flightradar24Users of the popular flight-tracking site flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).UnknownS Other service activitiesCCSE
62519/06/2018?Individuals in the USResearchers at Bitdefender discover Zacinlo, a newly uncovered form of stealthy and persistent malware distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines' desktops. The vast majority of Zacinlo victims are in the US, with 90 percent of those infected running Microsoft Windows 10.MalwareX IndividualCCUS
62619/06/2018?Med AssociatesMed Associates notifies its patients that the facility suffered a data breach on March 22, when unusual activity was detected, potentially exposing PII, including medical diagnosis and payment card information of about 270,000 patients.UnknownQ Human health and social work activitiesCCUS
62719/06/2018?Financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.Researchers from Kaspersky Lab reveal to have detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.MalwareY Multiple IndustriesCC>1
62819/06/2018?Android UsersMalware researchers from ESET discover a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.MalwareX IndividualCC>1
62920/06/2018?Fortnite playersMalwarebytes reveal the details of a campaign carried on via a fake installer for the famous video game Fortnite.MalwareX IndividualCC>1
63020/06/2018?BithumbSouth Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by hackers.UnknownV FintechCCKR
63120/06/2018?Multiple TargetsResearchers from Deep Instinct reveal the details of Mylobot, a complex botnet that uses a never before seen combination of evasion techniques,MalwareY Multiple IndustriesCC>1
63220/06/2018?Unknown target (probably an embassy)Researchers from AlienVault uncover a new Afghanistan-based attack disguised as a recent article from a Middle Eastern news, leveraging a Metasploit backdoor.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
63320/06/2018?Road Sign close to ICE (U.S. Immigration and Customs Enforcement)Someone hacks a road sign close to the ICE headquarter in Portland and defaces it with the “Abolish ICE” message.UnknownO Public administration and defence, compulsory social securityHUS
63421/06/2018?Android UsersRiskIQ reveals the details of a new malicious Android app that has infected at least 60,000 devices, gaining the ability to extract some important information from each device along with installing some ad click malware.MalwareX IndividualCC>1
63521/06/2018?Vulnerable Drupal serversResearchers from Trend Micro observe a series of network attacks exploiting the Drupal vulnerability CVE-2018-7602 to turn affected systems into Monero-mining bots.VulnerabilityY Multiple IndustriesCC>1
63621/06/2018?Magento sitesResearchers at Sucuri discover a very simple evasion technique to infect again Magento websites after their malicious code has been removed.MalwareY Multiple IndustriesCC>1
63721/06/2018?HumanaHealth insurer Humana notifies an unspecified number of health plan members after detecting and blocking a credential stuffing attack against Humana.com and Go365.com. The attacks took place on June 3 and June 4 from overseas IP addresses.Credential StuffingQ Human health and social work activitiesCCUS
63822/06/2018?Indian BusinessmanThe email of a city-based businessman is hacked and INR12.5 lakh (USD 18,230) stolen and transferred to two bank accounts in China.Account HijackingX IndividualCCIN
63922/06/2018?PDQPDQ, a fast-casual dining restaurant warns customers about a cyber attack on its computer systems in which hackers were able to access or acquire personal information from the chain’s customers who paid with credit cards. The breach lasted nearly a year, from May 19, 2017 to April 20, 2018.Remote accessI Accommodation and food service activitiesCCUS
64022/06/2018?Entities in South East AsiaSecurity researchers at Palo Alto Networks uncover a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia, using two previously unknown strains of malware dubbed DDKONG and PLAINTEE.Targeted AttackY Multiple IndustriesCE>1
64122/06/2018?cryptocurrency exchangesSecurity researchers at AlienVault uncover a series of cyber attacks on cryptocurrency exchanges, carried on by the infamous Lazarus Group, and leveraging weaponized HWP documents (Hangul Word Processor documents). The researchers suspect the same actors are behind the attack to Bithumb,Targeted AttackV FintechCC>1
64222/06/2018Tick APTSouth Korean defense companyResearchers from Palo Alto Networks uncover a new operation conducted by the cyber espionage group known as Tick APT. The campaign targets a secure USB drive built by a South Korean defense company.Targeted AttackO Public administration and defence, compulsory social securityCEKR
64323/06/2018
