Last Updated on December 30, 2018

It’s time to publish the second timeline of September covering the main cyber attacks occurred between September 16th and September 30th (plus a few events  that slipped away from the previous timeline, which you can find here).


If you still have an account on Facebook, you have a good chance to be among the 90 million users forced to reset their password after the breach due to the “view as feature”. For sure this is the most important breach of this timeline that overshadows other massive events like the password reset for 40 million users belonging to Chegg, the 11 million compromised records belonging to Serverspy.com and the 6.42 million customers of fashion brand SHEIN.

And while two cyber attacks crippled the ports of San Diego and Barcelona, cryptoservices are always a hot topic, as shown by the cyber attack suffered by the Japanese Cryptocurrency exchange Zaif (about $60 million worth of cryptocurrency gone with the wind).

The events led by hacktivism confirm their decreasing trend, whilst alleged state-sponsored malicious actors from Russia and North Korea are always on the spot.


In any case read the timeline to have a complete view of the threat landscape (and share it!). And if you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). Do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

If you want, you can always submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.


wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1112/09/2018?SMEG UKThe UK branch of the appliance manufacturer SMEG reveals to have been hit by a "targeted cyber attack".UnknownC ManufacturingCCUKSMEG UK
2214/09/2018MagecartGroopdealzGroopdealz joins the list of the victims of the Magecart group.MalwareG Wholesale and retail tradeCCUSGroopdealz, Magecart
3317/09/2018?Saverspy.comBob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.Unsecured MongoDBG Wholesale and retail tradeCCUSBob Diachenko, MongoDB, Saverspy.com
4417/09/2018LulzSecITAUnuci.org (Union of Italian Retired Military Officials)LulzSecITA leaks the personal details of about 300 retired military officials.UnknownS Other service activitiesHITLulzSecITA, unuci.org
5517/09/2018Iron cybercrime group (AKA Roke)Vulnerable Windows and Linux ServersResearchers from Palo Alto Networks discover a new malware strain dubbed XBash that combines features from four types of malware categories: ransomware, coinminers, botnets, and worms.MalwareY Multiple IndustriesCC>1Palo Alto Networks, Iron, Roke, Xbash, Crypto, Ransomware
6617/09/2018?Multiple targetsResearchers from Qihoo's 360Netlab discover Fbot, a botnet based on Satori, which instead of infecting devices, appears to be actually wiping them clean of cryptocurrency mining malware. The botnet hides its C&C behind a blockchain-based DNS.MalwareY Multiple IndustriesCC>1Qihoo's 360Netlab, Fbot,
7717/09/2018?Perth MintA data breach at Perth Mint sees hackers take the personal details of about 3200 customers, far more than initially suspected. The breach occurred on the system of a third-party technology provider and only involved 13 customer initially.UnknownO Public administration and defence, compulsory social securityCCAUPerth Mint
8817/09/2018?Multiple government websites in India.Security researchers discover that multiple government websites in the country are infected with cryptojackers.MalwareO Public administration and defence, compulsory social securityCCINCrypto
9917/09/2018?Nonresident aliens in the U.S.Researchers at Fortinet discover a phishing campaign claiming to be from the IRS but reportedly sent from a server originating in Italy. The campaign appears to be targeting nonresident aliens.Account HijackingX IndividualCCUSFortinet
101018/09/2018MagecartABS-CBN213 customers of ABS-CBN, a Filipino media conglomerate, have their financial data stolen data due to a payment skimmer discovered in the broadcaster's online store.MalwareJ Information and communicationCCPHABS-CBN, Magecart
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.