-
Notifications
You must be signed in to change notification settings - Fork 88
/
Copy pathcyberattack-timeline-2018.txt
69 lines (69 loc) · 19.1 KB
/
cyberattack-timeline-2018.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
D Date Author Target Description Attack Target
Class Attack
Class Country
1 01/02/2018 ? Single Individuals The FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam. Account Hijacking X Individual CC >1
2 01/02/2018 Iron Tiger Institutions in the government, technology, education and telecommunications sector in Asia and the US. Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US. Targeted Attack Y Multiple Industries CE >1
3 01/02/2018 ? Google Chrome Users Security researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub." Malware X Individual CC >1
4 01/02/2018 ? IoT Devices Researchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-201717215). Vulnerability X Individual CC >1
5 01/02/2018 ? City of Pittsburg in Kansas The City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year. Account Hijacking O Public administration and defence, compulsory social security CC US
6 01/02/2018 ? HORNE LLP HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails. Account Hijacking K Financial and insurance activities CC US
7 01/02/2018 ? City of Batavia The city of Batavia reports employees personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings. Account Hijacking O Public administration and defence, compulsory social security CC US
8 01/02/2018 ? Kinetics Systems Kinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised. Account Hijacking C Manufacturing CC US
9 01/02/2018 ? Purchase Line School District The Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee. Account Hijacking P Education CC US
10 01/02/2018 ? Coastal Cape Fear Eye Associates Coastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients. Malware Q Human health and social work activities CC US
11 01/02/2018 ? Aperio Aperio informs of a data breach that occurred when two employees email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Account Hijacking K Financial and insurance activities CC US
12 02/02/2018 ? Redis and OrientDB servers Researchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution. Brute Force/Remote Code Execution Vulnerability X Individual CC >1
13 02/02/2018 ? Mac Users Researchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications. Malware X Individual CC >1
14 02/02/2018 ? Rons Pharmacy Services Rons Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Rons Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017. Account Hijacking G Wholesale and retail trade CC US
15 03/02/2018 ? Android Users Researchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner. Malware X Individual CC >1
16 04/02/2018 ? Reddit Users Security Researcher Alec Muffett discovers a clone of the popular social news aggregation and discussion site Reddit on the reddit.co domain. Account Hijacking X Individual CC >1
17 04/02/2018 ? City of Keokuk The City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a criminal phishing email. Account Hijacking O Public administration and defence, compulsory social security CC US
18 05/02/2018 ? Waldo County A phishing attack compromised the information of 100 Waldo County employees Account Hijacking O Public administration and defence, compulsory social security CC US
19 05/02/2018 ? City of Keokuk The city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials. Account Hijacking O Public administration and defence, compulsory social security CC US
20 05/02/2018 ? Partners HealthCare System Partners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients information. Malware Q Human health and social work activities CC US
21 05/02/2018 ? University of Northern Colorado The private information of 12 University of Northern Colorado employees is compromised lafter an unknown person or group accessed their profiles on Ursa, UNCs online portal. Unknown P Education CC US
22 06/02/2018 Hidden Cobra, aka Lazarus Group Multiple Targets The Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server. Targeted Attack Y Multiple Industries CE >1
23 06/02/2018 AnonPlus Italian Democratic Party (PD) The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online. Unknown U Activities of extraterritorial organizations and bodies H IT
24 06/02/2018 AnonPlus Province of Milan The same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy. SQLi O Public administration and defence, compulsory social security H IT
25 07/02/2018 ? Swisscom Swisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers. Account Hijacking J Information and communication CC CH
26 07/02/2018 ? The Sacramento Bee The Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper. Malware J Information and communication CC US
27 07/02/2018 ? Nova Poshta Personal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web. Unknown S Other service activities CC UA
28 07/02/2018 ? City of Enumclaw The city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees. Account Hijacking O Public administration and defence, compulsory social security CC US
29 07/02/2018 ? Twitter Users Online scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways." Fake Twitter Accounts X Individual CC >1
30 07/02/2018 ? Targets in Middle East Researchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region. Targeted Attack Y Multiple Industries CE >1
31 07/02/2018 ? Business Wire Press release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week. DDoS J Information and communication CC US
32 07/02/2018 ? Smith Dental Smith Dental notifies of a ransomware attack affecting 1,500 patients. M Q Human health and social work activities CC US
33 08/02/2018 ? Undisclosed Water Utility Company Researchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency, Malware E Water supply, sewerage waste management, and remediation activities CC N/A
34 08/02/2018 ? Decatur County General Hospital Decatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware. Malware Q Human health and social work activities CC US
35 08/02/2018 ? Single Individuals Researchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware. Malware X Individual CC >1
36 08/02/2018 ? Mikaela Hoover The Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim. Account Hijacking X Individual CC US
37 08/02/2018 ? Multiple Targets Researchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server. PoS Malware Y Multiple Industries CC >1
38 08/02/2018 ? Cisco ASA Users Five days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability." Cisco ASA Vulnerability Y Multiple Industries CC >1
39 08/02/2018 ? Single Individuals A new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script. Malware X Individual CC >1
40 09/02/2018 ? Single Individuals A new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran. Malware X Individual CC >1
41 10/02/2018 Vietnamese Hacker Newtek Business Services Corp., Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend. DNS Hijacking J Information and communication CC US
42 10/02/2018 ? BitGrail Italian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months. Unknown V Fintech CC IT
43 11/02/2018 ? Pyeongchang Winter Olympics Pyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Fridays opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems. Targeted Attack U Activities of extraterritorial organizations and bodies CW KR
44 11/02/2018 ? 4,275 sites 4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk. Malicious Script Y Multiple Industries CC >1
45 12/02/2018 ? Wordpress Websites Two malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page. Wordpress Malicious Plugins X Individual CC >1
46 12/02/2018 ? Android Users Malwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency. Drive-By X Individual CC >1
47 12/02/2018 Hidden Cobra, aka Lazarus Group Bitcoin users and global financial organizations. Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations. Targeted Attack K Financial and insurance activities CC >1
48 12/02/2018 ? Single Individuals A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. Malware X Individual CC >1
49 12/02/2018 ? Single Individuals Researchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentines Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks. Malware X Individual CC >1
50 12/02/2018 ? Idaho Transportation Department (ITD) A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified. Account Hijacking O Public administration and defence, compulsory social security CC US
51 12/02/2018 ? Entergy Entergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data. Unknown D Electricity gas steam and air conditioning supply CC US
52 13/02/2018 ? Telegram Users Researchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily). Zero-Day Vulnerability in Telegram X Individual CC >1
53 13/02/2018 ? Android Users Researchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016. Malware X Individual CC >1
54 13/02/2018 ? Military personnel and businessmen, among others, in various South Asian countries Valentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps. Targeted Attack X Individual CE >1
55 13/02/2018 ? Vulnerable Firewalls Researchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-20157755 and CVE-201610401 to bypass respectively Juniper and Zyxel firewalls. Malware Y Multiple Industries CC >1
56 13/02/2018 ? Advertisement Screen in London And the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner. Malware Z Unknown CC UK
57 14/02/2018 ? Staybridge Suites Lexington Hotel The Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware. PoS Malware R Arts entertainment and recreation CC US
58 14/02/2018 ? Single Individuals Researchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro. Malware X Individual CC >1
59 14/02/2018 ? Single Individuals A Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder. SEO Poisoning X Individual CC >1
60 14/02/2018 ? Bitmessage users Maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers. Zero-Day Vulnerability in Bitmessage X Individual CC >1
61 14/02/2018 ? Atos Reports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics. Targeted Attack J Information and communication CE FR
62 14/02/2018 ? Western Union Western Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage Unknown K Financial and insurance activities CC US
63 15/02/2018 ? Jenkins CI Servers Researchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are able Malware Y Multiple Industries CC >1
64 15/02/2018 ? Retina-X Studios A vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products. Unknown J Information and communication CC US
65 15/02/2018 GOLD LOWELL Multiple Targets Researchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks. Malware Y Multiple Industries CC US
66 15/02/2018 ? Single Individuals Researchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins. Malware X Individual CC >1