64424/06/2018?Midwest CityMidwest City, Oklahoma, reports that about 2,300 customers are potentially affected by a breach involving Superion's software Click2Gov.VulnerabilityO Public administration and defence, compulsory social securityCCUS
64525/06/2018
64626/06/2018?FastBookingThe personal details and payment card data of guests from hundreds of hotels, are stolen by an unknown attacker from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries. The breach occurred on June 14.VulnerabilityJ Information and communicationCCFR
64726/06/2018?Single IndividualsSecurity researchers at Kaspersky discover an adware written in Python targeting Windows-based computers. The adware is dubbed PBot (PythonBot) and is also able to install cryptocurrency miner and ad extensions in the browser.MalwareX IndividualCC>1
64827/06/2018?TicketmasterTicketing service Ticketmaster announces a data breach affecting roughly 5% of its entire customer base, resulting in the theft of customer data, Ticketmaster login information, and payment details. The breach didn't occur at Ticketmaster itself, but at Inbenta, a provider of AI-powered live chat widgets, which Ticketmaster was deploying on some of its localized sites across the world.UnknownR Arts entertainment and recreationCCUS
64927/06/2018?Red Hen RestaurantResearchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattackSEO SpamI Accommodation and food service activitiesCCUS
65027/06/2018Apophis SquadProtonMailProtonMail is hit by a DDoS attackDDoSJ Information and communicationCCCH
65127/06/2018?Connecticut Higher Education Trust (CHET)Unauthorized individuals gain access to 21 accounts of the Connecticut Higher Education Trust (CHET) and make 44 withdrawals, for a total of $1,416,635, of which, $442,540 is recovered or stopped.Account HijackingP EducationCCUS
65227/06/2018?Z Energy LtdNew Zealand-based fuel supplier Z Energy Ltd says it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.UnknownS Other service activitiesCCNZ
65327/06/2018?Cyanweb SolutionsDigital marketing and web provider Cyanweb Solutions looses nearly all customer data and backups after a “criminal hacking incident” that compromises one of its servers.UnknownM Professional scientific and technical activitiesCCAU
65428/06/2018?AdidasAdidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords.UnknownG Wholesale and retail tradeCCUS
65528/06/2018?Official website of Ernakulam Siva TempleThe official website of Ernakulam Siva Temple is defaced with anti-national slogans and offensive language besides a Pakistan flag.DefacementS Other service activitiesHIN
65628/06/2018?GitHub account of the Gentoo Linux distributionAn unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' files remain safe.>1S Other service activitiesCCUS
65728/06/2018?Single IndividualsResearchers from FireEye discover for the first time one malware campaign using the innovative PROPagate technique to inject malware into legitimate processes.MalwareX IndividualCC>1
65828/06/2018?Multiple TargetsAfter observing attacks on customers, Cisco tells users to install the fix for CVE-2018-0296, a denial-of-service flaw, discovered on June 6, affecting a number of its security appliances.VulnerabilityY Multiple IndustriesCC>1
65928/06/2018?City of MidlandCity of Midland is the latest municipality being breached because of a vulnerability in the Superion’s Click2Gov application.VulnerabilityO Public administration and defence, compulsory social securityCCUS
66028/06/2018?Middletown school districtThe Middletown School District is hit by a ransomware.MalwareP EducationCCUS
66128/06/2018?South Eastern Regional College (SERC)Personal information of hundreds of staff at the South Eastern Regional College is compromised after detecting suspicious email activity as the consequence of a hack.Account HijackingP EducationCCIE
66229/06/2018?TypeformBarcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.UnknownS Other service activitiesCCES
66329/06/2018?Algonquin CollegeThe Algonquin College publishes a note indicating that the education community is still not sure how many current and former students and employees could be affected by a cyber attack that happened weeks earlier. However the note suggests that the impacted people could be thousands.UnknownP EducationCCCA
66430/06/2018?Single IndividualsResearchers from Bleeping Computers discover a new Clipboard Hijacker Malware able to monitor 2.3 Million bitcoin addresses.MalwareX IndividualCC>1
66530/06/2018?Single IndividualsSecurity researchers spot a new Mac malware family, dubbed OSX.Dummy, advertised on cryptocurrency-focused Slack and Discord channels.MalwareX IndividualCC>1
66630/06/2018?Notre Dame de Namur UniversityNotre Dame de Namur University notifies some financial aid applicants that their information may have been compromised when an employee fell prey to a phishing attack on April 23, 2018.Account HijackingP EducationCCUS

%d bloggers like this: