| 1 | 01/05/2018 | ? | Rail Europe North America | Rail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018. | Malware | R Arts entertainment and recreation | CC | US |
| 2 | 01/05/2018 | APT28 AKA Fancy Bear | Lojack Users | Security researchers from Arbor Networks reveal that malware with suspected links to Russian cyber-espionage group Fancy Bear is turning up in installations of Lojack, an anti-computer theft program used by many corporations to guard their assets. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 3 | 01/05/2018 | ? | Vulnerable servers | Researchers from AlienVault reveal the details of MassMiner, a new wave of cryptocurrency-mining malware using exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts). | Multiple Vulnerabilities | Y Multiple Industries | CC | >1 |
| 4 | 01/05/2018 | SB315 | City of Augusta Calvary Baptist Church
Georgia Southern University
Two Augusta restaurants: Blue Sky Kitchen and Soy Noodle House | A group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if the bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, Blue Sky Kitchen and Soy Noodle House. | Defacement | Y Multiple Industries | H | US |
| 5 | 01/05/2018 | ? | Knox County's website | The Tennessee county's website is taken down by a DDoS attack on election night. | DDoS | O Public administration and defence, compulsory social security | CC | US |
| 6 | 01/05/2018 | ? | Leominster Public School | Leominster Public School is the victim of a ransomware attack, forcing them to pay $10,000 to have the computers back. | Malware | P Education | CC | US |
| 7 | 02/05/2018 | ? | Drupal Servers | Researchers from Imperva/Incapsula discover another strain of malware, dubbed Kitty, aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600) to mine cryptocurrency | Vulnerability (CVE-2018-7600) | Y Multiple Industries | CC | >1 |
| 8 | 02/05/2018 | Allanite | Business and ICS networks at electric utilities in the US and UK. | Researchers from Dragos unveil the details of a threat actor dubbed Allanite, active at least since May 2017 and still targeting both business and ICS networks at electric utilities in the US and UK. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | US UK |
| 9 | 02/05/2018 | ? | Fredericksburg School System | A Fredericksburg school system employee falls for phishing attack | Account Hijacking | P Education | CC | US |
| 10 | 02/05/2018 | Akincilar | Greek Foreign Ministry
Athens-Macedonia News Agency (ANA)
Greek Handball Federation
Suzuki-Greece | The Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016. | Defacement | O Public administration and defence, compulsory social security
I Accommodation and food service activities
R Arts entertainment and recreation
C Manufacturing | CW | GR |
| 11 | 03/05/2018 | ? | Targets in Middle East | Researchers from Kaspersky reveal the details of ZooPark, a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware. | Targeted Attack | Y Multiple Industries | CE | >1 |
| 12 | 03/05/2018 | ? | World Rugby Training and Education Website | World Rugby is forced to suspend its training and education website after the governing body is the target of a cyber attack that sees hackers obtain personal data from thousands of subscribers. | Unknown | R Arts entertainment and recreation | CC | N/A |
| 13 | 03/05/2018 | ? | JavaScript users | The Node Package Manager (npm) team discovers and blocks the distribution of a backdoor inside getcookies, a popular, albeit deprecated, JavaScript package. | Malware | X Individual | CC | >1 |
| 14 | 03/05/2018 | ? | Airbnb users | Researchers from Redscan discover a GDPR-related phishing scam with emails claiming to be from Airbnb. | Account Hijacking | X Individual | CC | >1 |
| 15 | 03/05/2018 | ? | Several Florida Hospital Websites | Several Florida Hospital Websites are taken offline after being affected by a malware that could have compromised patient information. The list of the affected hospitals include: FloridaBariatric.com, FHOrthoInstitute.com and FHExecutiveHealth.com. | Malware | Q Human health and social work activities | CC | US |
| 16 | 03/05/2018 | Anonymous | 24TV Turk Telekom | As a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom. | DDoS | J Information and communication | CW | TR |
| 17 | 03/05/2018 | ? | Meituan Dianping | Meituan Dianping, the internet giant backed by Tencent, China’s most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users. This happens after tens of thousands of data snippets -- everything from names and mobile numbers to home addresses -- on food-delivery customers went on sale online. | ? | G Wholesale and retail trade | CC | CN |
| 18 | 03/05/2018 | ? | Fleetcor Technologies | Fleetcor Technologies, a company specializing in fuel cards and workforce payment products and services, publicly discloses that its gift card systems were accessed last month by an unauthorized party. A "significant number" of gift cards that are at least six months old, as well as PIN numbers, were accessed. | Unknown | R Arts entertainment and recreation | CC | US |
| 19 | 04/05/2018 | ? | Copenhagen city’s bicycle sharing system “Bycyklen" | Unknown hackers disrupt the Copenhagen city’s bicycle sharing system “Bycyklen”, erasing the data of 1,860 bicycles. | Unknown | H Transportation and storage | CC | DK |
| 20 | 04/05/2018 | AnonPlus | K9 Web Protection | Hackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec). | Defacement | J Information and communication | H | US |
| 21 | 04/05/2018 | ? | Riverside Fire and Police department | Ransomware infects the servers of the Riverside Fire and Police department for the second time in a month. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 22 | 04/05/2018 | ? | W.S. Neal High School | While finalizing end-year school rankings, W.S. Neal High School realizes that someone has been changing grades since 2016. | Unknown | P Education | CC | US |
| 23 | 04/05/2018 | ? | City of Tulsa | The City of Tulsa confirms that computer hackers broke into several City controlled accounts but says it appears there have been no effects on city systems. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 24 | 04/05/2018 | ? | Northwest University | The email account of the Northwest University’s CFO is hacked. As a consequence $60,000 are stolen. | Account Hijacking | P Education | CC | US |
| 25 | 04/05/2018 | ? | Banco Inter | Shares in Banco Inter fall as much as 11 percent after reports that a hacking attack had obtained sensitive data pertaining to clients. Banco Inter reveals it was “the victim of attempted extortion.” | Unknown | K Financial and insurance activities | CC | BR |
| 26 | 05/05/2018 | ? | Vulnerable Drupal Servers | Researcher Troy Mursch discovers another campaign aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602). In this campaign more than 350 servers are compromised to inject cryptominers. | Vulnerabilities (CVE-2018-7600 and CVE-2018-7602) | Y Multiple Industries | CC | >1 |
| 27 | 05/05/2018 | ? | Mason Law Office | Mason Law Office discovers evidence of unauthorized access to their mycase.com instance by an unknown individual or group of individuals. Client data is potentially accessed. | Unknown | M Professional scientific and technical activities | CC | US |
| 28 | 06/05/2018 | ? | Canon Security Cameras | “I’m Hacked. bye2”— That’s the message left behind on most of the 60 hacked Canon security cameras in Japan with many more hacked in the previous weeks. | Unknown | Y Multiple Industries | CC | JP |
| 29 | 06/05/2018 | ? | Android and Windows Users | Researchers from Trend Micro identify a new spyware distributed via adult games. Dubbed as Maikspy spyware (from a famous adult film actress). The main target of this malicious new campaign are Android and Windows users, and the primary objective is to steal sensitive personal data. The malware is dubbed AndroidOS_MaikSpy.HRX. | Malware | X Individual | CC | >1 |
| 30 | 07/05/2018 | ? | SSH Decorator (Python Module) users | SSH Decorator, a Python module, is compromised by unknown attacker who inject a backdoor. | Malware | X Individual | CC | >1 |
| 31 | 07/05/2018 | ? | Roseburg Public Schools | A ransomware attack targets Roseburg Public Schools, blocking access to the district’s email, website and software. | Malware | P Education | CC | US |
| 32 | 07/05/2018 | Akincilar | Honda Greece | Turkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists. | Defacement | C Manufacturing | CW | GR |
| 33 | 08/05/2018 | ? | Marketing/Advertising/Public Relations and Retail/Manufacturing industries | Proofpoint observes a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers. | Malware | Y Multiple Industries | CC | >1 |
| 34 | 08/05/2018 | ? | Sheffield Credit Union | Sheffield Credit Union is the victim of a Cyber attack, which is believed to have taken place on 14 February 2018 but only recently comes to light after a blackmailing attempt by the attackers. The personal data of about 15,000 members is compromised. | Unknown | K Financial and insurance activities | CC | UK |
| 35 | 08/05/2018 | SilverTerrier | Multiple Targets Around the World | Researchers from Palo Alto Networks reveal the details of a ring of Nigerian criminals dubbed SilverTerrier, conducting hacking campaigns against targets around the world. The researchers have attributed 181,000 attacks, using 15 families of malware, to the group in the last year, with expected losses estimated more than $3B. | Malware | Y Multiple Industries | CC | >1 |
| 36 | 08/05/2018 | ? | City of Goodyear | The City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers. | PoS Malware | O Public administration and defence, compulsory social security | CC | US |
| 37 | 09/05/2018 | ? | Several financial targets in the US | Researchers from F5 reveal a new campaign carried on via the infamous Panda malware targeting US financials targets. | Malware | K Financial and insurance activities | CC | US |
| 38 | 09/05/2018 | ? | The Sun | The Sun calls in the UK's cybersecurity authorities after detecting Russian hackers trying to access the tabloid newspaper's internal computer systems. | Targeted Attack | J Information and communication | CE | UK |
| 39 | 09/05/2018 | ? | Morinaga Milk Industry Co. | After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked. | Unknown | I Accommodation and food service activities | CC | JP |
| 40 | 09/05/2018 | ? | The Oregon Clinic | The Oregon Clinic announces that a data security incident may have affected protected health information (PHI) after an unauthorized third party accessed an internal email account. | Account Hijacking | Q Human health and social work activities | CC | US |
| 41 | 10/05/2018 | Anonymous | Official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) | The Anonymous deface several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country especially the recent ban on Telegram. | Defacement | O Public administration and defence, compulsory social security | H | RU |
| 42 | 10/05/2018 | ? | Multiple Targets | Researchers from Radware reveal the details of Nigelthorn, a crypto-mining malware abusing Chrome extensions, and using Facebook to spread. The analysis reveals that the group has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries. | Malware | Y Multiple Industries | CC | >1 |
| 43 | 10/05/2018 | ? | Vulnerable Dasan GPON routers | Researchers from Qihoo 360 Netlab reveal that at least five IoT botnets are targeting Dasan GPON routers, exploiting the two recently discovered vulnerabilities CVE-2018-10561 and CVE-2018-10562. The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori. | Vulnerabilities (CVE-2018-10561, CVE-2018-10562) | Y Multiple Industries | CC | >1 |
| 44 | 10/05/2018 | ? | Wasaga Beach | Wasaga Beach pays the ransom to hackers who took over its computer system earlier this month. | Malware | O Public administration and defence, compulsory social security | CC | CA |
| 45 | 10/05/2018 | ? | Malley’s Chocolates | Malley’s Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached. | Unknown | I Accommodation and food service activities | CC | US |
| 46 | 11/05/2018 | ? | Android Users | Researchers from Symantec discover a new wave of 45 malicious on the Android store known under the definition of Android.Reputation.1. Of these apps, 7 are rebranded versions of previously removed apps, whereas 38 are completely new, | Malware | X Individual | CC | >1 |
| 47 | 11/05/2018 | ? | Chili's Restaurant | Chili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018. | PoS Malware | I Accommodation and food service activities | CC | US |
| 48 | 11/05/2018 | ? | Ubuntu Users | A user has spots a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store. The app's name is 2048buntu, a clone of the popular 2024 game. | Malware | X Individual | CC | >1 |
| 49 | 11/05/2018 | ? | DSB | The Danish state rail operator DSB is hit by a massive DDoS attack, paralyzing some operations, including ticketing systems and the communication infrastructure. | DDoS | H Transportation and storage | CC | DK |
| 50 | 11/05/2018 | ? | Bemus Point School District | Bemus Point School District Superintendent reveals that some students in the district might have been compromised amid the breach of Maia Learning by a competitor. | Unknown | P Education | CC | US |
| 51 | 12/05/2018 | ? | Capitol Administrators | Capitol Administrators notifies individuals of a phishing attack. | Account Hijacking | N Administrative and support service activities | CC | US |
| 52 | 12/05/2018 | ? | Five Mexican Banks including No. 2 Banorte | Thieves siphon 300 million pesos ($15.4 million) out of five Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money. | Account Hijacking | K Financial and insurance activities | CC | MX |
| 53 | 14/05/2018 | Hackers linked to the Turkish Government | Turkish Dissident and Protesters | According to a new report by digital rights organization Access Now, hackers, apparently working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters by spreading the infamous FinFisher spyware on Twitter. | Malware | X Individual | CC | TR |
| 54 | 14/05/2018 | ? | Family Planning NSW | Family Planning NSW tells customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack. Around 8,000 users might be affected. | Malware | Q Human health and social work activities | CC | AU |
| 55 | 15/05/2018 | Stealth Mango | Government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab Emirates | Researchers from Lookout discover a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. The campaign is called Stealth Mango, and has been used to collect over 30 gigabytes of compromised data on attacker infrastructure | Malware | O Public administration and defence, compulsory social security | CE | >1 |
