Last Updated on December 30, 2018

Here’s the first timeline of May, covering the main cyber attacks occurred between May 1st and May 15th, a fortnight confirming the growing trend reported in April, given that I have collected 55 events vs. 42 in the first 15 days of the previous month (and 57 in the second half).

The main event of this timeline occurred in Mexico, where thieves siphoned 300 million pesos ($15.4 million) out of five Mexican banks. Chili’s Restaurant is also in the list, having suffered a breach between March and April 2018, resulting in unauthorized access or acquisition of payment card data.

Needless to say, cryptominers are another hot topic: this month has seen two fresh campaigns exploiting Druplageddon 2.0 (CVE-2018-7600 and CVE-2018-7602), a couple of large scale miners (MassMiner and Nigelthorn) and also the compromise of an Ubuntu Snap package aimed at… guess what… Minin cryptominers.

Last but not least, hacktivist were quite active in the Aegean peninsula: easily predictable, the tensions between Turkey and Greece are showing their repercussions in the cyber space.

As previously mentioned, the list is quite long, so feel free to browse it all! And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

101/05/2018?Rail Europe North AmericaRail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.MalwareR Arts entertainment and recreationCCUS
201/05/2018APT28 AKA Fancy BearLojack UsersSecurity researchers from Arbor Networks reveal that malware with suspected links to Russian cyber-espionage group Fancy Bear is turning up in installations of Lojack, an anti-computer theft program used by many corporations to guard their assets.Targeted AttackY Multiple IndustriesCE>1
301/05/2018?Vulnerable serversResearchers from AlienVault reveal the details of MassMiner, a new wave of cryptocurrency-mining malware using exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts).Multiple VulnerabilitiesY Multiple IndustriesCC>1
401/05/2018SB315City of Augusta Calvary Baptist Church
Georgia Southern University
Two Augusta restaurants: Blue Sky Kitchen and Soy Noodle House
A group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if the bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, Blue Sky Kitchen and Soy Noodle House.DefacementY Multiple IndustriesHUS
501/05/2018?Knox County's websiteThe Tennessee county's website is taken down by a DDoS attack on election night.DDoSO Public administration and defence, compulsory social securityCCUS
601/05/2018?Leominster Public SchoolLeominster Public School is the victim of a ransomware attack, forcing them to pay $10,000 to have the computers back.MalwareP EducationCCUS
702/05/2018?Drupal ServersResearchers from Imperva/Incapsula discover another strain of malware, dubbed Kitty, aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600) to mine cryptocurrencyVulnerability (CVE-2018-7600)Y Multiple IndustriesCC>1
802/05/2018AllaniteBusiness and ICS networks at electric utilities in the US and UK.Researchers from Dragos unveil the details of a threat actor dubbed Allanite, active at least since May 2017 and still targeting both business and ICS networks at electric utilities in the US and UK.Targeted AttackD Electricity gas steam and air conditioning supplyCEUS UK
902/05/2018?Fredericksburg School SystemA Fredericksburg school system employee falls for phishing attackAccount HijackingP EducationCCUS
1002/05/2018AkincilarGreek Foreign Ministry
Athens-Macedonia News Agency (ANA)
Greek Handball Federation
The Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016.DefacementO Public administration and defence, compulsory social security
I Accommodation and food service activities
R Arts entertainment and recreation
C Manufacturing
1103/05/2018?Targets in Middle EastResearchers from Kaspersky reveal the details of ZooPark, a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware.Targeted AttackY Multiple IndustriesCE>1
1203/05/2018?World Rugby Training and Education WebsiteWorld Rugby is forced to suspend its training and education website after the governing body is the target of a cyber attack that sees hackers obtain personal data from thousands of subscribers.UnknownR Arts entertainment and recreationCCN/A
1303/05/2018?JavaScript usersThe Node Package Manager (npm) team discovers and blocks the distribution of a backdoor inside getcookies, a popular, albeit deprecated, JavaScript package.MalwareX IndividualCC>1
1403/05/2018?Airbnb usersResearchers from Redscan discover a GDPR-related phishing scam with emails claiming to be from Airbnb.Account HijackingX IndividualCC>1
1503/05/2018?Several Florida Hospital WebsitesSeveral Florida Hospital Websites are taken offline after being affected by a malware that could have compromised patient information. The list of the affected hospitals include:, and Human health and social work activitiesCCUS
1603/05/2018Anonymous24TV Turk TelekomAs a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.DDoSJ Information and communicationCWTR
1703/05/2018?Meituan DianpingMeituan Dianping, the internet giant backed by Tencent, China’s most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users. This happens after tens of thousands of data snippets -- everything from names and mobile numbers to home addresses -- on food-delivery customers went on sale online.?G Wholesale and retail tradeCCCN
1803/05/2018?Fleetcor TechnologiesFleetcor Technologies, a company specializing in fuel cards and workforce payment products and services, publicly discloses that its gift card systems were accessed last month by an unauthorized party. A "significant number" of gift cards that are at least six months old, as well as PIN numbers, were accessed.UnknownR Arts entertainment and recreationCCUS
1904/05/2018?Copenhagen city’s bicycle sharing system “Bycyklen"Unknown hackers disrupt the Copenhagen city’s bicycle sharing system “Bycyklen”, erasing the data of 1,860 bicycles.UnknownH Transportation and storageCCDK
2004/05/2018AnonPlusK9 Web ProtectionHackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec).DefacementJ Information and communicationHUS
2104/05/2018?Riverside Fire and Police departmentRansomware infects the servers of the Riverside Fire and Police department for the second time in a month.MalwareO Public administration and defence, compulsory social securityCCUS
2204/05/2018?W.S. Neal High SchoolWhile finalizing end-year school rankings, W.S. Neal High School realizes that someone has been changing grades since 2016.UnknownP EducationCCUS
2304/05/2018?City of TulsaThe City of Tulsa confirms that computer hackers broke into several City controlled accounts but says it appears there have been no effects on city systems.UnknownO Public administration and defence, compulsory social securityCCUS
2404/05/2018?Northwest UniversityThe email account of the Northwest University’s CFO is hacked. As a consequence $60,000 are stolen.Account HijackingP EducationCCUS
2504/05/2018?Banco InterShares in Banco Inter fall as much as 11 percent after reports that a hacking attack had obtained sensitive data pertaining to clients. Banco Inter reveals it was “the victim of attempted extortion.”UnknownK Financial and insurance activitiesCCBR
2605/05/2018?Vulnerable Drupal ServersResearcher Troy Mursch discovers another campaign aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602). In this campaign more than 350 servers are compromised to inject cryptominers.Vulnerabilities (CVE-2018-7600 and CVE-2018-7602)Y Multiple IndustriesCC>1
2705/05/2018?Mason Law OfficeMason Law Office discovers evidence of unauthorized access to their instance by an unknown individual or group of individuals. Client data is potentially accessed.UnknownM Professional scientific and technical activitiesCCUS
2806/05/2018?Canon Security Cameras“I’m Hacked. bye2”— That’s the message left behind on most of the 60 hacked Canon security cameras in Japan with many more hacked in the previous weeks.UnknownY Multiple IndustriesCCJP
2906/05/2018?Android and Windows UsersResearchers from Trend Micro identify a new spyware distributed via adult games. Dubbed as Maikspy spyware (from a famous adult film actress). The main target of this malicious new campaign are Android and Windows users, and the primary objective is to steal sensitive personal data. The malware is dubbed AndroidOS_MaikSpy.HRX.MalwareX IndividualCC>1
3007/05/2018?SSH Decorator (Python Module) usersSSH Decorator, a Python module, is compromised by unknown attacker who inject a backdoor.MalwareX IndividualCC>1
3107/05/2018?Roseburg Public SchoolsA ransomware attack targets Roseburg Public Schools, blocking access to the district’s email, website and software.MalwareP EducationCCUS
3207/05/2018AkincilarHonda GreeceTurkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.DefacementC ManufacturingCWGR
3308/05/2018?Marketing/Advertising/Public Relations and Retail/Manufacturing industriesProofpoint observes a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers.MalwareY Multiple IndustriesCC>1
3408/05/2018?Sheffield Credit UnionSheffield Credit Union is the victim of a Cyber attack, which is believed to have taken place on 14 February 2018 but only recently comes to light after a blackmailing attempt by the attackers. The personal data of about 15,000 members is compromised.UnknownK Financial and insurance activitiesCCUK
3508/05/2018SilverTerrierMultiple Targets Around the WorldResearchers from Palo Alto Networks reveal the details of a ring of Nigerian criminals dubbed SilverTerrier, conducting hacking campaigns against targets around the world. The researchers have attributed 181,000 attacks, using 15 families of malware, to the group in the last year, with expected losses estimated more than $3B.MalwareY Multiple IndustriesCC>1
3608/05/2018?City of GoodyearThe City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers.PoS MalwareO Public administration and defence, compulsory social securityCCUS
3709/05/2018?Several financial targets in the USResearchers from F5 reveal a new campaign carried on via the infamous Panda malware targeting US financials targets.MalwareK Financial and insurance activitiesCCUS
3809/05/2018?The SunThe Sun calls in the UK's cybersecurity authorities after detecting Russian hackers trying to access the tabloid newspaper's internal computer systems.Targeted AttackJ Information and communicationCEUK
3909/05/2018?Morinaga Milk Industry Co.After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked.UnknownI Accommodation and food service activitiesCCJP
4009/05/2018?The Oregon ClinicThe Oregon Clinic announces that a data security incident may have affected protected health information (PHI) after an unauthorized third party accessed an internal email account.Account HijackingQ Human health and social work activitiesCCUS
4110/05/2018AnonymousOfficial website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo)The Anonymous deface several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country especially the recent ban on Telegram.DefacementO Public administration and defence, compulsory social securityHRU
4210/05/2018?Multiple TargetsResearchers from Radware reveal the details of Nigelthorn, a crypto-mining malware abusing Chrome extensions, and using Facebook to spread. The analysis reveals that the group has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries.MalwareY Multiple IndustriesCC>1
4310/05/2018?Vulnerable Dasan GPON routersResearchers from Qihoo 360 Netlab reveal that at least five IoT botnets are targeting Dasan GPON routers, exploiting the two recently discovered vulnerabilities CVE-2018-10561 and CVE-2018-10562. The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori.Vulnerabilities (CVE-2018-10561, CVE-2018-10562)Y Multiple IndustriesCC>1
4410/05/2018?Wasaga BeachWasaga Beach pays the ransom to hackers who took over its computer system earlier this month.MalwareO Public administration and defence, compulsory social securityCCCA
4510/05/2018?Malley’s ChocolatesMalley’s Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.UnknownI Accommodation and food service activitiesCCUS
4611/05/2018?Android UsersResearchers from Symantec discover a new wave of 45 malicious on the Android store known under the definition of Android.Reputation.1. Of these apps, 7 are rebranded versions of previously removed apps, whereas 38 are completely new,MalwareX IndividualCC>1
4711/05/2018?Chili's RestaurantChili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.PoS MalwareI Accommodation and food service activitiesCCUS
4811/05/2018?Ubuntu UsersA user has spots a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store. The app's name is 2048buntu, a clone of the popular 2024 game.MalwareX IndividualCC>1
4911/05/2018?DSBThe Danish state rail operator DSB is hit by a massive DDoS attack, paralyzing some operations, including ticketing systems and the communication infrastructure.DDoSH Transportation and storageCCDK
5011/05/2018?Bemus Point School DistrictBemus Point School District Superintendent reveals that some students in the district might have been compromised amid the breach of Maia Learning by a competitor.UnknownP EducationCCUS
5112/05/2018?Capitol AdministratorsCapitol Administrators notifies individuals of a phishing attack.Account HijackingN Administrative and support service activitiesCCUS
5212/05/2018?Five Mexican Banks including No. 2 BanorteThieves siphon 300 million pesos ($15.4 million) out of five Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money.Account HijackingK Financial and insurance activitiesCCMX
5314/05/2018Hackers linked to the Turkish GovernmentTurkish Dissident and ProtestersAccording to a new report by digital rights organization Access Now, hackers, apparently working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters by spreading the infamous FinFisher spyware on Twitter.MalwareX IndividualCCTR
5414/05/2018?Family Planning NSWFamily Planning NSW tells customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack. Around 8,000 users might be affected.MalwareQ Human health and social work activitiesCCAU
5515/05/2018Stealth MangoGovernment officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab EmiratesResearchers from Lookout discover a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. The campaign is called Stealth Mango, and has been used to collect over 30 gigabytes of compromised data on attacker infrastructureMalwareO Public administration and defence, compulsory social securityCE>1

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.