It’s time to publish the first timeline of May covering the main cyber attacks occurred between the 1st and 15th, as you will discover (and probably remember), for sure one of the worst months ever…

So May did not start very well with the massive phishing campaign targeting Gmail users and using oauth to spread virally (for the first time in such a massive scale). Final damage report: more than one million accounts compromised. And if this was not enough, things went worse and WannaCry did the rest, with an unprecedented outbreak (74 countries), which could have been much worse without the presence of the infamous kill-switch domain.

Of course all this mess did not stop the crooks from carrying out other massive attacks against Bell Canada (1.9 million accounts compromised) and Edmodo.

Other noticeable events include: the cyber attacks against Sabre Corp. and Docusign, and an SS7 attack against German O2-Telefonica users.

The list of the cyber espionage operations is also quite reach and include: a new wave of attacks from the infamous Turla (AKA Snake AKA Uroburos), the discovery of a RAT dubbed KONNI and targeting assets related to North Korea since at least 3 years, Operation WilySuply, targeting the supply chain of the designated victims, a new attack against Emmanuel Macron’s staff, the discovery of a new actor dubbed APT32 AKA OceanLotus Group, and the return of OilRig.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

ID Date Author Target Description Attack Target

Class Attack

Class Country 1 02/05/2017 ? Gannett Co. A phishing email attack potentially compromises the accounts of as many as 18,000 current and former employees of media company Gannett Co. Account Hijacking Industry: Media CC US 2 02/05/2017 ? HandBrake The popular DVD-ripping HandBrake app, is hacked to install a new variant of the Proton malware. Malware Org: Non-Profit CC FR 3 02/05/2017 ? Android users Sophos reveals the details of Super Free Music Player, a fake music player app in the Google Play Store, downloaded by thousands of users since March 31st, and riddled with malware. Mobile Malware Single Individuals CC >1 4 02/05/2017 ? UK Banks DomainTools reveals that hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials. Domain Squatting Finance CC UK 5 02/05/2017 ? Sabre Corp. Hospitality Unit Travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments. Malware Industry: Travel Technology CC US 6 02/05/2017 ? City of Fitchburg Fitchburg, Mass. city officials report that the Social Security numbers of 1,800 residents were compromised during a data breach that was discovered on April 14, but took place more than three years ago. Unknown Government CC US 7 02/05/2017 ? Wellington's Victoria University Students and staff of Wellington's Victoria University have been warned their usernames and passwords may have been compromised following a data breach following an unauthorised access to the university's IT systems. Unknown Education CC NZ 8 03/05/2017 ? Gmail users A massive phishing campaign hits Google users and compromises about a million of its accounts exploiting a fake app abusing the Oauth authentication protocol. Account Hijacking via Oauth Single Individuals CC >1 9 03/05/2017 ? German O2-Telefonica users O2-Telefonica in Germany confirms to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7. Account Hijacking via SS7 Vulnerability Single Individuals CC DE 10 03/05/2017 Snake AKA Turla, AKA Uroburos OSX Users Fox-it reveals that the infamous threat actor Snake (AKA Turla, AKA Uroburos) is back and ready to target OSX users. Targeted Attack Single Individuals CE >1 11 03/05/2017 ? Assets related to North Korea Researchers from Cisco Talos reveal the details of an unknown Remote Administration Tool, dubbed KONNI, in use, undetected, for over 3 years. Targeted Attack >1 CE >1 12 03/05/2017 Skyscraper Multiple targets Approximately 500,000 pediatric medical records, many from doctors' offices that didn't know they had been breached, are spotted for sale on the dark web. Unknown Healthcare CC US 13 03/05/2017 TuftsLeaks Tufts University A group calling itself TuftsLeaks publishes documents online that contain sensitive financial information from Tufts. The leak includes department budgets, the salaries of thousands of staff and faculty and the ID numbers of student employees with salaries listed. Unknown Education CC US 14 04/05/2017 TheDarkOverlord Aesthetic Dentistry OC Gastrocare Tampa Bay Surgery Center TheDarkOverlord dumps 180,000 patients’ records from 3 hacks. The victims are: Aesthetic Dentistry, OC Gastrocare, Tampa Bay Surgery Center Unknown Healthcare CC US 15 04/05/2017 ? Several high-profile technology and financial organizations Microsoft reveals the details of Operation WilySuply, a sophisticated campaign exploiting the software remote update channel of the supply chain as an attack vector. Targeted Attack Several high-profile technology and financial organizations CE >1 16 04/05/2017 ? Charlotte Flair Victoria WWE divas Charlotte Flair and Victoria are the latest victims of the Celebgate leak. Unknown Single Individuals CC US 17 05/05/2005 ? Debenhams Malware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for six weeks. Malware Industry: Retail CC UK 18 06/05/2005 ? Emmanuel Macron's Staff The French presidential candidate Emmanuel Macron is targeted by a “massive and coordinated” hacking attack, hours before voters go to the polls. Tens of thousands of internal emails and other documents (9Gb) are released online. Unknown Org: Political Party CC FR 19 06/05/2005 ? Confluence Charter Schools The network servers for Confluence Charter Schools are hacked, but school leadership say there is no evidence that student or employee data have been compromised. Unknown Education CC US 20 07/05/2017 ? FCC (Federal Communications Commission) The FCC website is hit by a DDoS Attack. DDoS Government CC US 21 08/05/2017 ? Multiple targets Bitdefender reveals the details of Netpreser, a cyber espionage campaign carried on using readily available software tools. Malware >1 CE >1 22 09/05/2017 ? France France's central bank warns of an increase in phishing attempts using its name and logo and email addresses purporting to be Bank of France ones. Account Hijacking Single Individuals CC FR 23 09/05/2017 Authors from Iran? IP Cameras Trend Micro reveals the details of Persirai, a new IoT botnet targeting IP cameras. Malware >1 CC >1 24 09/05/2017 ? (linked to North Korea?) Unnamed Target Cylance reveals the details of Paipeu, an unknown malware used as an infostealer. Targeted Attack N/A CE N/A 25 10/05/2017 ? Cedexis A DDos attack against Cedexis knocks out several major French news websites including Le Monde and Le Figaro. DDoS Industry: Content Deliver Network CC US 26 11/05/2017 An unidentified group, APT28 and Turla Multiple targets Security vendors ESET and FireEye this week issued separate advisories on cyberattacks involving the use of three Microsoft zero-day flaws: CVE-2017-0261, CVE-2017-0262, CVE-2017-0263. The attacks are carried on by an unidentified group and also by APT28 and Turla. Targeted Attack >1 CE >1 27 11/05/2017 Russian Forces Ukrainian Soldiers Ukrainian soldiers are hit by an ongoing campaign of propaganda-texting. The campaign is attributed to Russian forces equipped with cell site simulators (IMSI-catchers). Cell Site Simulators (IMSI-catchers) Military CW UA 28 11/05/2017 nclay? Edmodo A hacker steals millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web. The organization claims to have over 78 million members. Unknown Industry: Educational Technology CC US 29 12/05/2017 ? Multiple targets The WannaCrypt ransomware worm, aka WanaCrypt or Wcry, explodes across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco (Telefonica), and more organizations. Malware >1 CC >1 30 12/05/2017 ? National University of Singapore (NUS) Nanyang Technological University (NTU) Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data. Targeted Attack Education CE SG 31 12/05/2017 Brooks Brothers U.S. clothing company Brooks Brothers reveals that payment card information of certain customers were compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March. PoS Malware Industry: Clothes CC US 32 12/05/2017 ? Multiple targets Researchers at Cylance reveal a new advanced threat, dubbed Baijiu, which uses heightened interest in North Korea and the GeoCities web service to prey on victims. Targeted Attack >1 CE >1 33 14/05/2017 APT32 AKA OceanLotus Group Multiple Targets with Interests in Vietnam FireEye reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threat group that conducts targeted intrusions at large multinational businesses with interests in Vietnam. Targeted Attack >1 CE >1 34 15/05/2017 ? Bell Canada Bell Canada says that 1.9 million customer account details have been stolen by unknown hackers, although no payment card numbers or passwords have been taken. Unknown Industry: Telco CC CA 35 15/05/2017 ? Docusign DocuSign acknowledges that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. Unknown Industry: SaaS CC US 36 15/05/2017 OilRig? Unnamed Military Contractor TrapX reveals to have repelled an attack against an unnamed military contractor carried on by Iranian hackers using a Russian Toolset. Targeted Attack Industry: Defense Contractor CE US 37 15/05/2017 ? University of New Mexico Foundation A month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation begins sending notification letters about the incident. Unknown Education CC US