| 1 | 01/02/2018 | ? | Single Individuals | The FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam. | Account Hijacking | X Individual | CC | >1 |
| 2 | 01/02/2018 | Iron Tiger | Institutions in the government, technology, education and telecommunications sector in Asia and the US. | Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 3 | 01/02/2018 | ? | Google Chrome Users | Security researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub." | Malware | X Individual | CC | >1 |
| 4 | 01/02/2018 | ? | IoT Devices | Researchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-2017–17215). | Vulnerability | X Individual | CC | >1 |
| 5 | 01/02/2018 | ? | City of Pittsburg in Kansas | The City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 6 | 01/02/2018 | ? | HORNE LLP | HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails. | Account Hijacking | K Financial and insurance activities | CC | US |
| 7 | 01/02/2018 | ? | City of Batavia | The city of Batavia reports employees’ personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 8 | 01/02/2018 | ? | Kinetics Systems | Kinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised. | Account Hijacking | C Manufacturing | CC | US |
| 9 | 01/02/2018 | ? | Purchase Line School District | The Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee. | Account Hijacking | P Education | CC | US |
| 10 | 01/02/2018 | ? | Coastal Cape Fear Eye Associates | Coastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients. | Malware | Q Human health and social work activities | CC | US |
| 11 | 01/02/2018 | ? | Aperio | Aperio informs of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. | Account Hijacking | K Financial and insurance activities | CC | US |
| 12 | 02/02/2018 | ? | Redis and OrientDB servers | Researchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution. | Brute Force/Remote Code Execution Vulnerability | X Individual | CC | >1 |
| 13 | 02/02/2018 | ? | Mac Users | Researchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications. | Malware | X Individual | CC | >1 |
| 14 | 02/02/2018 | ? | Ron’s Pharmacy Services | Ron’s Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron’s Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017. | Account Hijacking | G Wholesale and retail trade | CC | US |
| 15 | 03/02/2018 | ? | Android Users | Researchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner. | Malware | X Individual | CC | >1 |
| 16 | 04/02/2018 | ? | Reddit Users | Security Researcher Alec Muffett discovers a clone of the popular social news aggregation and discussion site Reddit on the reddit.co domain. | Account Hijacking | X Individual | CC | >1 |
| 17 | 04/02/2018 | ? | City of Keokuk | The City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a “criminal phishing email.” | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 18 | 05/02/2018 | ? | Waldo County | A phishing attack compromised the information of 100 Waldo County employees | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 19 | 05/02/2018 | ? | City of Keokuk | The city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 20 | 05/02/2018 | ? | Partners HealthCare System | Partners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients’ information. | Malware | Q Human health and social work activities | CC | US |
| 21 | 05/02/2018 | ? | University of Northern Colorado | The private information of 12 University of Northern Colorado employees is compromised lafter an “unknown person or group” accessed their profiles on Ursa, UNC’s online portal. | Unknown | P Education | CC | US |
| 22 | 06/02/2018 | Hidden Cobra, aka Lazarus Group | Multiple Targets | The Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 23 | 06/02/2018 | AnonPlus | Italian Democratic Party (PD) | The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online. | Unknown | U Activities of extraterritorial organizations and bodies | H | IT |
| 24 | 06/02/2018 | AnonPlus | Province of Milan | The same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy. | SQLi | O Public administration and defence, compulsory social security | H | IT |
| 25 | 07/02/2018 | ? | Swisscom | Swisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers. | Account Hijacking | J Information and communication | CC | CH |
| 26 | 07/02/2018 | ? | The Sacramento Bee | The Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper. | Malware | J Information and communication | CC | US |
| 27 | 07/02/2018 | ? | Nova Poshta | Personal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web. | Unknown | S Other service activities | CC | UA |
| 28 | 07/02/2018 | ? | City of Enumclaw | The city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 29 | 07/02/2018 | ? | Twitter Users | Online scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways." | Fake Twitter Accounts | X Individual | CC | >1 |
| 30 | 07/02/2018 | ? | Targets in Middle East | Researchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 31 | 07/02/2018 | ? | Business Wire | Press release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week. | DDoS | J Information and communication | CC | US |
| 32 | 07/02/2018 | ? | Smith Dental | Smith Dental notifies of a ransomware attack affecting 1,500 patients. | M | Q Human health and social work activities | CC | US |
| 33 | 08/02/2018 | ? | Undisclosed Water Utility Company | Researchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency, | Malware | E Water supply, sewerage waste management, and remediation activities | CC | N/A |
| 34 | 08/02/2018 | ? | Decatur County General Hospital | Decatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware. | Malware | Q Human health and social work activities | CC | US |
| 35 | 08/02/2018 | ? | Single Individuals | Researchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware. | Malware | X Individual | CC | >1 |
| 36 | 08/02/2018 | ? | Mikaela Hoover | The Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim. | Account Hijacking | X Individual | CC | US |
| 37 | 08/02/2018 | ? | Multiple Targets | Researchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server. | PoS Malware | Y Multiple Industries | CC | >1 |
| 38 | 08/02/2018 | ? | Cisco ASA Users | Five days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability." | Cisco ASA Vulnerability | Y Multiple Industries | CC | >1 |
| 39 | 08/02/2018 | ? | Single Individuals | A new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script. | Malware | X Individual | CC | >1 |
| 40 | 09/02/2018 | ? | Single Individuals | A new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran. | Malware | X Individual | CC | >1 |
| 41 | 10/02/2018 | Vietnamese Hacker | Newtek Business Services Corp., | Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend. | DNS Hijacking | J Information and communication | CC | US |
| 42 | 10/02/2018 | ? | BitGrail | Italian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months. | Unknown | V Fintech | CC | IT |
| 43 | 11/02/2018 | ? | Pyeongchang Winter Olympics | Pyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems. | Targeted Attack | U Activities of extraterritorial organizations and bodies | CW | KR |
| 44 | 11/02/2018 | ? | 4,275 sites | 4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk. | Malicious Script | Y Multiple Industries | CC | >1 |
| 45 | 12/02/2018 | ? | Wordpress Websites | Two malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page. | Wordpress Malicious Plugins | X Individual | CC | >1 |
| 46 | 12/02/2018 | ? | Android Users | Malwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency. | Drive-By | X Individual | CC | >1 |
| 47 | 12/02/2018 | Hidden Cobra, aka Lazarus Group | Bitcoin users and global financial organizations. | Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations. | Targeted Attack | K Financial and insurance activities | CC | >1 |
| 48 | 12/02/2018 | ? | Single Individuals | A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. | Malware | X Individual | CC | >1 |
| 49 | 12/02/2018 | ? | Single Individuals | Researchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentine’s Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks. | Malware | X Individual | CC | >1 |
| 50 | 12/02/2018 | ? | Idaho Transportation Department (ITD) | A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 51 | 12/02/2018 | ? | Entergy | Entergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data. | Unknown | D Electricity gas steam and air conditioning supply | CC | US |
| 52 | 13/02/2018 | ? | Telegram Users | Researchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily). | Zero-Day Vulnerability in Telegram | X Individual | CC | >1 |
| 53 | 13/02/2018 | ? | Android Users | Researchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016. | Malware | X Individual | CC | >1 |
| 54 | 13/02/2018 | ? | Military personnel and businessmen, among others, in various South Asian countries | Valentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps. | Targeted Attack | X Individual | CE | >1 |
| 55 | 13/02/2018 | ? | Vulnerable Firewalls | Researchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-2015–7755 and CVE-2016–10401 to bypass respectively Juniper and Zyxel firewalls. | Malware | Y Multiple Industries | CC | >1 |
| 56 | 13/02/2018 | ? | Advertisement Screen in London | And the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner. | Malware | Z Unknown | CC | UK |
| 57 | 14/02/2018 | ? | Staybridge Suites Lexington Hotel | The Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware. | PoS Malware | R Arts entertainment and recreation | CC | US |
| 58 | 14/02/2018 | ? | Single Individuals | Researchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro. | Malware | X Individual | CC | >1 |
| 59 | 14/02/2018 | ? | Single Individuals | A Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder. | SEO Poisoning | X Individual | CC | >1 |
| 60 | 14/02/2018 | ? | Bitmessage users | Maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers. | Zero-Day Vulnerability in Bitmessage | X Individual | CC | >1 |
| 61 | 14/02/2018 | ? | Atos | Reports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics. | Targeted Attack | J Information and communication | CE | FR |
| 62 | 14/02/2018 | ? | Western Union | Western Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage | Unknown | K Financial and insurance activities | CC | US |
| 63 | 15/02/2018 | ? | Jenkins CI Servers | Researchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are able | Malware | Y Multiple Industries | CC | >1 |
| 64 | 15/02/2018 | ? | Retina-X Studios | A vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products. | Unknown | J Information and communication | CC | US |
| 65 | 15/02/2018 | GOLD LOWELL | Multiple Targets | Researchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks. | Malware | Y Multiple Industries | CC | US |
| 66 | 15/02/2018 | ? | Single Individuals | Researchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins. | Malware | X Individual | CC | >1 |
