1-15 June 2018 Cyber Attacks Timeline

I know I am a little late and I will try to catch up as quick as possible. In the meantime, feel free to enjoy the first timeline of June, covering the main cyber attacks occurred in the first half of this month.

So, where do we start from? From the mega breaches or the attacks against cryptocurrency assets? I really don’t know since in both cases the situation is quite desolating. The list of the targets of mega breaches occurred in this fortnight includes MyHeritage (92 million users compromised), Dixons Carphone (5.9 million payment cards and 1.2 million personal data records), and AcFun (details of 10 million individuals compromised).

And if we move to cryptocurrencies the situation is not any better: Monacoin and Zencash suffered a 51% attack, Coinrail, a South Korean cryptocurrency exchange lost the equivalent of USD 37.2 million), similarly to an undisclosed Japanese wallet, which lost “only” the equivalent of USD 10 million in cryptocurrency), and we could also mention the multiple operations aimed to steal cryptocoins from single individuals like ClipboardWalletHijacker.

But there are so many interesting events, so feel free to browse the whole list! And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
122/05/2018?MonacoinMonacoin suffers a 51% attack.51% attackV FintechCCJP
201/06/2018?Buffalo Wild WingsA hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the “secret recipe” for the company’s wings.Account HijackingI Accommodation and food service activitiesCCUS
301/06/2018?Several Rhode Island State AgenciesRhode Island officials say several state agencies are targeted by malware. The list of victims include: the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare.MalwareO Public administration and defence, compulsory social securityCCUS
402/06/2018?Several Australian citizensSeveral Australian citizens are the victims of a tech support scam, through which the attackers are able to take over their webcams and upload videos to YouTube.Account HijackingX IndividualCCAU
502/06/2018Todd Davis aka LifelockHolland Eye Surgery & Laser CenterHolland Eye Surgery & Laser Center notifies 42,200 patients about a hack occurred in 2016.UnknownQ Human health and social work activitiesCCUS
602/06/2018?Shiawassee CountyThe Shiawassee County financial administrator resigns after being caught in a phishing scam and mistakenly wiring $50,000 to an overseas bank account.Account HijackingO Public administration and defence, compulsory social securityCCUS
703/06/2018?ZenCashZenCash, an upcoming privacy coin, is the victim of a 51% attack.51% attackV FintechCCUS
803/06/2018?Booking.com usersAccording to multiple reports, unknown cybercriminals launch a phishing campaign targeting Booking.com customers whose information was illegally obtained, possibly by breaching certain partner hotels.Account HijackingX IndividualCC>1
904/06/2018?MyHeritageMyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.UnknownQ Human health and social work activitiesCCUS
1004/06/2018?New York Giants defensive end Avery MossExplicit videos and pictures of New York Giants defensive end Avery Moss are posted on his Twitter timeline after his account is hacked.Account HijackingX IndividualCCUS
1104/06/2018?Morinaga Milk Industry Co.Morinaga Milk Industry Co. says that personal data on up to 92,822 customers may have been stolen as its health food shopping website was hacked. Credit card information belonging to up to 29,773 of the affected customers was leaked and that around 300 cases of illicit use of the information, involving some ¥20 million ($180,000), have been confirmed so far.UnknownI Accommodation and food service activitiesCCJP
1205/06/2018?Undisclosed Japanese Syndicate WalletShopin, a universal shopper profile using blockchain and Artificial Intelligence, releases an official statement indicating that a significant token distributor was hacked on June 1st, resulting in a loss of more than $10 million USD of a variety of tokens, including Ethereum, Level Up, Orbs, and Shopin Tokens.Account HijackingV FintechCCJP
1305/06/2018?WordPress SitesSecurity researchers from Wordfence reveal the details of BabaYaga, a malware targeting WordPress sites characterized by sophisticated self-preserving mechanisms.MalwareY Multiple IndustriesCC>1
1406/06/2018?PageUpAustralia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.MalwareS Other service activitiesCCAU
1506/06/2018?Multiple TargetsResearchers from the GuardiCore security team reveal the details of Operation Prowli, a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, used for cryptocurrency mining, and for redirecting users to malicious sites.Vulnerabilities Brute-ForceY Multiple IndustriesCC>1
1606/06/2018SofacyGovernment organizations dealing with foreign affairResearchers from Palo Alto Networks Unit 42 reveal the details of Zebrocy, a new campaign carried on by the Sofacy group via phishing attacks that contain malicious Microsoft Office documents with macros as well as simple executable file attachments.Targeted AttackO Public administration and defence, compulsory social securityCE>1
1706/06/2018?Litecoin CashLitecoin Cash is the latest crypto currency to suffer a 51% attack.51% attackV FintechCCN/A
1806/06/2018?Brazilian users of online banking services.Researchers from Kaspersky Lab discover a malicious Chrome Extension available in the Chrome Web Store, targeting Brazilian users of online banking services.MalwareK Financial and insurance activitiesCCBR
1907/06/2018?High-profile targets in Russia and UkraineResearchers from ESET reveal the details of Invisimole, a campaign active since 2013 targeting entities in Russia and Ukraine.Targeted AttackY Multiple IndustriesCERU UA
2007/06/2018?Targets in Middle EastResearchers from ICEBRG and 360 Core Security reveal a wave of attacks leveraging the unpatched CVE-2018-5002 Adobe vulnerability.0-Day Vulnerability (CVE-2018-5002)Y Multiple IndustriesCC>1
2107/06/2018?Russian service centers offering maintenance and support for various electronic goods.Security researchers from Fortinet spot a series of attacks targeting Russian service centers offering maintenance and support for various electronic goods.Vulnerability (CVE-2017-11882)N Administrative and support service activitiesCCRU
2207/06/2018?City of WellingtonWellington officials reveal to have been recently notified by Superion, their software vendor, about potential unauthorized charges on credit cards used by customers to pay their utility bills.MalwareX IndividualCCUS
2307/06/2018?RISE WisconsinRISE Wisconsin formerly Community Partnerships and Center for Families) notifies its participants of a ransomware attack occurred on April 8, 2018.MalwareQ Human health and social work activitiesCCUS
2408/06/2018Alleged State-sponsored Chinese hackersUS Navy ContractorChinese government hackers have compromised the computers of a Navy contractor, stealing 600+ Gb of highly sensitive data related to undersea warfare, including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The attack occurred in January and February.Targeted AttackO Public administration and defence, compulsory social securityCEUS
2508/06/2018?Elmcroft Senior LivingThe personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May.Account HijackingQ Human health and social work activitiesCCUS
2608/06/2018?Terros HealthTerros Health warns that 1,600 patient records were exposed in a data breach earlier this spring. The breach, due to a phishing attack, was discovered on April 12 and happened November 16, 2017.Account HijackingQ Human health and social work activitiesCCUS
2708/06/2018?Multiple TargetsResearchers from Barkly reveal a malicious spam campaign distributing .IQY files, simple text files that open by default in Excel and are used to download data from the Internet. These files are highly evasive for AVs.MalwareX IndividualCC>1
2808/06/2018?Undisclosed Italian CompaniesResearchers from Yoroi reveal the details of DMOSK, a malware targeting specifically Italian firms.MalwareY Multiple IndustriesCCIT
2911/06/2018?Bank of ChileShares in the Bank of Chile are down after it confirms hackers siphon off $10 million of its funds, mainly to Hong Kong. However the bank says no client accounts have been impacted. Apparently a wiper malware was used to conceal the real purpose of the attack.Fraudulent SWIFT TransactionsK Financial and insurance activitiesCCCL
3011/06/2018?CoinrailCoinrail, a South Korean cryptocurrency exchange, says that its systems have been hacked. It is believed that hackers stole about 40 billion won (US$37.2 million) worth of cryptocurrency from Coinrail, including 21 billion won worth of Pundi X and 14.9 billion won worth of Aston.UnknownV FintechCCKR
3111/06/2018Lazarus GroupSouth Korean Think TankNorth Korea-linked Lazarus APT Group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security.Targeted AttackO Public administration and defence, compulsory social securityCEKR
3212/06/2018?Misconfigured Ethereum Mining Rigs and applicationsAccording to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications.Misconfigured Ethereum RigsV FintechCC>1
3312/06/2018One or more people in Russia?ClarifaiA lawsuit filed by a former employee alleges that AI startup Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military. The lawsuit says Clarifai learned of the breach last November, but did not promptly report it to the Pentagon.Targeted AttackM Professional scientific and technical activitiesCEUS
3412/06/2018?Mexican National Action Party (PAN)The website of the Mexican National Action Party is hit by a cyber attack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.DDoSS Other service activitiesCCMX
3512/06/2018?Single IndividualsResearchers from Fortinet discover PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread.MalwareX IndividualCC>1
3612/06/2018?Multiple TargetsResearchers from Kromtech reveal that over a dozen malicious docker images have been available on Docker Hub for 30 days, allowing hackers to earn $90,000 in cryptojacking profits.MalwareX IndividualCC>1
3712/06/2018?Massachusetts Clean Energy CenterAn audit reveals that a scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year.Account HijackingO Public administration and defence, compulsory social securityCCUS
3812/06/2018?National Network and Electronic Services Agency (NASES) Slovak Hydro-meteorological Institute (SHMÚ) slovensko.skSeveral Slovakian websites are hit by a wave of DDoS attacks.DDoSO Public administration and defence, compulsory social securityCCSK
3913/06/2018?Dixons CarphoneDixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. The breach began in July last year and 105,000 cards without chip-and-pin protection have been leaked.UnknownG Wholesale and retail tradeCCUK
4013/06/2018LuckyMouse AKA EmissaryPanda AKA APT27MongoliaResearchers from Kaspersky reveal that the Chinese hacking group LuckyMouse broke into a national data center in Mongolia late last year and planted the HyperBro malware into government websites.Targeted AttackO Public administration and defence, compulsory social securityCEMN
4113/06/2018?SyscoinMalicious actors replace the legitimate Windows installer for Syscoin's cryptocurrency with a version containing malware, which was available on the company's Github page for several days.MalwareV FintechCCCA
4213/06/2018?Single IndividualsResearchers from Qihoo 360 Total Security reveal the details of ClipboardWalletHijacker, a malware campaign infecting over 300,000 computers. The malware's purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware's authors.MalwareX IndividualCC>1
4313/06/2018?AcFunAccording to a statement by the company, millions of user accounts of the Chinese video sharing platform AcFun are hacked. According to the same statement, the accessed data includes the user IDs, nicknames and passwords of nearly 10 million users. The company urges them to change their password.UnknownR Arts entertainment and recreationCCCN
4414/06/2018Hidden CobraMultiple TargetsThe US Department of Home Security issues a new warning over a new type of malware coming from the Hidden Cobra group. The new variant is known as “TYPEFRAME".Targeted AttackY Multiple IndustriesCEUS
4514/06/2018?HealthEquityAbout 23,000 accounts are compromised by a data breach that took place at HealthEquity in April when an employee fell for a phishing scam.Account HijackingQ Human health and social work activitiesCCUS
4614/06/2018?Multiple TargetsResearchers from Trend Micro reveal another version of the MuddyWater campaign using a Powershell-based PRB-Backdoor. The malware is dubbed W2KM_DLOADR.UHAOEEN.Targeted AttackO Public administration and defence, compulsory social securityCE>1
4714/06/2018?Android usersResearchers from ThreatFabric discover a new malware strain still under development, dubbed MysteryBot, which blends the features of a banking trojan, keylogger, and mobile ransomware.MalwareX IndividualCC>1
4814/06/2018?Med AssociatesMed Associates, notifies of a security incident that may have compromised its patients protected information.MalwareQ Human health and social work activitiesCCUS
4915/06/2018?Vulnerable IoT devicesResearchers from Qihoo 360 Total Security discover a spike in traffic, coming from the infamous Satori botnet, and directed to port TCP 8000, attempting to exploit CVE-2018-10088.Vulnerability (CVE-2018-10088)Y Multiple IndustriesCC>1
5015/06/2018?Multiple Targets in SingaporeResearchers at F5 Labs and Loryka observe a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un.>1Y Multiple IndustriesCW>1

Leave a Reply

%d bloggers like this: