1-15 September 2015 Cyber Attacks Timeline

It’s time to publish the first Cyber Attack Timeline of September.

Unfortunately this fortnight has brought another massive breach against insurance providers: Excellus Blue Cross Blue Shield and Lifetime Health Care have been hit by a cyber attack initially occurred on December 2013, which has compromised the details of 10.5M users.

Other interesting events concern a new Cyber Attack against the Pentagon (in this case limited to the Food Court computer system), the revelations that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, and an intrusion, allegedly performed by Jihadists, into UK ministerial email accounts.

The chronicles also report the first cyber attack carried on via the implant of malicious router software images, and an anomalous occurrence of DDoS attacks, quite widespread, targeting, among the others, the UK’s National Crime Agency and the Kremlin’s official Website.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
101/09/2015Lizard Squad
UK's National Crime Agency
http://www.nationalcrimeagency.gov.uk
The Lizard Squad takes down the official website of UK's National Crime Agency (nationalcrimeagency.gov.uk).DDoSLaw EnforcementCCUK
http://arstechnica.com/security/2015/09/lizard-squad-launches-ddos-against-uk-law-enforcement-agency/
201/09/2015Rocket Kitten
(linked to Iran ?)
Several individuals authors of an anti-Iran security research paperTrend Micro and Clearsky Security publish a joint, detailed paper in which they document the actions of Rocket Kitten, an APT they believe to be linked to the Iranian government.Targeted AttackSeveral IndividualsCE>1http://news.softpedia.com/news/rocket-kitten-hacking-group-linked-to-iranian-government-by-security-researchers-490919.shtml
301/09/2015?Marion BowmanMarion Bowman, a top former FBI lawyer and U.S. counterintelligence official, reveals that hackers allegedly from China penetrated his home computer last spring.Targeted AttackSingle IndividualCEUShttp://www.newsweek.com/china-hackers-fbi-marion-bowman-367451
401/09/2015?Hawaii First Federal Credit UnionHawaii First Federal Credit Union notifies an undisclosed number of customers that an unauthorized individual may have gained access to an employee's email account, and could have accessed personal information.Account HijackingFinanceCCUShttp://www.scmagazine.com/hawaii-credit-union-notifies-customers-of-employee-email-breach/article/436785/
502/09/2015@n0w1337Greater Manchester Police
http://www.gmp.police.uk
The website of Greater Manchester Police in the UK (gmp.police.uk) is hit by two DDoS attacks. A Twitter account going by the handle @n0w1337 claims responsibility for the attack.DDoSLaw EnforcementCCUKhttp://www.infosecurity-magazine.com/news/manchester-uks-website-knocked/
602/09/2015@n0w1337Manchester Airport
http://www.manchesterairport.co.uk
In the same wave of attacks, the same attacker also claims responsibility for taking down the website of Manchester Airport (manchesterairport.co.uk).DDoSAirportCCUKhttp://home.bt.com/news/uk-news/greater-manchester-police-website-targeted-by-hacker-11364001567404
702/09/2015? (Author Unknown but charged)ReverbNationReverbNation, an online platform that assists >3M musicians in building their careers, experienced a breach in 2014, and notifies an undisclosed number of users and asking them to change their passwords.UnknownIndustry: MusicCCUShttp://www.scmagazine.com/2014-breach-prompts-reverbnation-to-notify-customers/article/436757/
802/09/2015?Several banksCSIS team reports a new variant of the Carbanak trojan using a new communications protocolTargeted AttackFinanceCC>1http://news.softpedia.com/news/carbanak-banking-trojan-returns-with-a-new-series-of-attacks-491015.shtml
902/09/2015?Wayne County Board of Education
http://boe.wayn.k12.wv.us
Hackers claiming to be part of Islamic State deface the Wayne County Board of Education website (boe.wayn.k12.wv.us)DefacementEducationHUShttp://www.statejournal.com/story/29943796/hacker-claiming-to-be-part-of-islamic-state-hacks-wayne-county-wv-board-of-education-website-redirects-visitors-to-site-promoting-terrorism
1002/09/2015?Parking sign installed at Lille’s Boulevard Louis XVIA French hacker defaces an electronic parking sign with offensive content.DefacementParking SignCCFRhttps://www.hackread.com/hacked-electronic-signpost-france/
1103/09/2015?uk.match.comIn an attack similar to the one that happened last month on PlentyOfFish, Malwarebytes reveals that the UK version of online dating site Match.com (uk.match.com) is caught serving malvertising.
MalvertisingDatingCCUKhttps://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-found-on-dating-site-matchdotcom/
1203/09/2015@n0w1337Essex Police
http://www.essex.police.uk
The same attacker who took down the Manchester Police earlier this month, also takes down the website of the Essex Police.DDoSLaw EnforcementCCUKhttp://www.theregister.co.uk/2015/09/04/essex_police_ddos/
1303/09/2015ConnectingFriend
KheXan rOot
http://www.askmebazaar.comTwo hackers dubbed ConnectingFriend and KheXan rOot hack askmebazaar.com and dump 2,105 user records.SQLiIndustry: E-CommerceCCINhttp://pastebin.com/eEN0NVuM
1404/09/2015?Mozilla's Bugzilla bug tracking systemMozilla reveals that an attacker was able to stole security-sensitive vulnerability information from the Mozilla's Bugzilla bug tracking system and probably used it to attack Firefox users. The attacker may have had access since September 2013.Account HijackingOrg: SoftwareCCUShttp://arstechnica.com/security/2015/09/mozilla-data-stolen-from-hacked-bug-database-was-used-to-attack-firefox/
1504/09/2015?http://weendviolence.com/California-based violence prevention education organization We End Violence discovers a potential intrusion into its Agent of Change application server that could have exposed personal information, and, so far, 79,000 California State University students have been impacted.UnknownOrg: EducationCCUShttp://www.scmagazine.com/we-end-violence-announces-breach-california-university-impacted/article/437776/
1604/09/2015Smitt3nzhttp://malapelli.com
http://thotamarriagelines.com
http://mudirajpelli.com
http://www.madigapelli.com
http://www.svmarriageslinks.com
http://ssamb.com
http://www.srirasthu.in
http://www.vivahamytri.com
http://www.goudpelli.com
Rubber AKA @smitt3nz hacks 9 dating websites in a row and dumps a total of 7,764 usernames and clear text passwords.SQLiDatingCC>1http://siph0n.in/exploits.php?id=4033
1704/09/2015F3PN
53 South African web sitesA hacker called F3PN successfully hack 53 South African Web sitesDefacement>1CCZAhttp://www.balancingact-africa.com/news/en/issue-no-156/web-and-mobile-data/hacker-targets-south/en
1805/09/2015?The University of South Wales Facebook PageThe University of South Wales (UNSW), one of Australia’s top universities has images of a porn star and other inappropriate content shared on its Facebook page.Account HijackingEducationCCAUhttps://au.news.yahoo.com/nsw/a/29443937/university-facebook-page-flooded-with-soft-porn-in-embarrassing-hack/
1905/09/201513chmod37http://toko.proumedia.co.idA hacker called 13chmod37 hacks toko.proumedia.co.id and dumps 1,570 usernames and clear text passwords.SQLiIndustry: E-CommerceCCIDhttp://pastebin.com/YPVyHdjB
2008/09/2015?The Pentagon
(United States Department of Defense)
Hackers infiltrated the Pentagon food court's computer system, compromising the bank data of an unknown number of employees.Targeted AttackGovernmentCEUShttp://www.washingtonexaminer.com/pentagon-food-court-computers-hacked-exposing-employees-bank-information/article/2571606
2109/09/2015DD4BCSeveral UK corporations and institutionsAccording to an Akamai study, a number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC (114 attacks since April 2015).DDoS>1CCUKhttp://arstechnica.com/business/2015/09/uk-banks-corporations-are-being-blackmailed-by-bitcoin-cyberextortionists/
2209/09/2015TurlaGovernments, embassies, military groups, educational facilities, researchers and the pharmaceutical industry.Kaspersky reveals to have discovered a sophisticated hacking group, dubbed Turla, which has gone far beyond standard techniques used to disguise spying and cybercrime campaigns by exploiting weaknesses in global satellite systems.Targeted Attack>1CC
CE
>1http://www.zdnet.com/article/tracking-turla-hackers-abuse-satellite-signals-high-in-the-sky/
2309/09/2015H4nterAsezhttp://macare.in/H4nterAsez hacks macare.in and dumps 2,000+ usernames and clear text passwords.SQLiHealthcareCCINhttp://webcache.googleusercontent.com/search?q=cache:OQOtGarRny8J:pastebin.com/4A93qstA+&cd=1&hl=en&ct=clnk&gl=us
2410/09/2015?Excellus BlueCross BlueShieldHealth insurance company Excellus declares that hackers broke into its servers and may have obtained the personal details of 10.5 million people. The information belongs to customers who lived in or sought treatment in the upstate New York area. The breach, initially occurred on December 23, 2013. exposed the personal information of 7 million Excellus Blue Cross Blue Shield (BCBS) customers and 3.5 million Lifetime Health Care customers.Targeted AttackHealthcareCCUShttp://www.theregister.co.uk/2015/09/10/excellus_breach/
2510/09/2015North KoreaSouth KoreaFireEye researchers discovers a campaign led by attackers from North Korea, exploiting a zero day vulnerability (CVE-2015-6585) in Hangul, a word processor popular with the South Korea's government. The backdoor is called Hangman.Targeted AttackGovernmentCEKRhttp://www.theregister.co.uk/2015/09/10/north_korea_exploits_zero_day_in_seouls_favourite_word_doc/
2610/09/2015?Oakland Family ServicesOakland Family Services, reveals the details of a security breach that could have affected 16,000 clients in the area. An unknown person gained access to the email account of an employee in July, which resulted in the potential viewing of protected health information.Account HijackingOrg: Non-ProfitCCUShttp://www.scmagazine.com/oakland-family-services-notifies-16k-clients-of-information-breach/article/438995/
2710/09/2015Cyber-71Dhaka UniversityThe Dhaka University website is defaced by hacker called Cyber-71.DefacementEducationCCBDhttp://bdnews24.com/bangladesh/2015/09/11/dhaka-university-website-still-down-authorities-claim-hacker-marked
2811/09/2015ISILUK ministerial emailsThe Telegraph reveals that Jihadists in Syria hack into UK ministerial email accounts in a sophisticated espionage operation uncovered by GCHQTargeted AttackGovernmentCEUKhttp://www.telegraph.co.uk/news/politics/11859005/Cabinet-ministers-email-hacked-by-Isil-spies.html
2911/09/2015?U.S. Department of EnergyFederal Records obtained by USA TODAY show that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014.Targeted AttackGovernmentCEUShttp://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/
3011/09/2015Mr.Blackhttp://asankadr.azA hacker called Mr.Black hacks asankadr.az (a recruitment web site) and dumps 2,447 usernames and hashed passwords.SQLiIndustry: RecruitingCCAZhttp://webcache.googleusercontent.com/search?q=cache:iO4ApriCHQ4J:pastebin.com/Kaw9gV4R+&cd=1&hl=en&ct=clnk&gl=us
3111/09/2015?Penrith High SchoolA small group of students from Penrith High School have allegedly used a teacher's login credentials to access a Department of Education computer system that contains students' assessment marks.Account HijackingEducationCCUShttp://www.zdnet.com/article/western-sydney-students-access-department-computer-system/
3213/09/2015?Kremlin’s official website
http://kremlin.ru
The Kremlin’s official website falls under a massive DDoS Attack. The attack is carried out simultaneously with another attack that reportedly targeted the website of the Russian Electoral Commission. Both of the attacks are made on national Election Day.DDoSGovernmentCCRUhttps://www.rt.com/politics/315338-hacker-attack-kremlin-website/
3313/09/2015r3dm0v3http://cromotransfer.com.br/r3dm0v3 hacks cromotransfer.com.br and dumps 6,529 usernames and clear text passwords.SQLiIndustry: E-CommerceCCBRhttp://pastebin.com/JSSe18nL
3413/09/2015KyfxKumoh National Institute of TechnologyA hacker called Kyfx hacks a subdomain of the Kumoh National Institute of Technology and dumps 1,448 usernames and clear text passwords.SQLiEducationCCKRhttp://pastebin.com/6SCzVT98
3514/09/2015?>1Malwarebytes publishes the analysis of a recently detected malvertising attack that affected many ad networks and ran uninterrupted for almost three weeks.Malvertising>1CC>1https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/
3615/09/2015?Cisco RoutersFireEye unveils the details of a campaign involving the stealthy modification of a router's firmware image that can be used to maintain persistence within a victim's network. The campaign is called SYNful Knock and has hit at least 79 devices in 19 countries.Malicious Router Images Implant>1CE>1http://arstechnica.com/security/2015/09/malicious-cisco-router-backdoor-found-on-79-more-devices-25-in-the-us/
3715/09/2015?Cryptome.orgThe creator of digital library and whistle-blowing site Cryptome.org, John Young, revokes his PGP key pairs after learning they were compromised.UnknownOrg: Digital LibraryCEUShttp://www.theregister.co.uk/2015/09/16/cryptome_revokes_pgp_keys_after_mysterious_compromise/

Leave a Reply

%d bloggers like this: