16-30 September 2015 Cyber Attacks Timeline

The timeline of September is finally completed, so I can publish the second part covering the main attacks occurred between September 16th and  30th.

A month quite complicated from an infosec perspective, characterized by several remarkable cyber criminal events, such as the upload of 40 malicious applications in the Apple App Store, the leak of a trove of data belonging to Patreon, the compromise of several projects of the Red Hat community, and a malvertising campaign targeting Forbes (actually not the only one this month).

But even the hacktivists have been quite active in this period: the actions executed by attackers affiliated with the Anonymous collective include the shut down of all the websites operated by the Embarcadero Media Group, another leak of a confidential document from the Canadian Government and the attack against two primary Italian banks.

Last but not least, this second half of September has also seen several noticeable advanced operations, such as Iron the Tiger campaign (targeting US governmental entities and defense contractors), or the the Gaza Cybergang.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
111/09/2015?YapstoneYapStone (VacationRentPayments) notifies some property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons between July 15, 2014 and August 5, 2015.UnknownIndustry: online payment processingCCUShttp://www.databreaches.net/vacationrentpayment-notifies-customers-whose-account-application-information-was-hacked/
216/09/2015Iron TigerUS Government, US defense contractors and related companies in the US and abroadTrend Micro unveils the details of Operation Iron Tiger, a high-level operation observed stealing trillions of bytes of confidential data from the United States government, US defense contractors and related companies in the United States and abroad.Targeted AttackGovernmentCEUShttp://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/
316/09/2015?(China?)Russian military personnel and Russian telecomsProofpoint reveals the details of a campaign targeting Russian military personnel and Russian telecoms employees via a variant of the PlugX RAT.Targeted AttackMilitary:
Industry: Telecom
CERUhttp://www.scmagazineuk.com/news-alert-apts-target-russian-military-personnel-and-telecoms-employees/article/439244/
416/09/2015w0rm
(hacking crew)
Monopoly
(hacking crew)
The w0rm hacking crew, operators of a forum of the same name, have attack a rival gang, Monopoly, and offer the database of their rivals for sale on their forum.UnknownHacking CrewCCNAhttp://motherboard.vice.com/read/hackers-hack-other-hackers-offer-their-data-for-500?linkId=17102714
516/09/2015NetPiratesMalabar Institute of Medical Sciences
http://www.mimsindia.com/
The NetPirates hack the Malabar Institute of Medical Sciences (mimsindia.com) and dump 6,709 usernames and clear text passwords.SQLiHealthcareCCINhttp://siph0n.net/exploits.php?id=4054
617/09/2015The DukesUnited States
Europe
Asia
F-Secure reveals the details of The Dukes, a Russian speaking actor behind a seven years campaign of targeted attacks against the United States, Europe and Asia.Targeted AttackGovernmentCE>1https://grahamcluley.com/2015/09/russia-using-duke-family-malware-spy-countries-2008-says-secure/
717/09/2015?Apple App StoreApple officials clean up the company's App Store after several security firms report that almost 40 iOS apps contain malicious codeXcodeGhost
(malicious version of Apple Xcode IDE)
Industry: SoftwareCC>1http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/
817/09/2015?Red Hat Projects:
Ceph community project (ceph.com)
Inktank (download.inktank.com)
Red Hat reveals to have suffered an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com) that resulted in signed code being accessed.UnknownIndustry: SoftwareCCUShttp://www.theregister.co.uk/2015/09/18/intrusion_at_cephcom_makes_for_red_faces_at_red_hat/
917/09/2015?Commack School District Computer SystemCommack school district computer district is hacked by an unknown individual.UnknownEducationCCUShttp://poststar.com/news/state-and-regional/li-high-school-computer-system-hacked/article_c042c1fc-99ba-52d8-8cc2-a8189bdc7619.html
1017/09/2015?ForbesForbes is notified of a malvertising campaign on its website running from 8 to 15 September. The company states to have removed the offending ads.MalvertisingNewsCCUShttp://www.forbes.com/sites/thomasbrewster/2015/09/22/forbes-website-served-malware/?ss=Security
1117/09/2015?Online Poker sites including PokerStars and Full Tilt PokerESET unveils the details of Win32/Spy.Odlanor, a malware used by its malware operator to cheat in online poker by peeking at the cards of infected opponents. It specifically targets two of the largest online poker sites: PokerStars and Full Tilt Poker.MalwareOnline GamblingCC>1http://www.welivesecurity.com/2015/09/17/the-trojan-games-odlanor-malware-cheats-at-poker/
1217/09/2015Opheus Haxorhttp://www.j-ax.itOpheus Haxor hacks the forum section of j-ax.it (the website of one of the most Italian singers) and dumps 31,000 usernames. SQLiIndustry: EntertainmentCCIThttp://siph0n.net/exploits.php?id=4057
1318/09/2015AnonymousEmbarcadero Group
Palo Alto Weekly
Mountain View Voice
Pleasanton Weekly
The Almanac
An individual or group claiming to be the hacktivist collective Anonymous shuts down all websites operated by Embarcadero Media Group, which runs several community newspapers in the Bay Area. The media group’s newspapers include: Palo Alto Weekly, Mountain View Voice, Pleasanton Weekly and The Almanac.DefacementNewsHUShttp://www.theregister.co.uk/2015/09/04/essex_police_ddos/
1418/09/2015?A large number of Wordpress sitesSucuri reveals a massive Wordpress campaign redirecting the visitors of the infected sites to a Nuclear Exploit Kit landing page.Malicious JavaScript Injection>1CC>1https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html
1518/09/2015HoruxKettering General HospitalKettering General Hospital reveals that its email system is compromised by a Russian hacking group, that used it to send spam.Account HijackingHealthcareCCUKhttp://www.scmagazineuk.com/exclusive-kettering-general-hospital-investigating-email-data-breach/article/439350/
1618/09/2015Hack for TrumpFidelity Group
http://www.fidelitygroup.com/
A group of hackers that calls itself “Hack for Trump” claims to have hacked the website of Fidelity Group and threaten it would make the stolen data public unless Fidelity pays $30,000. The hackers plan to use the funds "to help Donald Trump get elected to the White House".SQLiFinanceCCKYhttp://www.compasscayman.com/caycompass/2015/09/18/Fidelity-Bank-hacked-and-blackmailed/
1718/09/2015@W0x404French Marketplaces in the DarknetAn individual with the moniker of @W0x404 claims to have hacked several French-speaking marketplaces of questionable goods inside the Darknet. As proof of his actions, the attacker dumps several screenshots.UnknownDarknet marketplacesCCFRhttp://www.zataz.com/infiltration-dans-le-black-market-francais-suite/
1818/09/2015ElliotAldersonhttp://asankadr.az/ElliotAlderson hacks asankadr.az and dumps 5,926 usernames and hashed passwords.UnknownIndustry: RecruitingCCAZhttp://siph0n.net/exploits.php?id=4063
1919/09/2015AntiSec
HagashTeam
8 Vietnamese government websitesTwo hacktivists affiliated to Anonymous, AntiSec and HagashTeam, deface 8 Vietnamese government websites against online censorship and human rights violations in the country.DefacementGovernmentHVNhttps://www.hackread.com/anonymous-hacks-vietnam-government-against/
2021/09/2015?(China?)>1Check Point Software unveils the details of a new malicious app uploaded in Google Play in disguise of a Brain Test app. The malware could have infected at least 200,000 Android phones, possibly as many as 1 million.Malicious AppSingle IndividualsCC>1http://www.forbes.com/sites/thomasbrewster/2015/09/21/chinese-hackers-beat-google-bouncer/?ss=Security
2122/09/2015?http://www.padlocks4less.com/Frank J. Martin Company notifies an undisclosed number of individuals who made purchases on the Padlocks4Less website that their personal information, including payment card data, may have been accessed without authorization.UnknownIndustry: E-CommerceCCUShttp://www.scmagazine.com/padlocks4less-website-possibly-compromised-payment-cards-at-risk/article/441140/
2222/09/2015AnonymousPhilippines' National Telecom Commission
http://www.ntc.gov.ph
The website of the Philippines' National Telecom Commission (NTC), ntc.gov.ph, is defaced by the local branch of the Anonymous in a form of protest against the slow local Internet connection average speed.DefacementGovernmentHPHhttp://news.softpedia.com/news/anonymous-defaces-philippines-telecom-commission-website-protesting-slow-internet-speeds-492336.shtml
2322/09/2015?realtor.comYet another high-profile website victim of a malvertising campaign. This time the target is realtor.com, a popular real estate website realtor.com, ranked third in its category with an estimated 28 million monthly visits.MalvertisingIndustry: Real EstateCCUShttps://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-attack-hits-realtor-com-visitors/
2423/09/2015?(China?)U.S. Government entity
European media company
A report from Palo Alto Networks confirms Chinese cyber attacks on a U.S. government entity and a European media company. The attacks, using a malware called '3102' were observed respectively on May 6, 2015 and May 11, 2015.Targeted AttackGovernment
Industry: Media
CEUS
EU
http://www.forbes.com/sites/lisabrownlee/2015/09/25/new-report-of-malicious-chinese-cyber-attack-on-a-u-s-government-agency/?ss=Security
2523/09/2015Smitt3nzhttp://www.the-athenaeum.orgSmitt3nz hacks the-athenaeum.org and dumps 1,671 users with hashed passwords.SQLiOnline ServicesCCUShttp://siph0n.in/exploits.php?id=4072
2624/09/2015?Adult portalsMalwarebytes reveals the latest developments of the malvertising campaign plaguing primary domains such as Yahoo.com, MSN.com since August. Now the time the campaign is targeting several adult portals such as xHamster.com. The malicious advertising is served by TrafficHaus.MalvertisingAdult SitesCC>1https://blog.malwarebytes.org/malvertising-2/2015/09/ssl-malvertising-campaign-targets-top-adult-sites/
2724/09/2015?4chan
8chan
Imgur, the photo-sharing website, is exploited in a distributed denial-of-service (DDoS) attack on the popular imageboards 4chan and 8chan. DDoSImageboardCCUShttp://www.scmagazine.com/news/archive/10652/
2824/09/2015NetPirateshttp://dresscloud.pl/The NetPirates hack dresscloud.pl and dump 5,269 usernames and hashed passwords.SQLiIndustry: E-CommerceCCPLhttp://siph0n.net/exploits.php?id=4076
2925/09/2015AnonymousCanadian GovernmentAs part of their vendetta against the Canadian government, hackers claiming to belong to the Anonymous collective leak another high-level confidential federal document.UnknownGovernmentHCAhttp://news.nationalpost.com/news/canada/anonymous-leaks-another-high-level-federal-document-as-part-of-vendetta-against-government
3025/09/2015?Hilton HotelMultiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States.UnknownIndustry: Hotel and HospitalityCCUShttp://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-properties/
3125/09/2015?North Oldham High SchoolNorth Oldham High School alerts 2,800 current and former students that a data breach earlier this month could have exposed their names, social security numbers and other personal information after a school computer falls victim of a drive-by attack.MalwareEducationCCUShttp://www.courier-journal.com/story/news/education/2015/09/25/n-oldham-high-data-breach-could-affect-2800/72812598/
3225/09/2015?APEGAAPEGA, the body that regulates engineers and geologists in Alberta reports a "significant data breach" when all the names and email addresses of its 75,000 members are given to an unknown party as a result of a phishing event.Account HijackingOrg: Professional CategoryCCCAhttps://www.apega.ca/breach.html
3325/09/2015?The Big Blue BusThe Big Blue Bus alerts customers of a potential data breach related to the NextBus programUnknownBus OperatorCCUShttp://smdp.com/data-breach-involves-big-blue-bus-customers/151000
3426/09/2015Team Pak Cyber AttackerOfficial website of Kerala Government:
http://www.kerala.gov.in
A Pakistani hacker dubbed Pakistan Zindabad defaces two websites belonging to the Kerala Government.DefacementGovernmentHINhttp://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/
3526/09/2015The Mallu Cyber Soldiers46 Pakistan websites, which include Pakistan’s government website Pakistan.gov.pk, president.gov.pk and cabinet.gov.pkIn retaliation for the defacement of the Website of Kerala Government, an anonymous group called ‘Mallu Cyber Soldiers’ defaces around 46 Pakistan websites, which include Pakistan’s government website Pakistan.gov.pk, president.gov.pk and cabinet.gov.pk.DefacementGovernmentHPKhttp://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/
3627/09/2015Ghost ItalyBanca Intesa
Unipol Banca
In name of #OpBankDump, Ghost Italy, a local cell of the Anonymous collective, hacks Banca Intesa and Unipol Banca, two of the most important Italian Banks, and leaks several databases, mainly related to external contractors.SQLiFinanceHIThttp://www.repubblica.it/tecnologia/2015/09/28/news/anonymous_opbankdump_unipol_intesa-123815381/?ref=HRER2-1
3727/09/2015?University of Calgary
http://www.ucalgary.ca
The employee records of a number of University of Calgary staff members are fraudulently accessed, and banking records altered, during an ‘isolated breach’.UnknownEducationCCCAhttp://calgary.ctvnews.ca/police-investigate-security-breach-of-university-of-calgary-s-peoplesoft-system-1.2583492
3827/09/2015mr_xenonhttp://www.spelapoker.se/A hacker with the moniker mr_xenon hacks spelapoker.se and dumps 18606 records.SQLiOnline GamblingCCSEhttp://webcache.googleusercontent.com/search?q=cache:enNyZpPlZmsJ:pastebin.com/57J2kh8Y+&cd=1&hl=en&ct=clnk&gl=us
3928/09/2015Gaza CybergangGovernment Entities in Egypt, United Arab Emirates and YemenKaspersky Lab unveils the details of the so-called "Gaza Cybergang", a group active since 2012 and targeting mainly governmental entities.Targeted AttackGovernmentCEEG
UAE
YE
https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/
4028/09/2015?Trump Hotel CollectionThe Trump Hotel Collection acknowledges a malware infection across the United States and Canada, potentially stealing customer credit card data for an entire year. The list of hotels includes two locations in New York and one in each of the following cities: Chicago, Honolulu, Las Vegas, Toronto and Miami. MalwareIndustry: Hotel and HospitalityCCUS
CA
http://money.cnn.com/2015/09/30/technology/trump-hotels-hack/
4128/09/2015ExfocusRutgers UniversityA hacker known under the moniker Exfocus takes down the Rutgers UniversityDDoSEducationCCUShttp://news.softpedia.com/news/despite-new-equipment-rutgers-university-goes-down-after-ddos-attack-493155.shtml
4229/09/2015?KmartAustralian discount homewares chain Kmart is under investigation, following a data breach that occurred in early September which saw the personal details of its online customers hacked.UnknownIndustry: RetailCCAUhttp://www.oaic.gov.au/news-and-events/statements/privacy-statements/kmart-australia-data-breach/kmart-australia-data-breach
4330/09/2015?PatreonPatreon, the website that allows people to maintain regular donations to a website, an artist, or project, announces to have suffered a security breach. The site says some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public. Unfortunately the attackers leak Gigabyte of data.SQLiCrowdfunding PlatformCCUShttp://arstechnica.com/security/2015/10/patreon-some-user-names-e-mail-and-mailing-addresses-stolen/
http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online/
4430/09/2015?Several Thai Government websitesSeveral Thai government websites are hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access. It appears to be a protest against the government's plan to limit access to sites deemed inappropriate, dubbed the "Great Firewall of Thailand".DDoSGovernmentHTHhttp://www.bbc.com/news/world-asia-34409343
4530/09/20150x0D1337dutchwow.com0x0D1337 hacks dutchwow.com (a private World of Warcraft server) and dumps 3,917 records containing usernames and hashed passwords.SQLiOnline ServicesCCNLhttp://siph0n.net/exploits.php?id=4088
4630/09/2015KelvinSecTeamhttp://www.seniat.gov.ve/KelvinSecTeam hacks seniat.gov.ve and dumps 1,651 users with clear text passwords.SQLiGovernmentCCVEhttp://pastebin.com/C17sguxM

One thought on “16-30 September 2015 Cyber Attacks Timeline

Leave a Reply

%d bloggers like this: