1-15 July 2018 Cyber Attacks Timeline

It’s time to publish the timeline of the main cyber attacks occurred between July 1 and July 15 2018 (and even this time I am including some events that occurred in June but sneaked out from the corresponding timeline).

Let’s crank up and assign the prize of the most impacting megabreach for this fortnight: the winner is Timehop, which had its entire user base (21 million) compromised. However even Yatra.com is well positioned in this unwelcome chart with 5 million user records compromised.

Instead Bancor takes the lead as the latest cryptocompany compromised, with attacker able to siphon off the equivalent of $13.5 million in cryptocoins, and it was not the only one targeted, since Trezor was also indirectly hit with a phishing attack against some of its users, carried on via DNS poisoning or BGP hijacking.

And given that we are in the middle of the summer, state-sponsored actors of the infamous APT28 crew decided to have a “Roman Holiday”, at least this is the name of an operation against the Italian Military Navy.

Unfortunately we have been used lately to quite long lists, so feel free to browse it all and appreciate the fragility of our identity inside the cyber space? You may also want to have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
122/06/2018?Manitowoc CountyManitowoc County officials release more information about a data breach of a Manitowoc County email account in January, when an employee falls victim of a phishing attack.Account HijackingP EducationCCUS
226/06/2018?Linux-Based serversResearchers from Trend Micro uncover a malware bot that infects Linux-based servers and connected devices with a cryptominer that appears to transfer funds to the operators of a Chinese money-making scam website.MalwareY Multiple IndustriesCC>1
329/06/2018?Klook TravelKlook Travel informs its users about a data breach incident it suffered. The attackers exploited a malicious JS code associated with SOCIAPlus, a third-party tool integrated on the site.Malicious JSI Accommodation and food service activitiesCCHK
429/06/2018?Hunt Regional Medical CenterHunt Regional Medical Center notifies patients of a possible breach due to the hack of an employee email occurred on May 1st, 2018.Account HijackingQ Human health and social work activitiesCCUS
501/07/2018?TrezorThe team behind the Trezor multi-cryptocurrency wallet service discovers a phishing attack against some of its users that took place over the weekend, carried on via DNS poisoning or BGP hijacking.BGP Poisoning or DNS HijackingV FintechCCCZ
602/07/2018?Fortnum & MasonLuxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.UnknownG Wholesale and retail tradeCCUK
702/07/2018?WhitbreadWhitbread’s online recruitment system has suffered a data breach, affecting a number of the company’s brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.MalwareI Accommodation and food service activitiesCCUK
802/07/2018?Fortnite playersTens of thousands of Fortnite users are infected by malware after downloading a fake cheating app.MalwareX IndividualCC>1
903/07/2018?Taiwan Democratic Progressive Party's (DPP)The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.DefacementS Other service activitiesHTW
1003/07/2018?Israeli MilitaryThe Israeli military say it had uncovered a plot by Hamas militants to spy on soldiers by befriending them on social media and then luring them into downloading fake dating applications that gave Hamas access to their smartphones.Account HijackingO Public administration and defence, compulsory social securityCEIL
1103/07/2018?Domain FactoryGerman hosting provider Domain Factory experiences a data breach which has exposed customer data. After an unknown threat actor posts claims that suggest they had managed to compromise the firm's systems and access information, the company launches an investigation and finds the claims to be true and says that customer data "was accessed by an outside party without authorization" on 28 January 2018.Variant of the dirty cow vulnerabilityJ Information and communicationCCDE
1203/07/2018Charming Kitten, Newscaster, or Newsbeef.Single IndividualsClearSky Security reveals that the malicious actor Charming Kitten, which the company previously exposed, built a phishing website impersonating the company and attempting to spear-phish people interested in reading reports.Account HijackingX IndividualCC>1
1303/07/2018?Single IndividualsResearchers from Cisco Talos discover a new version of Smoke Loader, a malicious application that can be used to load other malware.MalwareX IndividualCC>1
1403/07/2018?Single IndividualsResearchers at Malwarebytes reveal the details of an operation leveraging shortlinks and traffic distribution system to infect users and mine Monero using the CPN Miner.MalwareX IndividualCC>1
1503/07/2018?Single IndividualsResearchers from Trend Micro uncover an unusual malicious macro-based malware campaign that modifies infected users' shortcut files so that they secretly download a backdoor program.MalwareX IndividualCC>1
1605/07/2018?Yatra.comOnline travel booking website Yatra.com is compromised and attackers steal 5 Million user records that include email address & physical addresses, phone numbers & plain text passwords & PINs. The breach happened back in 2013, and it came to light now.UnknownI Accommodation and food service activitiesCCIN
1705/07/2018?MSK GroupMSK Group notifies patients of a data security incident that they discovered on May 7, due to an unauthorized access to certain parts of the network at times over several month.UnknownQ Human health and social work activitiesCCUS
1806/07/2018Chinese GovernmentAustralian National UniversityChina-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.Targeted AttackP EducationCEAU
1906/07/2018?CVE-2018-7600 Vulnerable serversResearchers from Akamai reveal the details of DrupalGangster, yet another Monero-mining campaign based on XMRig and lukMiner exploiting the Drupalgeddon 2 vulnerability CVE-2018-7600.Vulnerability (CVE-2018-7600)Y Multiple IndustriesCC>1
2006/07/2018?B&B Hospitality GroupB&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.PoS MalwareI Accommodation and food service activitiesCCUS
2106/07/2018?VSDCResearch from Qihoo 360 Total Security reveal that hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software. Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.Malicious LinkJ Information and communicationCCNZ
2206/07/2018?Lake Oswego School DistrictLake Oswego School District warns students about a phishing email after the District Twitter account and an employee email accounts are hacked.Account HijackingP EducationCCUS
2307/07/2018?Blizzard EntertainmentBlizzard Entertainment is hit by a DDoS attack. Players of Overwatch, Heroes of the Storm, and World of Warcraft are affected.DDoSR Arts entertainment and recreationCCUS
2408/07/2018?TimehopTimehop discloses a security breach that has compromised the personal data of 21 million users (essentially its entire user base). Around a fifth of the affected users have also had a phone number that was attached to their account breached in the attack. The breach was discovered on July 4, while the attack was in progress.Account HijackingJ Information and communicationCCUS
2508/07/2018Gaza Cybergang APTInstitutions across the Middle East, specifically the Palestinian Authority.Researchers from Check Point reveal the details of Big Bang, an operation carried on by the Gaza Cybergang APT against institutions across the Middle East, specifically the Palestinian Authority.Targeted AttackY Multiple IndustriesCEPS
2609/07/2018?BancorToken creation platform Bancor goes offline following a "security breach" that sees the platform lose millions of dollars worth of cryptocurrency. The company lost roughly $13.5 million in the hack and the value of the coin loses quickly 20%. The breach was carried on via the compromise of the free VPN service Hola.Account HijackingV FintechCCCH
2709/07/2018?Gas Station in DetroitPolice in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump. At least 10 cars filled up for free during that time.Remote Device?H Transportation and storageCCUS
2809/07/2018?Macy's Inc.Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com or bloomingdales.com and used those to gain access to customers' accounts.Account HijackingG Wholesale and retail tradeCCUS
2909/07/2018BlackTechMultiple TargetsResearchers from ESET discover a new malware campaign misusing stolen digital certificates from D-Link Corporation and Changing Information Technology. Two different malware families that were misusing the stolen certificate – the Plead malware, a remotely controlled backdoor, and a related password stealer component, allegedly used by the cyberespionage group BlackTech.MalwareY Multiple IndustriesCE>1
3009/07/2018Magecart APTInbenta TechnologiesResearchers from RiskIQ reveal the real extension of the third-party breach that compromised the data of several Ticketmaster UK customers. More than 800 e-commerce sites were compromised.Malicious Script InjectionN Administrative and support service activitiesCCES
3110/07/2018?Arch LinuxYet another Linux distribution compromised. This time it's up to Arch Linux, which has three downloadable software packages in the AUR, short for Arch User Repository, rebuilt to contain malware.MalwareJ Information and communicationCCN/A
3210/07/2018TEMP.PeriscopeCambodiaResearchers from FireEye reveal a large scale operation from TEMP.Periscope, a Chinese cyber espionage group seeking to monitor the country’s upcoming and contentious July 29 national elections.Targeted AttackO Public administration and defence, compulsory social securityCEKH
3310/07/2018?U.S. Air ForceSecurity Firm Recorded Future identifies an attempted sale of what is believed to be highly sensitive U.S. Air Force documents pertaining to the MQ-9 Reaper drone. The attack was carried on via the default FTP authentication credentials in Netgear routers.Vulnerability in Netgear RoutersO Public administration and defence, compulsory social securityCCUS
3410/07/2018?Turkish Android usersResearchers from IBM X-Force discover a campaign distributing the Marcher (aka Marcher ExoBot) and BankBot Anubis mobile banking Trojans via malicious apps in Google Play. It’s believed that at least 10,000 people have downloaded the malware.MalwareX IndividualCCTR
3510/07/2018?Career and Technology Education Centers (C-TEC)Career and Technology Education Centers (C-TEC) reveals it suffered a possible data breach earlier this year that could have exposed individuals' names and Social Security numbers. The breach happened on May 25 when an unauthorized person had access to a private file for several minutes.UnknownP EducationCCUS
3610/07/2018?Cass Regional Medical CenterCass Regional Medical Center, a Missouri health care center, announces that they have been affected by an undisclosed ransomware. This incident affected their internal communications system and their electronic health record (EHR) system.MalwareQ Human health and social work activitiesCCUS
3711/07/2018?BPBP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached. The breach is a consequence of the attack to PageUp.MalwareD Electricity gas steam and air conditioning supplyCCUK
3811/07/2018?Chlorine distillation plant in UkraineThe Ukrainian Secret Service (SBU) reveals it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region. The SBU accuses Russia of operating the malware and launching the attack.MalwareD Electricity gas steam and air conditioning supplyCWUA
3911/07/2018?AmmyyResearchers from ESET reveal that on June 13 or 14, the Ammyy website was compromised to serve a malware-tainted version of this otherwise legitimate software bundling the Kasidet trojan. To add an interesting twist to the incident, the attackers tried to hide their malicious activity behind the brand of the ongoing FIFA World Cup.MalwareJ Information and communicationCCUS
4011/07/2018?Major International AirportWhile researching underground hacker marketplaces, researchers from McAfee discover that access linked to security and building automation systems of a major international airport could be bought for only US$10.Account HijackingH Transportation and storageCCUS
4111/07/2018?Aviation ID AustraliaAviation ID Australia, the company that issues Aviation Security Identity Cards (ASICs) is hacked and notifies hundreds of people that their ASIC application information may have been stolen.UnknownN Administrative and support service activitiesCCAU
4212/07/2018?Single IndividualsA hacker gains access to a developer's npm account and injects malicious code into eslint-scope, a popular JavaScript library, sub-module of the more famous ESLint, a JavaScript code analysis toolkit.Malware/Account HijackingX IndividualCC>1
4312/07/2018?13 iPhones in IndiaResearchers from Cisco Talos identify an unprecedented highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.Malicious MDMX IndividualCCIN
4412/07/2018?Samsung service centers in ItalySecurity researchers from TG Soft discover an ongoing malware campaign targeting Samsung service centers in Italy leveraging the CVE-2017-11882 Office Equation Editor vulnerability. The campaign appears to be the counterparts of attacks that have previously targeted similar electronics service centers in Russia this year.Targeted AttackN Administrative and support service activitiesCEIT
4512/07/2018?Single IndividualsResearchers from Imperva pick up on a spike in SPAM activity directed at sites powered by WordPress, launched by a botnet, with linked sites offered betting services on 2018 FIFA World Cup matches.SpambotX IndividualCC>1
4612/07/2018?UMC Physicians (UMCP)UMC Physicians (UMCP) notifies patients who may have been affected by a recent data breach. On May 18, the UMCP IT team discovered an employee’s email account was hacked on March 15, potentially compromising the personal health information of more than 18,000 patients.Account HijackingQ Human health and social work activitiesCCUS
4713/07/2018?Alive HospiceAlive Hospice notifies patients whose personal and protected health information were in employee emails that were accessed by an unknown person or persons beginning on December 20, 2017 and again on April 5, 2018 after two employees fell prey to phishing attacks. The attacks were discovered on May 15, 2018.Account HijackingQ Human health and social work activitiesCCUS
4813/07/2018?Billings ClinicBillings Clinic discloses a breach exposing details of 8,400 patients. The organization detected anomalous activity on one of the employees’ email accounts on May 14, 2018. The investigation revealed the account was compromised while the employee was traveling overseas.Account HijackingQ Human health and social work activitiesCCUS
4913/07/2018?Pennsylvania Department of HealthA government spokesman reveal that the Pennsylvania Department of Health’s birth certificate system was shut down for nearly a week last month after someone hacked into an internal website but did not take or alter citizens records.UnknownO Public administration and defence, compulsory social securityCCUS
5014/07/2018?LabCorpLabCorp, one of the US largest medical diagnostics companies, investigates a security breach that could have put health records of millions of patients at risk. The company, in a filing with the Securities and Exchange Commission, says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.”UnknownQ Human health and social work activitiesCCUS
5114/07/2018AnonymousSant' Andrea HospitalHackers from the Anonymous leak the usernames and passwords from 12,000 employees, patients, contractors from the Sant' Andrea Hospital in italy.SQLiQ Human health and social work activitiesHIT
5215/07/2018?League of Legends Philippines'League of Legends Philippines' confirms an unauthorized modification in their client lobby code resulting in the injection of the Coinhive Monero miner.MalwareX IndividualCCPH
5315/07/2018APT28 AKA Fancy BearItalian MilitarySecurity researchers from the Z-Lab at CSE Cybersec reveal the details of Operation "Roman Holiday" an operation carried on by APT28 (AKA Fancy Bear) and targeting the Italian Military.Targeted AttackO Public administration and defence, compulsory social securityCEIT

Leave a Reply

%d bloggers like this: