| 1 | 04/04/2018 | ? | Single Individuals | Researchers from Palo Alto Networks reveal the details of Rarog, a previously unseen cryptomining trojan. | Malware | X Individual | CC | >1 |
| 2 | 12/04/2018 | ? | IIS 6.0 Vulnerable servers | Researchers from F5 discover a massive campaign exploiting an old IIS 6.0 vulnerability (CVE-2017-7269) to mine Electroneum. | Vulnerability (CVE-2017-7269) | Y Multiple Industries | CC | >1 |
| 3 | 16/04/2018 | Russian state-sponsored actors (Grizzly Steppe) | Government and private-sector organizations, critical infrastructure providers, and the internet service providers (ISPs) | The UK NCSC (National Cyber Security Centre), FBI (Federal Bureau of Investigation) and DHS (Department of Homeland Security) issue a joint Technical Alert about malicious cyber activity carried out by the Russian Government. The attackers use compromised routers to conduct man-in-the-middle attacks. | Man-in-the-Middle using compromised devices | O Public administration and defence, compulsory social security | CE | >1 |
| 4 | 16/04/2018 | APT-C-32 | Middle Eastern Individuals | Researchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 5 | 16/04/2018 | mobile APT (mAPT) | Several targets | Researchers from Lookout reveal a new campaign using a modified version of the infamous ViperRAT hosted in Google Play. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 6 | 16/04/2018 | ? | TaskRabbit | TaskRabbit, a web-based service owned by IKEA that connects freelance handymen with clients in various local US markets, emails customers admitting it suffered a security breach. The company takes down its app and website while investigating the incident and later admits that some personal information might have been compromised. | Unknown | N Administrative and support service activities | CC | US |
| 7 | 16/04/2018 | ? | Android Users | Researchers from Kaspersky Lab reveal the detail of Roaming Mantis, an operation where malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware on clone apps of Google Chrome and Facebook. | DNS Hijacking | X Individual | CC | >1 |
| 8 | 16/04/2018 | ? | Multiple Targets | According to multiple sources, hackers have started to actively exploit the Drupalgeddon 2 Drupal CMS vulnerability CVE-2018-7600 to inject cryptominers. | Vulnerability (CVE-2018-7600) | Y Multiple Industries | CC | >1 |
| 9 | 16/04/2018 | ? | African Embassy in Dublin | Researchers from Lastline reveal that an African ambassador in Dublin was compromised by cyber criminals with hackers gaining access to entire nation’s digital data. | Targeted Attack | O Public administration and defence, compulsory social security | CE | N/A |
| 10 | 16/04/2018 | ? | Hong Kong Broadband Network | Hong Kong Broadband Network, the city’s second largest fixed-line residential broadband provider, discovers that an inactive customer database has been accessed without authorization. The personal data of some 380,000 customers, including details for more than 40,000 credit cards, are compromised. | Unknown | J Information and communication | CC | HK |
| 11 | 16/04/2018 | ? | Irvington School District | Partial social security numbers of more than 1,200 employees at Irvington schools are distributed via email to an unknown number of recipients by an unidentified attacker. | Unknown | P Education | CC | US |
| 12 | 17/04/2018 | ? | Chrome Users | Researchers from AdGuard uncover five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them. | Malware | X Individual | CC | >1 |
| 13 | 17/04/2018 | ? | TheBottle | Researchers from Palo Alto Networks reveal the details of SquirtDanger, a new strain of malware that allows hackers to take action screenshots, steal passwords, download files and even steal the contents of cryptocurrency wallets. | Malware | X Individual | CC | >1 |
| 14 | 17/04/2018 | ? | Minecraft users | According to Avast’s Threat Labs, nearly 50,000 Minecraft users have been infected with a malware aiming at reformatting hard drives, wiping out backup data from the targeted system along with deleting other important files. | Malware | X Individual | CC | >1 |
| 15 | 17/04/2018 | AnoaGhost | insights.london.nhs.uk | An NHS website is defaced | Defacement | O Public administration and defence, compulsory social security | CC | UK |
| 16 | 18/04/2018 | Gold Galleon | Multiple Maritime Shipping Firms | Researchers from Secureworks discover a previously unidentified "Gold Galleon" threat group, specialized in business email compromise (BEC) and business email spoofing (BES) fraud against maritime shipping firms in order to try and steal millions of dollars on an annual basis. | Account Hijacking | H Transportation and storage | CC | >1 |
| 17 | 18/04/2018 | ? | Single Individuals | Security researchers from Radware spot a new information stealer that collects Chrome login data from infected victims, along with session cookies, and appears to be looking for Facebook and Amazon details in particular. The malware is called Stresspaint and has infected so far more than 40,000 users. | Malware | X Individual | CC | >1 |
| 18 | 18/04/2018 | ? | California's Center for Orthopaedic Specialists (COS) | California's Center for Orthopaedic Specialists (COS) discloses to have been hit by a ransomware attack. The incident impacts the records of approximately 85,000 patients across three facilities in West Hills, Simi Valley and Westlake Village. | Malware | Q Human health and social work activities | CC | US |
| 19 | 18/04/2018 | ? | Ian Balina | Ian Balina, a well-known sponsored YouTube blogger is hacked, while streaming, loosing roughly $2 million in tokens. | Account Hijacking | X Individual | CC | US |
| 20 | 18/04/2018 | ? | Sangamo Therapeutics | Sangamo Therapeutics announces a data security incident involving compromise of a senior executive’s company email account. | Account Hijacking | Q Human health and social work activities | CC | US |
| 21 | 18/04/2018 | ? | Minecraft and Counter-Strike: Global Offensive players | Researchers discover two strains of a fake ransomware targeting players of Minecraft and Counter-Strike: Global Offensive (CS:GO) | Malware | X Individual | CC | >1 |
| 22 | 18/04/2018 | ? | Questar | Annual tests in several states are delayed by what appears to be a suspected hack to Questar, a K12 assessment solutions provider. | Unknown | P Education | CC | US |
| 23 | 19/04/2018 | HighTech Brazil Hackteam | Supreme Court of India | The website of Supreme Court of India is defaced. | Defacement | O Public administration and defence, compulsory social security | CC | IN |
| 24 | 19/04/2018 | ? | Single Individuals | Researchers from Trend Micro discover a spam campaign delivering the Adwind RAT bundled with the XTRAT and DUNIHI Backdoors. | Malware | X Individual | CC | >1 |
| 25 | 19/04/2018 | ? | Single Individuals | Researchers at MalwareHunterTeam discover a new strain of ransomware, targeting Brazilian users, called RansSIRIA, which encrypts victim’s files and then states it will donate the ransom to Syrian refugees. The malware target Brazilian victims. | Malware | X Individual | CC | BR |
| 26 | 20/04/2018 | ? | Multiple Targets | Security researchers from antivirus maker Qihoo 360 Core discover a new Internet Explorer 0-day exploited by a state-sponsored threat actor. The vulnerability is called "double kill". | Targeted Attack | Y Multiple Industries | CE | >1 |
| 27 | 20/04/2018 | ? | Multiple Targets | Researchers from Qihoo 360 Netlab and GreyNoise Intelligence discover a botnet made up of servers and smart devices exploiting the severe Drupal CMS vulnerability CVE-2018-7600 also known as Drupalgeddon 2. The botnet is dubbed Muhstik. | Malware | Y Multiple Industries | CC | >1 |
| 28 | 21/04/2018 | ? | Equihash mining pools | Security researchers at 360 Core Security detect a new type of attack which targets some Equihash mining pools. | Vulnerability on Equihash mining pool | Y Multiple Industries | CC | >1 |
| 29 | 21/04/2018 | ? | City of Hamilton | The emails of about 1,100 Hamilton residents have been compromised following a data breach of two waste collection apps, according to the city of Hamilton. | Unknown | O Public administration and defence, compulsory social security | CC | CA |
| 30 | 22/04/2018 | AnonPlus | ilgiornale.it | Hackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail. | Defacement | J Information and communication | H | IT |
| 31 | 22/04/2018 | Prosox Shade | Red Bull Website | The Red Bull website is defaced twice in few hours, probably exploiting the Drupalgeddon 2 vulnerability. | Defacement | I Accommodation and food service activities | CC | AT |
| 32 | 23/04/2018 | ? | Prince Edward Island (PEI) Government Website | A ransomware attack takes down the Prince Edward Island Government website. | Malware | O Public administration and defence, compulsory social security | CC | CA |
| 33 | 23/04/2018 | Orangeworm | Healthcare organizations in the United States, Europe and Asia | Researchers from Symantec reveal the details of Orangeworm, a threat group targeting healthcare organizations in the United States, Europe and Asia via a custom backdoor dubbed Kwampirs. | Targeted Attack | Q Human health and social work activities | CE | >1 |
| 34 | 23/04/2018 | ? | Careem | Careem, Uber’s main ride-hailing app rival in the Middle East, is hit by a cyber attack that compromises the data of 14 million users. The breach was discovered on January 14. | Unknown | H Transportation and storage | CC | AE |
| 35 | 23/04/2018 | APT10 | Japanese defense companies | According to FireEye, the Chinese group APT10 has targeted Japanese defense companies, possibly to get information on Tokyo’s policy toward resolving the North Korean nuclear impasse. | Targeted Attack | O Public administration and defence, compulsory social security | CE | JP |
| 36 | 23/04/2018 | Hunter butt | Thai Airways Website | The official website of Thai Airways is hacked by a Pakistani with the moniker “Hunter butt”. The hacker uploads a deface page on 23 subdomains. | Defacement | H Transportation and storage | CC | TH |
| 37 | 24/04/2018 | ? | MyEtherWallet.com | A hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts. The total bounty is $152,000. | DNS Hijacking | V Fintech | CC | US |
| 38 | 24/04/2018 | ? | Ukraine's Energy Ministry Website | Unknown hackers use ransomware to take the website of Ukraine's energy ministry offline and encrypt its files. | Malware | O Public administration and defence, compulsory social security | CC | UA |
| 39 | 24/04/2018 | ? | Single Individuals | Researchers from FortiGuard Labs uncover a new python-based Monero cryptocurrency mining malware, dubbed "PyRoMine" that uses the ETERNALROMANCE exploit to spread. | Malware | X Individual | CC | >1 |
| 40 | 24/04/2018 | ? | Brazilian companies | Researchers from FireEye identify a widespread spam campaign, dubbed Metamorfo, targeting Brazilian companies with the goal of delivering banking Trojans. | Malware | Y Multiple Industries | CC | BR |
| 41 | 24/04/2018 | ? | Americas Cardroom | Poker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom. | DDoS | R Arts entertainment and recreation | CC | US |
| 42 | 24/04/2018 | ? | Multiple industries including critical infrastructure, entertainment, finance, health care, and telecommunications | Researchers from McAfee uncover a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. The campaign is dubbed Operation GhostSecret. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 43 | 24/04/2018 | ? | WebLogic Servers | Attackers start to exploit Oracle WebLogic servers for CVE-2018-2628. | Vulnerability (CVE-2018-2628) | Y Multiple Industries | CC | >1 |
| 44 | 25/04/2018 | ? | HPE Users | Threat actors target internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware. | Malware | Y Multiple Industries | CC | >1 |
| 45 | 26/04/2018 | ? | Single Individuals | Researchers from Vade Secure reveal the details of a massive phishing campaign targeting more than 550 million email users globally since the first quarter of 2018. | Account Hijacking | X Individual | CC | >1 |
| 46 | 26/04/2018 | ? | Single Individuals | Researchers from Trend Micro discover a new variant of the infamous Necurs botnet using .url files (internet shortcuts) to bypass conventional detection methods. | Malware | X Individual | CC | >1 |
| 47 | 26/04/2018 | The Invincible The Martian | Several targets in India | Researchers from Cisco Talos unveil the details of GravityRAT, a tool being used in targeted attacks, allegedly coming from Pakistan, against India with sophisticated anti-evasion techniques. | Targeted Attack | O Public administration and defence, compulsory social security | CW | IN |
| 48 | 26/04/2018 | Team Kerala Cyber Warriors | Pakistan | Team Kerala Cyber Warriors, a hacking group based out of India, begin to install ransomware on web sites based out of Pakistan. The ransomware is called KCW Ransomware. | Malware | Y Multiple Industries | CW | PK |
| 49 | 26/04/2018 | ? | Sen. Richard Pan, D-Sacramento | Sen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year. | Account Hijacking | X Individual | CC | US |
| 50 | 27/04/2018 | ? | Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext) | Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext) are targeted by a cyber attack aimed to penetrate Mexico’s electronic payment systems (SPEI). | Unknown | K Financial and insurance activities | CC | MX |
| 51 | 27/04/2018 | ? | Zippy's Restaurants | The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018. | PoS Malware | I Accommodation and food service activities | CC | US |
| 52 | 27/04/2018 | ? | Highway Sign in Arizona | Someone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text. | Unknown | H Transportation and storage | CC | US |
| 53 | 27/04/2018 | ? | Leominster Schools District | Leominster Schools District pays $10,000 worth of Bitcoins ransom following a cyberattack on their system. | Malware | P Education | CC | US |
| 54 | 27/04/2018 | AnonPlus | City of Bologna | The website of the City of Bologna is defaced by AnonPlus | Defacement | O Public administration and defence, compulsory social security | H | IT |
| 55 | 27/04/2018 | ? | Scenic Bluffs Community Health Centers | Scenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party. | Account Hijacking | Q Human health and social work activities | CC | US |
| 56 | 27/04/2018 | ? | Billings Clinic | Billings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February. | Account Hijacking | Q Human health and social work activities | CC | US |
| 57 | 30/04/2018 | ? | Single Individuals | Researchers from Trend Micro reveal the details of FacexWorm, a malicious Chrome extension, targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive. | Malware | X Individual | CC | >1 |
