16-31 October 2015 Cyber Attacks Timeline

Unfortunately, the trend of the first fortnight of October continued and the second half of the month has brought us another series of remarkable events.

The UK ISP TalkTalk has been hit once again, and despite the alleged teen authors of the hack (a failed ransom attempt) have been busted, the information of 4 million users has been leaked, putting their identities at risk.

But the trail of breaches does not stop here: 000Webhost.com (13 million of passwords leaked) and mac-torrents.com (“only” 95,000 records affected) have also been hit hard.

Other noticeable targets of this fortnight include Vodafone and British Gas (details of about 2,000 users leaked online in both cases).

The hacktivists were equally quite active: in a spree of different operations, hacker affiliated to the Anonymous collective knocked down several websites affiliated with racist content and ideologies, the website of CAT Telecom, a Thai state-owned telco operator and a bunch of Egyptian and Lebanese government websites.

On the Cyber Espionage front, the chronicle reported yet another cyber attack perpetrated by the North Korea against their Southern neighbors (how strange), and a campaign against the international investigation team of the MH17 plane crash perpetrated by the same actors behind the Operation Pawn Storm.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLinkTags
108/10/2015?Emergence Health NetworkEmergence Health Network(EHN) notifies 11,100 patients of an unauthorized access of a server containing protected health information.Targeted AttackHealthcareCCUShttp://www.databreaches.net/tx-emergence-health-network-notifies-11100-mental-health-patients-of-possible-phi-breach/Emergence Health Network
213/10/2015?EyeBuyDirectAn undisclosed number of individuals are notified that unauthorized access was gained to EyeBuyDirect's website and personal information, including payment card data, may have been compromised.UnknownIndustry: RetailCCUShttp://www.scmagazine.com/eyebuydirect-announces-website-breach-payment-cards-affected/article/448565/EyeBuyDirect
316/10/2015?(China?)Permanent Court of Arbitration in The HagueBloomberg reveals that the web page of the Permanent Court of Arbitration in The Hague was comporomised with malware on July, during the the third day of the hearing on the territorial dispute in the South China. Suspects are directed to China.Targeted AttackGovernmentCENLhttp://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/http://www.bloomberg.com/news/articles/2015-10-15/chinese-cyber-spies-fish-for-enemies-in-south-china-sea-dispute
416/10/2015?(China?)Woods Hole Oceanographic Institution
http://whoi.edu
Woods Hole Oceanographic Institution declares to have suffered a “sophisticated, targeted attack” allegedly originated from China. The breach turns out to have started back in February 2013Targeted AttackOrg: Non-ProfitCEUShttp://qz.com/526287/one-of-americas-premier-research-institutions-was-hacked-and-the-signs-point-to-china/Woods Hole Oceanographic Institution, WHOI
518/10/2015CWAJohn BrennanA teen hacker with the nickname CWA claims to have hacked an AOL e-mail account belonging to John Brennan, the director of the CIA. The attacker claims to have obtained sensitive documents and release a small spreadsheet with alleged personal information for a number of former and current government officials. Account HijackingSingle IndividualsHUShttp://nypost.com/2015/10/18/stoner-high-school-student-says-he-hacked-the-cia/
John Brennan, CWA, CIA
618/10/2015?Road SignAnother road sign hacked. This time it happens in downtown Sacramento.UnknownRoad SignCCUShttp://www.thestate.com/news/traffic/article39874323.htmlSacramento
719/10/2015mr.nsaany AKA @mr.nsaany
http://forums.phpfreaks.comA hacker dubbed mr.nsaany AKA @mr.nsaany hacks forums.phpfreaks.com and leaks the entire database (allegedly 173.000 users).SQLiOnline ForumCCUShttp://www.databreaches.net/php-freaks-forum-database-hacked/mr.nsaany, @mr.nsaany, forums.phpfreak.com
820/10/2015?Magento-Powered e-commerce sitesSecurity researchers warn of a large campaign against Magento-powered e-commerce sites that is redirecting users to the Neutrino exploit kit.Magento VulnerabilitySingle IndividualsCC>1http://www.theregister.co.uk/2015/10/20/neutrino_exploit_kit_attacks_hit_thousands_of_magento_shops/Magento, Neutrino Exploit Kit
920/10/2015ph1k3http://www.gobol.in/And this is the example of a website hacked exploiting a Magento Vulnerability: a hacker dubbed ph1k3 hacks gobol.in and claims to have exploited a Magento vulnerability.Magento VulnerabilityIndustry: E-CommerceCCINhttp://siph0n.net/exploits.php?id=4122ph1k3, gobol.in, Magento
1020/10/2015Team Pak Cyber ExpertsOfficial Website Of Passport Office Kolkata
http://passportofficekolkata.in
Another episode of the Cyber War between India and Pakistan: a group of Pakistani hackers dubbed Team Pak Cyber Experts defaces the Official Website Of Passport Office Kolkata (passportofficekolkata.in).DefacementGovernmentCWINhttps://www.incpak.com/world/official-website-of-passport-office-kolkata-hacked-by-pakistani-hackers/Team Pak Cyber Experts, Official Website of Passport Office Kolkata, passportofficekolkata.in
1121/10/2015North KoreaSouth KoreaSouth Korea's intelligence agency reports that North Korean hackers accessed servers belonging to the Blue House, the executive office of South Korea, and stole data from computers belonging to members the nation's legislature.Targeted AttackGovernmentCEKRhttp://www.scmagazine.com/north-korean-hackers-breach-south-koreas-executive-office-servers/article/448582/North Korea, South Korea, Blue House
1221/10/2015?Several Primary Websites including eBay.de and T-Online.deMalwarebytes identifies a large malvertising campaign targeting German users on some popular web sites such as eBay.de or T-Online.deMalvertisingSingle IndividualsCCDEhttps://blog.malwarebytes.org/malvertising-2/2015/10/kampagnen-malvertising-campaign-goes-after-german-users/Malwarebytes, eBay.de, T-Online.de
1321/10/2015Amped Attacks AKA sgtbilko420Several websites affiliated with KKK and other racist contentA hacker, who goes by the name sgtbilko420, takes down several websites affiliated with the KKK and online stores selling racist paraphernalia. Targets include the KKK, the Westboro Baptist Church, a site linked to the Islamic State and even Steven Harper, the recently-departed Canadian prime minister.DDoSOrg: PoliticsH>1http://www.wired.co.uk/news/archive/2015-10/22/anonymous-hacker-takedown-racist-websitessgtbilko420, Amped Attacks
1422/10/2015?TalkTalkTalkTalk, a UK phone and broadband provider, warns its 4 million customers that attackers could have gained access to their names, addresses, credit card and bank details, dates of birth, phone numbers, email addresses and TalkTalk account information.
Few days later, police arrests four teenagers in connection with the cyberattack.
UnknownIndustry: TelcoCCUKhttp://www.cnet.com/news/isp-talktalk-hit-by-significant-and-sustained-cyberattack-in-uk/
http://www.bbc.co.uk/news/uk-34717572
TalkTalk
1522/10/2015Pawn StormMH17 Investigation TeamTrend Micro reveals that the same hackers behind Operation Pawn Storm targeted the international investigation team of the MH17 plane crash from different sides.Targeted AttackGovernmentCE>1http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-targets-mh17-investigation-team/
MH17, Pawn Storm, Trend Micro
1623/10/2015The Equation Group (allegedly linked to NSA?)German Unit of the Federal Chancellery
Der Spiegel reports that Regin, the highly sophisticated state sponsored malware, has been discovered infecting the laptop computer of a head of the German Unit of the Federal Chancellery.Targeted AttackGovernmentCEDEhttp://arstechnica.com/tech-policy/2015/10/top-german-official-infected-by-highly-advanced-spy-trojan-with-nsa-ties/Regin, NSA, The Equation Group, German Unit of the Federal Chancellery
1723/10/2015?XeroCloud-based accounting service Xero has tell its customers to reset their passwords after a "small number" of users had their accounts compromised.
Account HijackingIndustry: SoftwareCCNZhttps://grahamcluley.com/2015/10/online-accounting-software-xero-tells-users-reset-passwords-accounts-breached/Xero
1823/10/2015?Essex Police Twitter AccountEssex Police Twitter Account (@EssexPoliceUK) is hacked and posts a bogus tweet directing the user to a page hosting an offensive pictureAccount HijackingLaw EnforcementCCUKhttp://www.theguardian.com/uk-news/2015/oct/23/essex-police-apologise-after-hackers-hijack-twitter-account
Essex Police, Twitter, @EssexPoliceUK
1923/10/2015AnonymousCAT Telecom Pcl
http://www.cattelecom.com
In name of #OpSingleGateway (Thai government’s single gateway plan) the Anomymous take down the website of CAT Telecom Pcl, and leaks some data allegedly stolen from the Telco company website.UnknownIndustry: TelcoHTHhttps://www.hackread.com/anonymous-targets-thai-govt-telecom-firm/
Anonymous, CAT Telecom Pcl, cattelecom.com
2024/10/2015Anonymous R4BIA TEAMEgyptian government websitesA collective affiliated with the Anonymous called Anonymous R4BIA Team takes down several Egyptian government websites including the Egiptyan Presidency website, the Cabinet Decision Support Center (CDSC), the Ministry of Tourism, Ministry of planning, Supreme council of press, Center for Information and Decision Support, Egypt information portal, Egyptian Observatory site, National Planning Institute and several other high-profile government-owned sites. DefacementGovernmentHEGhttps://www.hackread.com/anonymous-hacks-egyptian-presidency-website/Anonymous R4BIA TEAM
2124/10/2015Fallaga Team
Film Federation of India
http://www.filmfed.org/
A Tunisian Muslim group dubbed Fallaga Team defaces the website of the Film Federation of India (filmfed.org) to protest against the killing of Muslims in Myanmar.DefacementOrg: EntertainmentHINhttp://www.nyoooz.com/hyderabad/240398/tunisian-muslim-groups-hacks-film-federation-of-india-website-to-protest-killing-of-muslims-in-myanmarFallaga Team, FIlm Federation of India, filmfed.org, Myanmar
2225/10/2015Anonymous Lebanon AKA @AnonLeb2015Several Lebanon Government WebsitesThe Lebanese branch of the Anonymous defaces several Lebanon Government Websites.DefacementGovernmentHLBhttps://twitter.com/AnonLeb2015/status/658410544043589632Anonymous Lebanon, @AnonLeb2015,
2325/10/2015?https://www.amzreviewtrader.com/An anonymous hacker hacks amzreviewtrader.com and dumps nearly 2500 usernames and clear text passwords.SQLiOnline ServicesCCUShttp://siph0n.net/exploits.php?id=4125amzreviewtrader.com
2426/10/2015?Wichita Schools.The Wichita, Kansas public school system is investigating a possible hacking attempt on one of its networks that took place on Oct. 23.
UnknownEducationCCUShttp://www.scmagazine.com/wichita-schools-investigates-possible-cyber-attack/article/449481/Wichita
2527/10/2015?000Webhost.com13 million passwords appear to have been leaked from 000Webhost, a free service provider.
SQLiIndustry: HostingCCCYhttp://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/?ss=Security
000Webhost.com
2628/10/2015?British GasBritish Gas contacts about 2,200 of its customers to warn them that their email addresses and account passwords are posted online. The company declares that the accounts come from an external source.
UnknownIndustry: UtilitiesCCUKhttp://www.bbc.com/news/technology-34663210
British Gas
2728/10/2015?Jaguar XFRA Jaguar car has reportedly been ‘hacked' in Auckland New Zealand. An individual entered into a car dealership in New Zealand's largest city and stole a Jaguar XFR, worth nearly £80,000.
Electronic Device
N/ACCNZhttp://news.softpedia.com/news/despite-new-equipment-rutgers-university-goes-down-after-ddos-attack-493155.shtmlJaguar
2829/10/2015?Optimal Payments PLCOptimal Payments Plc declares to be investigating allegations that personal data belonging to some of its customers could have been compromised and being available in the dark web. According to the allegations the breaches had occurred at two of its units back in 2012 or earlier.UnknownIndustry: Online PaymentsCCUKhttp://uk.reuters.com/article/2015/10/29/us-optimal-payments-cybercrime-idUKKCN0SN0OR20151029Optimal Payments Plc
2929/10/20159Yellowfront GroceryYellowfront Grocery in Damariscotta, Maine, notifies its customers via Facebook that it had experienced a point-of-sale (POS) breach on Oct 23.PoS MalwareIndustry: RetailCCUShttp://www.scmagazine.com/yellowfront-grocery-notified-customers-via-facebook-of-pos-breach/article/450345/
Yellowfront Grocery
3029/10/2015KelvinSecTeamhttp://www.misionsucre.gob.ve/KelvinSecTeam hacks a subdomain of the Venezuelan Education Ministry and dumps 2,788 usernames and clear text passwords.UnknownGovernmentCCVEhttp://pastebin.com/xh93uwpNKelvinSecTeam, misionsucre.gob.ve
3129/10/2015NetherlandsMoDzhttp://asialawhouse.com/A hacker calling himself NetherlandsMoDz claims to have hacked asialawhouse.com and dumps nearly 7,000 usernames and clear text passwords.UnknownIndustry: E-CommerceCCINhttp://pastebin.com/nAzu3XkrNetherlandsMoDz, asialawhouse.com
3230/10/2015?Unidentified National FirmThe First National Bank of Omaha issues new debit cards to customers in seven US states after a large data breach at an unidentified national firm.UnknownN/ACCUShttp://www.bbc.com/news/world-asia-34409343First National Bank of Omaha
3330/10/2015?https://www.aussiefarmers.com.auAn unknown hacker hacks aussiefarmers.com.au and dumps more than 5,500 personal records.UnknownIndustry: E-CommerceCCAUhttp://siph0n.net/exploits.php?id=4143aussiefarmers.com.au
3430/10/2015?http://thaiind.com/
http://pukpik.com/
http://ads.thaimisc.com
An anonymous hacker hacks three Thailand e-commerce sites in a single shot and dumps approximately 5900 usernames and hashed passwords for each one of them.UnknownIndustry: E-CommerceCCTHhttp://siph0n.net/exploits.php?id=4150
http://siph0n.net/exploits.php?id=4151
http://siph0n.net/exploits.php?id=4152
thaiind.com, pukpik.com, ads.thaimisc.com
3530/10/2015Photon AKA @PhotonicProtonComputing Science Inside - University of Glasgow
http://csi.dcs.gla.ac.uk
A hacker calling himself @PhotonicProton hacks a subdomain of the University of Glasgow and dumps 3,091 records with clear text passwords.UnknownEducationCCUKhttp://siph0n.net/exploits.php?id=4154 Photon, @PhotonicProton, csi.dcs.gla.ac.uk
3631/10/2015?Vodafone
Vodafone declares that 1,827 customers had their accounts accessed, with criminals potentially gaining their names and some bank
details.But it insists its systems had not been breached.
UnknownIndustry: TelcoCCUKhttp://pastebin.com/C17sguxMVodafone
3731/10/2015?PageFairPagefair, the analytics service that estimates the revenue loss due to Ad-blockers is compromised to distribute malware. Around 500 publishers are affected.Targeted AttackIndustry: SoftwareCCIEhttp://blog.pagefair.com/2015/halloween-security-breach/PageFair
3831/10/2015Photon AKA @PhotonicProtonhttp://www.mac-torrents.com/@PhotonicProton hacks mac-torrents.com and dumps nearly 95,000 records with usernames and hashed passwords.UnknownTorrent TrackerCCUShttp://siph0n.net/exploits.php?id=4156 Photon, @PhotonicProton, mac-torrents.com
3931/10/2015VirushackerSeveral colleges across Kolkata (India)A Pakistani hacker dubbed Virushacker defaces several colleges across Kolkata including: Mohan College, Maharaja Manindra College, and Anandamohan College.DefacementEducationCWINhttp://www.dnaindia.com/india/report-websites-of-several-kolkata-colleges-hacked-2140527Virushacker, Kolkata, Mohan College, Maharaja Manindra College, and Anandamohan College

Leave a Reply

%d bloggers like this: