1 | 01/03/2018 | ? | NIS America | Japanese gaming developer Nippon Ichi Software reveals that its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. The breach, due to malware implanted in the checkout page, took place sometime between 23 January and 26 February. | Malware | R Arts entertainment and recreation | CC | US |
2 | 01/03/2018 | ? | FS-ISAC | The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. | Account Hijacking | S Other service activities | CC | US |
3 | 01/03/2018 | ? | Hope Hicks | Hope Hicks tells the House Intelligence Committee that one of her email accounts was hacked, according to people who were present for her testimony in the panel's Russia probe. | Account Hijacking | X Individual | CE | US |
4 | 01/03/2018 | ? | ASI Constructors, Inc. | ASI Constructors, Inc. reveals to have suffered a phishing attack targeting employees' 2017 W-2 forms. The attack occurred on January 31, 2018. | Account Hijacking | C Manufacturing | CC | US |
5 | 01/03/2018 | ? | Greyhealth Group | Greyhealth Group reveals to have suffered a phishing attack compromising the personal information of 683 individuals. | Account Hijacking | Q Human health and social work activities | CC | US |
6 | 01/03/2018 | ? | Scottsboro City Board of Education | The Payroll Department of the Scottsboro City Board of Education falls victim of a phishing scam. The attackers requested W-2 information from all employees. | Account Hijacking | P Education | CC | US |
7 | 01/03/2018 | ? | Rockdale Independent School District | An email phishing scheme causes several Rockdale ISD employees' taxes to be falsely filed and compromises confidential tax information for all employees. | Account Hijacking | P Education | CC | US |
8 | 01/03/2018 | ? | b-tor[.]ru Users | Researchers from Palo Alto Networks discover a Russian BitTorrent Site distributing a Monero Miner. | Malware | X Individual | CC | RU |
9 | 01/03/2018 | ? | Colorado Department of Transportation (CDOT) | For the second time in two weeks, the computers at the Colorado Department of Transportation Agency shut down 2,000 computers after a ransomware infection. | Malware | O Public administration and defence, compulsory social security | CC | US |
10 | 01/03/2018 | ? | Primary Health Care | Primary Health Care notifies patients after discovering hack of employee email accounts. | Account Hijacking | Q Human health and social work activities | CC | US |
11 | 02/03/2018 | ? | Android Phone Buyers | Security Firm Dr.Web publishes a list of 42 Android phones sold already infected with the Triada banking trojan. | Malware | Y Multiple Industries | CC | >1 |
12 | 02/03/2018 | ? | 160 Applebee’s Restaurants | RMH Franchise Holdings reveals that PoS systems at the Applebee’s network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018. | PoS Malware | I Accommodation and food service activities | CC | US |
13 | 02/03/2018 | ? | Humanitarian Aid Groups | McAfee uncovers Operation Honeybee, a malicious document campaign targeting Humanitarian Aid Groups, using North Korean political topics as bait. | Targeted Attack | Y Multiple Industries | CE | >1 |
14 | 02/03/2018 | ? | St. Peter's Surgery & Endoscopy Center | St. Peter's Surgery & Endoscopy Center reveal that hackers potentially compromised medical records of about 135,000 patients earlier this year. | Malware | Q Human health and social work activities | CC | US |
15 | 04/03/2018 | | Peter Andre and wife Emily MacDonagh | The intimate photos of singer Peter Andre and wife Emily MacDonagh have reportedly been stolen and published online as part of a new episode from the Fappening saga. | Account Hijacking | X Individual | CC | UK |
16 | 05/03/2017 | ? | Unidentified US Service Provider | Few days after GitHub suffered a massive 1.3 Tbps DDoS attack, Arbor Networks unveil the details of a new record DDoS attack that clocked at 1.7 Tbps. The attack was aimed at a yet-to-be-identified "US service provider." | DDoS | J Information and communication | CC | US |
17 | 05/03/2017 | ? | Single Individuals | Researchers from Palo Alto Networks and Proofpoint discover a new malware, dubbed Combojack, that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards. | Malware | X Individual | CC | >1 |
18 | 05/03/2017 | ? | Single Individuals | A new report from Kaspersky Lab reveals that one cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware. | Malware | X Individual | CC | >1 |
19 | 05/03/2017 | ? | ABC Bus Companies, Inc. | An employee falls victim of a phising email and delivers to the attacker the personal information of ABC employees. | Account Hijacking | H Transportation and storage | CC | US |
20 | 06/03/2017 | ? | Single Individuals | Researchers from Cisco Talos reveal a surge of campaigns distributing the Gozi ISFB financial malware. | Malware | K Financial and insurance activities | CC | >1 |
21 | 06/03/2017 | ? | Flexible Benefit Service Corporation | Flexible Benefit Service Corporation notifies 5,123 of a phishing incident occurred on February 16. | Account Hijacking | K Financial and insurance activities | CC | US |
22 | 07/03/2018 | ? | Binance | A large scale phishing campaign causes a massive unauthorized cryptocurrency sell-off activity for the users of Binance, a Chinese cryptocurrency trader. | Account Hijacking | V Fintech | CC | CN |
23 | 07/03/2018 | ? | Individuals in Russia, Turkey and Ukraine | Microsoft says to have discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner. In total more than 400,000 instances were recorded: 73 percent, hitting Russians with Turkey,18 percent, and the Ukraine 4 percent being the other main targets. The attack was carried on via an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary. | Malware | X Individual | CC | >1 |
24 | 07/03/2018 | ? | Pinelands Regional School District | The Pinelands Regional School District is hit by the Emotet malware. | Malware | P Education | CC | US |
25 | 08/03/2018 | ? | Italian Ministry of Education | The Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses. | Unknown | O Public administration and defence, compulsory social security | H | IT |
26 | 08/03/2018 | Hidden Cobra | Several Financial Turkish Institutions | Researchers from McAfee reveal that the reputed state-sponsored North Korean hacking group Hidden Cobra has once again been fingered in a malware attack against financial organizations, this time apparently targeting Turkish institutions in a spear phishing campaign in early March, leveraging CVE-2018-4878. | Targeted Attack | K Financial and insurance activities | CE | TR |
27 | 08/03/2018 | ? | Misconfigured Redis servers, and Windows servers vulnerable to the EternalBlue NSA exploit. | Researchers from Imperva reveal a new unusually sophisticated cryptojacking attack attempting to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit. The Campaign is dubbed RedisWannaMine. | Malware | Y Multiple Industries | CC | >1 |
28 | 08/03/2018 | ? | Dutch women's handball team | According to local reports in the Netherlands, hackers manage to breach the surveillance camera system in a dressing room of a sauna hosting the women handball team, and post the recordings on adult websites last December. | Unknown | X Individual | CC | NL |
29 | 08/03/2018 | ? | Former Tennessee Gov. Phil Bredesen's Senate campaign | Former Tennessee Gov. Phil Bredesen's Senate campaign tells the FBI in a letter that it fears it was hacked. | Unknown | X Individual | CC | US |
30 | 09/03/2018 | Slingshot APT | Targets in the Middle East and Africa | Kaspersky Lab reveal the details of Slingshot, an extremely sophisticated cyber espionage campaign, leveraging malware to spy on international targets for six years. The APT group exploited zero-day vulnerabilities (CVE-2007-5633; CVE-2010-1592, CVE-2009-0824) in routers used by the Latvian network hardware provider Mikrotik. | Targeted Attack | Y Multiple Industries | CE | >1 |
31 | 09/03/2018 | Turkish Government | Turkish Nationals | Security researchers from Citizen Lab publish a report where they reveal how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency. | Malware | X Individual | CE | TR |
32 | 09/03/2018 | ? | 14 unnamed countries | ESET researchers reveal to have discovered a new version of the infamous Hacking Team surveillance tool, dubbed RCS (Remote Control System), active in 14 countries. | Malware | X Individual | CE | >1 |
33 | 09/03/2018 | ? | Multiple Industries | Researchers at Kroll Cyber Security reveal the details of a new family of point-of-sale malware, dubbed PinkKite, very tiny in size, potentially devastating for POS endpoints. | PoS Malware | Y Multiple Industries | CC | >1 |
34 | 09/03/2018 | APT15 | UK government contractor | Researchers at NCC Group reveal to have discovered multiple backdoors on a UK government contractor’s computer designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15. According to researchers, the attackers were able to deploy three backdoors – identified as RoyalCli, RoyalDNS and BS2005. The networks were compromised from May 2016 until late 2017 and infected over 30 contractor controlled hosts. | Targeted Attack | O Public administration and defence, compulsory social security | CE | UK |
35 | 09/03/2018 | APT28 AKA Fancy Bear AKA Sofacy | Far East Targets | Researchers at Kaspersky Lab reveal a new analysis on the infamous APT28 indicating that the group is shifting its interest to Far East Targets | Targeted Attack | Y Multiple Industries | CE | >1 |
36 | 09/03/2018 | ? | Single Individuals | Researchers from Proofpoint reveal the details of a remote access tool dubbed FlawedAmmyy, developed using the leaked source code of Ammyy Admin, a legitimate remote desktop software. | Malware | X Individual | CC | >1 |
37 | 09/03/2018 | ? | Unpatched Apache Solr Servers | Researchers from the ISC SANS discover a campaign targeting Apache Solr servers that hadn't received patches for the CVE-2017-12629 vulnerability. The campaign is aimed to install miners. | Malware | Y Multiple Industries | CC | >1 |
38 | 09/03/2018 | $2a$45 | Florida Virtual Learning School (FVLS) | Florida Virtual Learning School notifies 368,000 current and former students, after an individual with the moniker $2a$45 uploads information of 35,000 students on a forum. Leon County Schools is among the affected organizations. | Unknown | P Education | CC | US |
39 | 09/03/2018 | herbapproach@protonmail.com | JJ Meds | JJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand. | Unknown | G Wholesale and retail trade | CC | CA |
40 | 10/03/2018 | ? | National Rifle Association (NRA) | According to a report released by Netlab, three different National Rifle Association (NRA) websites experienced Distributed Denial of Service (DDoS) attacks. | DDoS | S Other service activities | CC | US |
41 | 10/03/2018 | ? | Mississippi Valley State University | Mississippi Valley State University’s campus was temporary without internet service this week after university officials said the school was hit by a SamSam ransomware attack. | Malware | P Education | CC | US |
42 | 12/03/2018 | MuddyWater AKA TEMP.Zagros | Targets in Turkey, Pakistan and Tajikistan | Researchers from Palo Alto Networks and FireEye reveal that the Iran-Linked MuddyWater campaign (AKA TEMP.Zagros) appears to be still active against targets in Turkey, Pakistan and Tajikistan. | Targeted Attack | Y Multiple Industries | CE | >1 |
43 | 12/03/2018 | ? | ATI Physical Therapy | ATI Physical Therapy notifies patients of a security incident that appears to have targeted employees’ email accounts. | Account Hijacking | Q Human health and social work activities | CC | US |
44 | 12/03/2018 | ? | Okaloosa Water and Sewer | Okaloosa Water and Sewer warns its users of a security breach involving external vendors which process electronic credit/debit card payments for water and sewer bills. | Unknown | E Water supply, sewerage waste management, and remediation activities | CC | US |
45 | 13/03/2018 | OceanLotus APT aka APT32 aka APT-C-00 | Targets in East Asian countries such as Vietnam, the Philippines, Laos and Cambodia | Researchers from ESET reveal that the suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files. | Targeted Attack | Y Multiple Industries | CE | >1 |
46 | 13/03/2018 | ? | Uyghurs | Researchers from Palo Alto Networks reveal the details of a new Android malware family dubbed “HenBox”, targeting the Uyghurs, a minority Turkic ethnic group living in China. | Malware | X Individual | CE | CN |
47 | 13/03/2018 | ? | Multiple Targets | Researchers from Imperva identify a new but unusually distributed Monero cryptominer scam campaign hidden in a picture of Scarlett Johansson. | Malware | Y Multiple Industries | CC | >1 |
48 | 13/03/2018 | ? | Single Individuals | Researchers from AVAST reveal the details of a campaign where Criminals hosted their cryptominers in forked projects on GitHub. | Malware | X Individual | CC | >1 |
49 | 13/03/2018 | ? | Port of Longview | The Port of Longview is hit by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors. | Unknown | H Transportation and storage | CC | US |
50 | 13/03/2018 | ? | Gwent Police | Gwent Police is being investigated after failing to inform up to 450 people that hackers may have accessed their confidential reports to the force. | Unknown | O Public administration and defence, compulsory social security | CC | UK |
51 | 14/03/2018 | ? | Fortnite | Several news reports surface of the suspected hacking of player accounts of popular video game Fortnite, with some gamers apparently faced with large credit card charges from fraudulent purchases. | Account Hijacking | R Arts entertainment and recreation | CC | US |
52 | 14/03/2018 | ? | Visitors of download.cnet.com | ESET researchers discover three trojanized applications (bitcoin stealing malware) hosted on download.cnet.com, the163th most visited site in the world according to Alexa rankings. The researchers estimate that as of March 13, the attacker managed to steal the equivalent of $80,000 USD. The malware had been hosted since May 2, 2016 and had been downloaded more than 4,500 times in total. | Malware | X Individual | CC | >1 |
53 | 14/03/2018 | ? | Android Users | Researchers from Check Point reveal the details of RottenSys, a massive botnet composed of 5 million Android smartphones, active primarily in China. | Malware | X Individual | CC | CN |
54 | 14/03/2018 | ? | Multiple Targets | Researchers from Forcepoint publish a detailed analysis of the Qrypter Remote Access Tool. The analysis reveals that 243 organizations worldwide have been hit by the RAT. | Malware | Y Multiple Industries | CC | >1 |
55 | 14/03/2018 | ? | Queensland Transport Department | ABC News reveals that overseas hackers breached the Queensland Transport Department's security network last year, before attempting to steal information from staff members from other sections of government. | Unknown | O Public administration and defence, compulsory social security | CE | AU |
56 | 15/03/2018 | Dragonfly | West's energy utilities and other critical infrastructures | The US Department of Homeland Security and the Federal Bureau of Investigation issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructures by individuals acting on behalf of the Russian government. The report points the finger at the Dragonfly group. | Targeted Attack | D Electricity gas steam and air conditioning supply | CC | >1 |
57 | 15/03/2018 | APT28 AKA Fancy Bear AKA Sofacy | Unnamed European Government | Researchers from Palo Alto Networks reveal a new campaign carried on by the infamous APT28 (AKA Fancy Bear AKA Sofacy) targeting an unnamed European Government, exploiting an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware. | Targeted Attack | O Public administration and defence, compulsory social security | CE | N/A |
58 | 15/03/2018 | ? | Meghan Markle | The Fappening saga continues with new photo leaks published online. The most recent victim is none other than Meghan Markle, the soon-to-be Mrs. Prince Harry. Some believe ISIS could be involved in the hack, even if no official claim is made. | Account Hijacking | X Individual | CC | UK |
59 | 15/03/2018 | ? | Single Individuals in South Korea | Researchers from Symantec reveal the details of a new version of the infamous FakeBank trojan distributed via malicious Android apps in South Korea. | Malware | K Financial and insurance activities | CC | KR |
60 | 15/03/2018 | ? | Unnamed Petrochemical Company in Saudi Arabia | The New York Times reveals that back in August, a petrochemical company with a plant in Saudi Arabia was hit by a cyberattack aimed to sabotage the firm’s operations and trigger an explosion. | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | SA |
61 | 15/03/2018 | ? | Single Individuals | Security researchers from Kaspersky reveal that the PoS Malware Prilex has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards. | PoS Malware | X Individual | CC | >1 |
62 | 15/03/2018 | ? | Nampa School District | The Nampa School District informed its employees of a potential security issue involving personally identifiable information of about 3,983 of its current and past employees. | Unknown | P Education | CC | US |
63 | 15/03/2018 | ? | Svitzer | The shipping company Svitzer suffers a significant data breach affecting almost half its Australian employees when three employees have had emails auto-forwarded in the past 11 months. | Account Hijacking | H Transportation and storage | CC | AU |