16-30 June 2018 Cyber Attacks Timeline

It’s time to publish the second timeline of June, covering the main cyber attacks occurred between June 16 and June 30 (including a couple of events that I omitted previously). And by the way, the first timeline is here.



Another month, another cryptocurrency exchange pawned. Bithumb has fallen for the second time with the criminals stealing the equivalent of $31.5 million in virtual coins. And the cryptocurrency frenzy is pushing the criminals to find smarter and smarter ways to target their victims wallet: researches have discovered a new clipboard hijacker able to monitor 2.3 million bitcoin addresses.

And of course other new breaches… The list of target in this fortnight includes: Adidas (“few million” users data stolen), Ticketmaster, Typeform, FastBooking, and Flightradar24.

Last but not least, this month has also seen the discovery of a massive campaign, dubbed Thrip, a sophisticated operation originating from China targeting satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, and active from 2013.

As usual, despite the trend is decreasing, the list of the recorded events is quite long, so feel free to browse the whole list and realize the fragility of our identity inside the cyber space? You may also want to have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
106/06/2018?Danielle LloydDanielle Lloyd, English model and former Miss England and Miss Great Britain, has her iCloud account hacked, with attackers stealing intimate images that were eventually posted online.Account HijackingX IndividualCCUK
213/06/2018?Black River Medical CenterBlack River Medical Center in Missouri notifies an unspecified number of patients potentially affected by a phishing incident discovered on April 23.Account HijackingQ Human health and social work activitiesCCUS
316/06/2018?Liberty LifeLiberty Life's IT system are attacked by unknown hackers, who reportedly obtain sensitive data about some of the insurer's top clients and ask for a ransom.UnknownK Financial and insurance activitiesCCZA
417/06/2018?Andy Android Emulator usersA GPU Miner Trojan is installed along with the popular Andy Android emulator.MalwareX IndividualCCUS
518/06/2018?CarepartnersCarePartners' computer system is breached and as a result patient and employee information including personal health and financial information, are inappropriately accessed.UnknownQ Human health and social work activitiesCCCA
619/06/2018ThripSatellite operators, defense contractors and telecommunications companies in the United States and southeast AsiaResearchers from Symantec reveal the details of Thrip, a sophisticated hacking campaign launched from computers in China targeting satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, active from 2013.Targeted AttackY Multiple IndustriesCE>1
718/06/2018?Flightradar24Users of the popular flight-tracking site flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).UnknownS Other service activitiesCCSE
819/06/2018?Individuals in the USResearchers at Bitdefender discover Zacinlo, a newly uncovered form of stealthy and persistent malware distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines' desktops. The vast majority of Zacinlo victims are in the US, with 90 percent of those infected running Microsoft Windows 10.MalwareX IndividualCCUS
919/06/2018?Med AssociatesMed Associates notifies its patients that the facility suffered a data breach on March 22, when unusual activity was detected, potentially exposing PII, including medical diagnosis and payment card information of about 270,000 patients.UnknownQ Human health and social work activitiesCCUS
1019/06/2018?Financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.Researchers from Kaspersky Lab reveal to have detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.MalwareY Multiple IndustriesCC CE>1
1119/06/2018?Android UsersMalware researchers from ESET discover a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.MalwareX IndividualCC>1
1220/06/2018?Fortnite playersMalwarebytes reveal the details of a campaign carried on via a fake installer for the famous video game Fortnite.MalwareX IndividualCC>1
1320/06/2018?BithumbSouth Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by hackers.UnknownV FintechCCKR
1420/06/2018?Multiple TargetsResearchers from Deep Instinct reveal the details of Mylobot, a complex botnet that uses a never before seen combination of evasion techniques,MalwareY Multiple IndustriesCC>1
1520/06/2018?Unknown target (probably an embassy)Researchers from AlienVault uncover a new Afghanistan-based attack disguised as a recent article from a Middle Eastern news, leveraging a Metasploit backdoor.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
1620/06/2018?Road Sign close to ICE (U.S. Immigration and Customs Enforcement)Someone hacks a road sign close to the ICE headquarter in Portland and defaces it with the “Abolish ICE” message.UnknownO Public administration and defence, compulsory social securityHUS
1721/06/2018?Android UsersRiskIQ reveals the details of a new malicious Android app that has infected at least 60,000 devices, gaining the ability to extract some important information from each device along with installing some ad click malware.MalwareX IndividualCC>1
1821/06/2018?Vulnerable Drupal serversResearchers from Trend Micro observe a series of network attacks exploiting the Drupal vulnerability CVE-2018-7602 to turn affected systems into Monero-mining bots.Vulnerability (CVE-2018-7602)Y Multiple IndustriesCC>1
1921/06/2018?Magento sitesResearchers at Sucuri discover a very simple evasion technique to infect again Magento websites after their malicious code has been removed.MalwareY Multiple IndustriesCC>1
2021/06/2018?HumanaHealth insurer Humana notifies an unspecified number of health plan members after detecting and blocking a credential stuffing attack against Humana.com and Go365.com. The attacks took place on June 3 and June 4 from overseas IP addresses.Credential StuffingQ Human health and social work activitiesCCUS
2122/06/2018?Indian BusinessmanThe email of a city-based businessman is hacked and INR12.5 lakh (USD 18,230) stolen and transferred to two bank accounts in China.Account HijackingX IndividualCCIN
2222/06/2018?PDQPDQ, a fast-casual dining restaurant warns customers about a cyber attack on its computer systems in which hackers were able to access or acquire personal information from the chain’s customers who paid with credit cards. The breach lasted nearly a year, from May 19, 2017 to April 20, 2018.Remote accessI Accommodation and food service activitiesCCUS
2322/06/2018?Entities in South East AsiaSecurity researchers at Palo Alto Networks uncover a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia, using two previously unknown strains of malware dubbed DDKONG and PLAINTEE.Targeted AttackY Multiple IndustriesCE>1
2422/06/2018?cryptocurrency exchangesSecurity researchers at AlienVault uncover a series of cyber attacks on cryptocurrency exchanges, carried on by the infamous Lazarus Group, and leveraging weaponized HWP documents (Hangul Word Processor documents). The researchers suspect the same actors are behind the attack to Bithumb,Targeted AttackV FintechCC>1
2522/06/2018Tick APTSouth Korean defense companyResearchers from Palo Alto Networks uncover a new operation conducted by the cyber espionage group known as Tick APT. The campaign targets a secure USB drive built by a South Korean defense company.Targeted AttackO Public administration and defence, compulsory social securityCEKR
2624/06/2018?Midwest CityMidwest City, Oklahoma, reports that about 2,300 customers are potentially affected by a breach involving Superion's software Click2Gov.VulnerabilityO Public administration and defence, compulsory social securityCCUS
2726/06/2018?FastBookingThe personal details and payment card data of guests from hundreds of hotels, are stolen by an unknown attacker from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries. The breach occurred on June 14.Vulnerability on Web AppJ Information and communicationCCFR
2826/06/2018?Single IndividualsSecurity researchers at Kaspersky discover an adware written in Python targeting Windows-based computers. The adware is dubbed PBot (PythonBot) and is also able to install cryptocurrency miner and ad extensions in the browser.MalwareX IndividualCC>1
2927/06/2018?TicketmasterTicketing service Ticketmaster announces a data breach affecting roughly 5% of its entire customer base, resulting in the theft of customer data, Ticketmaster login information, and payment details. The breach didn't occur at Ticketmaster itself, but at Inbenta, a provider of AI-powered live chat widgets, which Ticketmaster was deploying on some of its localized sites across the world.UnknownR Arts entertainment and recreationCCUS
3027/06/2018?Red Hen RestaurantResearchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattackSEO SpamI Accommodation and food service activitiesCCUS
3127/06/2018Apophis SquadProtonMailProtonMail is hit by a DDoS attackDDoSJ Information and communicationCCCH
3227/06/2018?Connecticut Higher Education Trust (CHET)Unauthorized individuals gain access to 21 accounts of the Connecticut Higher Education Trust (CHET) and make 44 withdrawals, for a total of $1,416,635, of which, $442,540 is recovered or stopped.Account HijackingP EducationCCUS
3327/06/2018?Z Energy LtdNew Zealand-based fuel supplier Z Energy Ltd says it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.UnknownS Other service activitiesCCNZ
3427/06/2018?Cyanweb SolutionsDigital marketing and web provider Cyanweb Solutions looses nearly all customer data and backups after a “criminal hacking incident” that compromises one of its servers.UnknownM Professional scientific and technical activitiesCCAU
3528/06/2018?AdidasAdidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords.UnknownG Wholesale and retail tradeCCUS
3628/06/2018?Official website of Ernakulam Siva TempleThe official website of Ernakulam Siva Temple is defaced with anti-national slogans and offensive language besides a Pakistan flag.DefacementS Other service activitiesHIN
3728/06/2018?GitHub account of the Gentoo Linux distributionAn unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' files remain safe.Account Hijacking/MalwareS Other service activitiesCCUS
3828/06/2018?Single IndividualsResearchers from FireEye discover for the first time one malware campaign using the innovative PROPagate technique to inject malware into legitimate processes.MalwareX IndividualCC>1
3928/06/2018?Multiple TargetsAfter observing attacks on customers, Cisco tells users to install the fix for CVE-2018-0296, a denial-of-service flaw, discovered on June 6, affecting a number of its security appliances.Vulnerability (CVE-2018-0296)Y Multiple IndustriesCC>1
4028/06/2018?City of MidlandCity of Midland is the latest municipality being breached because of a vulnerability in the Superion’s Click2Gov application.VulnerabilityO Public administration and defence, compulsory social securityCCUS
4128/06/2018?Middletown school districtThe Middletown School District is hit by a ransomware.MalwareP EducationCCUS
4228/06/2018?South Eastern Regional College (SERC)Personal information of hundreds of staff at the South Eastern Regional College is compromised after detecting suspicious email activity as the consequence of a hack.Account HijackingP EducationCCIE
4329/06/2018?TypeformBarcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.UnknownS Other service activitiesCCES
4429/06/2018?Algonquin CollegeThe Algonquin College publishes a note indicating that the education community is still not sure how many current and former students and employees could be affected by a cyber attack that happened weeks earlier. However the note suggests that the impacted people could be thousands.UnknownP EducationCCCA
4530/06/2018?Single IndividualsResearchers from Bleeping Computers discover a new Clipboard Hijacker Malware able to monitor 2.3 Million bitcoin addresses.MalwareX IndividualCC>1
4630/06/2018?Single IndividualsSecurity researchers spot a new Mac malware family, dubbed OSX.Dummy, advertised on cryptocurrency-focused Slack and Discord channels.MalwareX IndividualCC>1
4730/06/2018?Notre Dame de Namur UniversityNotre Dame de Namur University notifies some financial aid applicants that their information may have been compromised when an employee fell prey to a phishing attack on April 23, 2018.Account HijackingP EducationCCUS

Leave a Reply

%d bloggers like this: