1-15 August 2015 Cyber Attacks Timeline

It’s time to publish the first timeline of August.

Despite the Summer holidays, it has been a really busy period with several high profile operations, such as the cyber attack against the Pentagon, allegedly originated from Russia, and the ones that hit Sabre Corporation and American Airlines, allegedly executed by the same Chinese group that hit Anthem Inc. and the U.S. Government’s Personnel Office.

But even cyber criminals were quite active: yet another retailer has been severely hit, and I am obviously referring to Carphone Warehouse whose 2.4 million customers might have had their personal details illegitimately accessed after a cyber attack.

Other interesting events include a large scale attack against Yahoo! own Ad network aimed to distribute malware and a $46 million worth cyber heist against Ubiquity Networks.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
101/08/2015?RBS Banking GroupThe RBS banking group reveals it suffered a cyber attack on its online services that left customers struggling to log on for nearly an
hour.
DDoSFinanceCCUK
http://www.theguardian.com/business/2015/jul/31/rbs-and-natwest-customers-complain-of-online-problems
201/08/2015?OCEA
(Orange County Employees Association)
The Orange County Employees Association notifies an undisclosed number of people that their personal information, and that of their dependents, may have been accessed by hackers during one or more attacks, which appears to have occurred as early as June 5, and detected on July 23.UnknownOrg: Non-ProfitCCUShttp://www.databreaches.net/orange-county-employees-association-victim-of-hack/
301/08/2015?Red Granite PicturesRed Granite Pictures, claims in a new lawsuit that it has been the subject of a malicious hack that has allowed the attackers to intimidate employees and disrupt its business via a mass emails campaign.UnknownIndustry: Entertainment
CCUShttp://www.hollywoodreporter.com/thr-esq/wolf-wall-street-backer-says-812115
401/08/2015?Siouxland Pain ClinicSiouxland Pain Clinic‘s computer system is hacked, putting at risk patient privacy. 13,000 users are potentially affected and an investigation suggests a possible Chinese origin for the attack.UnknownHealthcareCCUShttp://www.databreaches.net/siouxland-pain-clinic-says-patient-information-likely-exposed-by-hacker/
501/08/2015MuhmadEmadSheriff’s Office at Etowah County and Hardin Center
http://etowahcountysheriff.com
http://culturalarts.com
MuhmadEmad, an anti-ISIS Kurdish hacker, defaces the Sheriff’s office at Etowah County and Hardin Center (etowahcountysheriff.com and culturalarts.com) posting a message against Islamic State. The sites are hosted on Network Solutions that publishes a statement about the attack. DefacementLaw EnforcementHUShttps://www.hackread.com/anti-isis-kurdish-hacker-sheriff-site/
http://www.databreaches.net/network-solutions-customer-sites-defaced/
601/08/2015?Bodmin College's website
http://www.bodmincollege.co.uk
A disgruntled former student is thought to be responsible for hacking Bodmin College's website and defacing it with a series of obscenitiesDefacementEducationCCUKhttp://www.cornishguardian.co.uk/Bodmin-College-website-hacked-obscenities-WARNING/story-27514759-detail/story.html
702/08/2015Anonymous
Several Taiwan government websites
In name of OpTaiwan, the online hacktivist Anonymous shuts down several Taiwan government websites.DDoSGovernmentHTWhttps://www.hackread.com/anonymous-brings-down-taiwan-govt-websites/
802/08/2015?Dubizzle
Several Dubizzle customers receive a warning email message instructing them to immediately change their passwords, after the online classifieds website discovers a security breach.UnknownIndustry: Classified MarketplaceCCUAEhttp://www.emirates247.com/business/technology/dubizzle-strengthens-online-security-following-breach-2015-08-06-1.599356
903/08/2015?Yahoo!Malwarebytes uncovers a large scale attack abusing Yahoo!’s own ad network (6.9 Billion visits per month).MalvertisingIndustry: Internet ServicesCCUShttps://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/
1003/08/2015Telecomix CanadaDonald Trump Corporate Website
http://www.trump.com
Telecomix Canada hacks Donald Trump's corporate website (trump.com) sending a public thank you message to outgoing Daily Show host Jon Stewart.DefacementSingle IndividualHUShttp://www.cbc.ca/news/trending/hacktivists-hijack-donald-trumps-website-with-message-for-jon-stewart-1.3178066
1104/08/2015?Valve's Dota 2 Online TournamentThe International annual tournament for Valve's Dota 2, featuring dozens of players and millions in prize money, is put on hold when a DDoS attack takes down the game's servers.DDoSIndustry: Video GamesCCUShttp://www.theverge.com/2015/8/4/9097597/the-international-dota-2-ddos-attack-valve
1204/08/2015?HoverWebsite domain name registrar Hover emails users warning of possible "unauthorised access" to one of its systems, telling them that they will not be able to log into the service until they reset their passwords.UnknownIndustry: Internet ServicesCCCAhttps://grahamcluley.com/2015/08/security-alert-hover-leads-password-reset/
1304/08/2015?Andy Weir
Andy Weir, the creator of The Martian has its Twitter and E-mail accounts hacked.Account HijackingSingle IndividualCCUShttp://arstechnica.com/security/2015/08/the-martian-author-says-comcast-let-hacker-take-over-his-e-mail/
1404/08/2015Terracotta>1
Researchers from RSA Security have discover a VPN provider in China that use hacked Windows servers around the world as VPN nodes on a network that is used as cover by some APT groups. The provider is codenamed: Terracotta.
>1>1CC>1https://threatpost.com/researchers-uncover-terracotta-chinese-vpn-service-used-by-apt-crews-for-cover/114110#sthash.vHpLzuCC.dpuf
1505/08/2015Emissary Panda
Threat Group 3390
>1Dell SecureWorks researchers unveil a report on a newly detected hacking group that has targeted companies around the world while stealing massive amounts of industrial data. The majority of the targets of the hacking group were in the automotive, electronic, aerospace, energy, and pharmaceutical industries.Targeted Attack via Watering Hole>1CE>1http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/
1605/08/2015?Two Undisclosed UAE BanksSeveral credit cards are being replaced across the UAE by some banks following a possible security beach involving online hackers.UnknownFinanceCCUAEhttp://www.emirates247.com/business/technology/fraud-alert-uae-banks-replace-credit-cards-after-security-scare-2015-08-05-1.599203
1705/08/2015Dr.MwNsSri Lankan Prime Minister Office website
http://www.pmoffice.gov.lk
The Sri Lankan prime minister Ranil Wickremesinghe has his office website hacked by a Pro-Syria hacktivist dubbed Dr.MwNs.DefacementGovernmentHLKhttps://www.hackread.com/sri-lankan-prime-ministers-office-website-hacked/
1806/08/2015Unknown Russian HackerE*Trade
Commsec
Australian Investment Exchange
The Australian Securities & Investment Commission (ASIC) reveals that an unnamed Russian hacker used compromised retail accounts held by E*Trade, Commsec and the Australian Investment Exchange to illegally manipulate more than a dozen penny stocks to the tune of $77,429 AUD (nearly $57,000 USD).Account HijackingFinanceCCAUhttp://www.scmagazine.com/aussies-finger-russian-in-stock-hack/article/430752/
1906/08/2015Russia ?United States Department of DefenseU.S. officials tell NBC News that Russia launched a "sophisticated cyberattack" against the Pentagon's Joint Staff unclassified email system, which has been shut down and taken offline for nearly two weeks. According to the officials, the "sophisticated cyber intrusion" occurred sometime around July 25 and affected some 4,000 military and civilian personnel who work for the Joint Chiefs of Staff.Targeted AttackGovernmentCEUShttp://www.cnbc.com/2015/08/06/russia-hacks-pentagon-computers-nbc-citing-sources.html
2006/08/2015?ICANNICANN, the organisation which oversees the internet’s domain name system, reveals to have fallen victim to a hacker attack during which the details (emails and hashed passwords) of users who had created profiles on the organisation’s public website were exposed.UnknownOrg: Non-ProfitCCUShttp://www.tripwire.com/state-of-security/security-data-protection/security-breach-icann/
2106/08/2015Ecuador Domestic Intelligence ?Some Ecuadorean Opposition Activists
The Associated Press shows evidence that some Ecuadorean opposition activists were hacked by Ecuador's domestic intelligence agency, with software tailor-made by Hacking Team.Account HijackingSingle IndividualsCEEChttps://www.yahoo.com/tech/s/apnewsbreak-email-leak-suggests-ecuador-spied-opposition-191403707--finance.html
2206/08/2015"Brenda"Miranda Lambert
A woman, identifying herself only as "Brenda", claims to have broken into Miranda Lambert's email account, accessing more than 35,000 emails.Account HijackingSingle IndividualCCUShttp://www.intouchweekly.com/posts/exclusive-miranda-lambert-s-private-e-mail-account-hacked-hacker-confesses-to-breaking-into-35-000-plus-personal-e-mails-66194
2306/08/2015l1kw1dhttp://itembay.ca/ l1kw1d hacks itembay.ca, an online game virtual currency provider and dumps 4,330 usernames with clear text passwords.SQLiOnline ServicesCCCAhttp://siph0n.net/exploits.php?id=3974
2407/08/2015?
Ubiquity NetworksNetworking firm Ubiquiti Networks Inc. discloses a cyber theft of $46.7 million perpetrated spoofing communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.Account HijackingIndustry: Computer NetworkingCCUShttp://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
2507/08/2015? (China?)Sabre CorporationSabre Corp., which processes reservations for hundreds of airlines and thousands of hotels, confirm that its systems were breached recently. The company was probably hacked as part of the same wave of attacks that targeted insurer Anthem Inc. and the U.S. government’s personnel office.Targeted AttackIndustry: Travel TechnologyCEUShttp://www.bloomberg.com/news/articles/2015-08-07/american-airlines-sabre-said-to-be-hit-in-hacks-backed-by-china
2607/08/2015? (China?)American Airlines Group Inc.American Airlines Group Inc., the world’s biggest carrier, announces that an investigation is ongoing to verify whether the same attackers who targeted Sabre had entered its computers.Targeted AttackIndustry: AirlinesCEUShttp://www.bloomberg.com/news/articles/2015-08-07/american-airlines-sabre-said-to-be-hit-in-hacks-backed-by-china
2708/08/2015?Carphone Warehouse Affiliates
OneStopPhoneShop.com
e2save.com
Mobiles.co.uk
The personal details of up to 2.4 million customers may have been accessed after a division of Carphone Warehouse was hit by a cyber attack. It also appears that a smokescreen DDoS attack was utilised to hide the attack.UnknownIndustry: RetailCCUKhttp://www.rte.ie/news/2015/0808/720023-carphone-warehouse/
http://www.telegraph.co.uk/finance/newsbysector/epic/cpw/11794521/Carphone-Warehouse-hackers-used-traffic-bombardment-smokescreen.html
2808/08/2015@JM511http://jobsatteam.comTEAM (The Employment Agents Movement), the largest network of independent recruiters in the UK, is hit by a Saudi Arabian hacker that goes by the online handle JM511. The attacker dumps 1296 records.SQLi
Industry: RecruitingCCUKhttp://www.net-security.org/secworld_main.php
2908/08/2015?Undisclosed Brazilian Bus StationHackers infiltrate the travel information video screens at a Brazilian bus station in the southern city of Curitiba, and replace arrival and departure times with hard-core porn.UnknownBus StationCCBRhttp://www.dailystar.com.lb/News/World/2015/Aug-08/310320-hackers-broadcast-porn-on-tv-screens-at-brazil-bus-depot.ashx
3008/08/2015MexicanH TeamMexican Ministry of Communications and Transportation
http://mexicoconectado.gob.mx/
A group of Mexican hacktivists affiliated with the Anonymous collective defaces the website of Mexican Ministry of Communications and Transportation (mexicoconectado.gob.mx) in retaliation for the murder of the Mexican photojournalist Rubén Espinosa.DefacementGovernmentHMXhttps://www.hackread.com/anonymous-mexico-ruben-espinosa/
3109/08/2015Phénoméne DzAccademia della Crusca
http://www.accademiadellacrusca.it
A pro-ISIS hacker hacker dubbed Phénoméne Dz defaces the website of The Accademia della Crusca (www.accademiadellacrusca.it), the most important research institution on Italian language.DefacementOrg: ResearchHIThttp://www.lastampa.it/2015/08/09/italia/cronache/hacker-dellisis-allattacco-dellaccademia-delle-crusca-questa-guerra-appena-iniziata-sNlipLpz3qtzyh0YfCR7zK/pagina.html
3210/08/2015Dancing Panda
Legion Amethyst
Top Obama Administration Officials
China's cyber spies have accessed the private emails of "many" top Obama administration officials, according to a senior U.S. intelligence official and a top secret document obtained by NBC News, and have been doing so since at least April 2010.Targeted AttackGovernmentCEUShttp://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046
3310/08/2015?OneBookShelfOneBookShelf, the operator of websites that sell games and comics as PDFs and print-on-demand publications, notifies customers that it suffered a hacker attack that obtained some credit card information.UnknownIndustry: Digital MarketplaceCCUShttp://icv2.com/articles/news/view/32291/credit-card-breach-onebookshelf
3410/08/2015?Chelsea Clark
(27 year-old Toronto Woman)
Police are investigating the case of a webcam hacking after a Toronto woman is sent intimate photos of herself and her boyfriend watching Netflix.UnknownSingle IndividualCCCAhttp://globalnews.ca/news/2156291/toronto-womans-webcam-hacked-while-watching-netflix/
3510/08/2015DeletesecAvionews
http://avionews.com
http://avionews.it
DeleteSec hacks avionews.com and dump 2,419 records with usernames and hashed passwords.SQLiNewsCCIThttps://ghostbin.com/paste/dy8pm
3611/08/201532 defendantsNewswire services
(Business Wire, PR Newswire, Marketwired)
The US Securities and Exchange Commission announce civil fraud charges against 32 defendants for taking part in a scheme to profit from stolen nonpublic information about corporate earnings announcements. Those charged include two Ukrainian men who allegedly hacked into newswire services (Business Wire, PR Newswire, Marketwired) to obtain the information and 30 other defendants in and outside the US who allegedly traded on it, generating more than $100 million in illegal profits.UnknownNewsCCUShttp://www.net-security.org/secworld.php?id=18753
3712/08/2015?>1
Cisco Systems officials warn customers of a series of attacks that completely hijack critical networking gear by swapping out the valid ROMMON firmware image with one that's been maliciously altered.Firmware Swap>1CC>`1http://arstechnica.com/security/2015/08/attackers-are-hijacking-critical-networking-gear-from-cisco-company-warns/
3813/08/2015?AdSpirit.de
AOL
Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites are exposed to a new malvertising campaign, targeting initially AdSpirit.de and then moving to another advertiser (AOL).MalvertisingIndustry: Internet ServicesCCDE
US
https://blog.malwarebytes.org/malvertising-2/2015/08/ssl-malvertising-campaign-continues/
3913/08/2015Mr.H4rD3nEmbassy of Azerbaijan in Russia
http://www.azembassy.ru
A hacker going with the handle of Mr.H4rD3n defaces the official website of Embassy of Azerbaijan in Russia (azembassy.ru).DefacementGovernmentH
AZhttps://www.hackread.com/azerbaijan-embassy-russia-hacked-syria/
4014/08/2015China?University of VirginiaThe University of Virginia announces to have been hit by a cyber attack allegedly originating from China.Targeted AttackEducationCEUShttp://news.virginia.edu/content/uva-responds-cyber-attack-portions-it-systems-0
4114/08/2015?Fred's Inc.Fred's Inc. confirms that an unauthorized person gained access to two servers that process payment card data placing a malicious software capable of copying the payment card data.PoS MalwareIndustry: RetailCCUS
http://www.scmagazine.com/breach-affects-payment-cards-used-at-hundreds-of-freds-super-dollar-stores-in-14-states/article/432783/
4214/08/2015?City of Henderson Web Site
http://www.cityofhenderson.com
A computer hacker broke into a city of Henderson Web server and had access to data for nine days before being detected. However the city declared that no personal or sensitive information was compromised,UnknownGovernmentCCUS
http://www.reviewjournal.com/politics/government/hacker-breaks-henderson-computer-server
4315/08/2015@TheNetShiphttp://ecastTV.co.nzAvionews, DeletesecSQLiIndustry: Internet TVCCNZhttp://pastebin.com/3T6mwNqc

5 thoughts on “1-15 August 2015 Cyber Attacks Timeline

Leave a Reply

%d bloggers like this: