Last Updated on December 30, 2018

Here we go with the second timeline of August covering the main cyber attacks occurred between August 16th and August 31st. A timeline apparently indicating that the malicious actors decided to end their summer break quite soon, as the number of recorded events is considerable higher that the first timeline (available here).


New timeline… New massive breaches… And the winner for this fortnight is Huazhu Group Ltd., one of China’s largest hotel operators, which had the details of 130 million customers leaked in the dark web. Unfortunately even T-Mobile and Air Canada were hit hard (with the records of respectively 2 million and 1.7 million individuals compromised).

Another interesting factor characterizing this fortnight is the discovery (and consequent takedown) of suspected influence and misinformation operations carried out via social network bots. Not only a massive campaign targeting audience in US, UK, Middle East and Latin America has been uncovered, but also the Swedish Security Service has revealed a proliferation of new bots trying to influence the general elections.

But also state-sponsored actors were quite active: this timeline includes operations from the likes of APT28, Turla, the Lazarus Group, TA555, Cobalt, and also suspected actors from China’s Tsinghua University, and from Iran.


Of course the list doesn’t end here! My advice is to read it all and realize the fragility of our identity inside the cyber space. And id you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1115/08/2018?Hans KeirsteadRolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California.Targeted AttackO Public administration and defence, compulsory social securityCEUSHans Keirstead, Rolling Stone
2216/08/2018Malicious Actors from ChinaAlaska Communications Systems Group Inc Ensco Plc’s Atwood Oceanics, The Alaska Department of Natural Resources The Alaska governor’s office Regional internet service provider TelAlaskaCybersecurity firm Recorded Future said the Hackers operating from China’s Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaska’s trade mission to China.Account HijackingY Multiple IndustriesCEUSRecorded Future, China, Alaska Communications Systems Group Inc,Ensco Plc’s, Atwood Oceanics,The Alaska Department of Natural Resources, The Alaska governor’s office, Regional internet service provider TelAlaska
3316/08/2018?Augusta University HealthAugusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018.Account HijackingQ Human health and social work activitiesCCUSAugusta University Health
4416/08/2018?Several Financial InstitutionsProofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware is dubbed “Marap” (“param” backwards).MalwareK Financial and insurance activitiesCC>1Proofpoint, Marap
5517/08/2018?Eastern Maine Community CollegeEastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students (42,000 individuals).MalwareP EducationCCUSEastern Maine Community College
6617/08/2018?Individual UsersResearchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet.MalwareK Financial and insurance activitiesCC>1Trustwave, Micorosoft Publisher, Necurs
7717/08/2018?Compromised Wordpress SitesResearchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js.Malicious Script InjectionX IndividualCC>1Sucuri, Wordpress, popuplink.js
8818/08/2018?David MinReuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California.Targeted AttackO Public administration and defence, compulsory social securityCEUSDavid Min, Reuters, FBI
9918/08/2018?Bossier CitySome Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system.MalwareO Public administration and defence, compulsory social securityCCUSBossier City
101020/08/2018?Legacy HealthLegacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018.Account HijackingQ Human health and social work activitiesCCUSLegacy Health
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.