Last Updated on December 30, 2018

It’s time to publish the second timeline of October, covering the main events occurred between October 16 and October 31 (the first timeline is here). The total number of collected events is 58, showing a light increase compared with the 54 events of the previous fortnight.


Many events to pinpoint these days, starting from the massive breach to Cathay Pacific, potentially affecting 9.4 million users, and not exactly an example of how breaches should be handled in the GDPR era.

Attacks against crypto exchanges play also an important role in this timeline: Trade.io has suffered an illegitimate withdrawn of $7.5 Million worth in token, while MapleChange has suffered $6 Million worth losses, despite there are many doubts this could be an exit scam.


Interesting timeline also from a cyberwarfare and hacktivism perspective: Ukraine (and Poland) were hit by GreyEnergy, yet another long-lasting operation, direct successor of the infamous BlackEnergy, whose origin dates back to 2015: while Italian hacktivists affiliated to Anonymous kicked off Op #FifthOfNovember against Universities, Trade Unions, and other websites.

Again, 58 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.


Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1105/10/2018?National Ambulatory Hernia InstituteNational Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack occurred on October 5.MalwareQ Human health and social work activitiesCCUSNational Ambulatory Hernia Institute, Ransomware
2216/10/2018?New Share CountsResearchers from Sucuri reveal that New Share Counts, a discontinued Tweet counter is hijacked, redirecting the users to scam pages.Malicious ScriptX IndividualCC>1New Share Counts, Sucuri
3316/10/2018Attackers linked to HezbollahMultiple TargetsThe Czech Security Intelligence Service (BIS) reveals to have taken down the infrastructure used by Hezbollah operatives to target and infect users around the globe with mobile malware.MalwareY Multiple IndustriesCW>1Hezbollah, BIS
4416/10/2018?City of West HavenThe City of West Haven pays $2,000 after having 23 of its servers encrypted from a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCUSWest Haven, Ransomware
5517/10/2018GreyEnergyEnergy companies and other high-value targets in Ukraine and PolandResearchers from ESET uncover details of the successor of the BlackEnergy APT group, named GreyEnergy. Since December 2015, the group attacked energy companies and other high-value targets in Ukraine and Poland for the past three years.Targeted AttackD Electricity gas steam and air conditioning supplyCW>1GreyEnergy, ESET, Ukraine, Poland
6617/10/2018?A primary company in the Italian Naval IndustryResearchers from Yoroi discover a new targeted campaign against one of the most important companies in the Italian Naval Industry. The malware is dubbed MartyMcFly.Targeted AttackH Transportation and storageCEITYoroi, MartyMcFly
7717/10/2018?Vesta Control Panel (VestaCP)Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed tMalwareJ Information and communicationCC>1Vesta Control Panel, VestaCP
8817/10/2018?Single IndividualsResearchers from Zscaler uncover a new SEO poisoning campaign, targeting keywords associated with the U.S. midterm elections. Attackers have hacked over 10,000 web sites in order to promote 15,000 different keywordsSEO PoisoningX IndividualCC>1Zscaler
9917/10/2018?City of MuscatineThe City of Muscatine is hit with a ransomware attack on October 17. Financial and other servers are affected.MalwareO Public administration and defence, compulsory social securityCCUSMuscatine, Ransomware
101017/10/2018?FacepunchAs reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed.UnknownR Arts entertainment and recreationCCUKTroy Hunt, Have I Been Pwned, Facepunch
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.