16-30 November 2015 Cyber Attacks Timeline

Here we are again! This time with the list of the main cyber attacks occurred in the second fortnight of November (part I here).

Landesk, Pearson VUE, Starwood Hotel, and Invest Bank are the most noticeable targets for this fortnight (along with three unnamed Greek banks blackmailed by the DDoS gang Armada Collective).

However, this timeline is clearly characterized by hacktivism thanks to the multiple actions executed by members of the Anonymous collective (even if driven by different motivations). The Anonymous kicked off their campaign against ISIS-related social account profiles (in name of OpISIS), and also hit other primary targets such as: Japan’s Health, Labor and Welfare Ministry, several Iceland Government Websites (OpWHales), the website of United Nations Climate Change and the website of Taiwan Police (OpSingleGateway).

But the timeline also offers several cases of state-sponsored attacks, such as a new version of the Turla and Dark Seoul campaigns, a new threat actor dubbed Strontium targeting government bodies, diplomatic, and military institutions in NATO countries and some parts of Eastern Europe, and a new undetectable RAT dubbed GlassRAT focused on Chinese nationals in commercial organizations.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
111/11/2015Armenian A.S.A.L.A. groupMortgage Fund sub-domain of the Azerbaijan Central Bank
http://amf.cbar.az
Another episode of the cyber war between Armenians and Azerbaijani hackers: Armenian hackers calling themselves the Armenian A.S.A.L.A. group hack the Mortgage Fund sub-domain (amf.cbar.az) of the Azerbaijan Central Bank and leak some customer data.SQLi?FinanceHAZhttps://www.hackread.com/armenian-group-hacks-azerbaijan-central-bank/
216/11/2015TurlaSeveral targets belonging to Business and GovernmentFireEye identifies a new campaign suspected to be tied to a Russian state-sponsored group previously analyzed by Kaspersky and known under the name of Turla. This time the group has breached and infected over 100 websites that have a business and government audience.Targeted Attack>1CE>1http://news.softpedia.com/news/tracking-scripts-used-by-state-sponsored-group-to-spy-on-government-officials-496245.shtml
317/11/2015AnonymousISIS Twitter AccountsIn name of #OpParis, the activist group Anonymous claims to have taken down 5,500 pro-ISIS Twitter accounts.UnknownOrg: TerrorismHN/Ahttp://www.scmagazine.com/anonymous-shutters-55k-pro-isis-twitter-accounts/article/454869/
417/11/2015Ghost Sec (affiliated to Anonymous)ISIS Main ForumMembers of the hacking collective Anonymous claim to have shut down Isdarat, a main ISIS forum on the Dark Web.UnknownOrg: TerrorismHN/Ahttp://www.vocativ.com/news/251771/anonymous-hits-main-isis-forum/
http://www.ibtimes.co.uk/hackers-replace-dark-web-isis-propaganda-site-advert-prozac-1530385
517/11/2015?Several DomainsMalwarebytes identifies one of the largest malvertising campaigns in recent months going through 10 different ad domains receiving massive volumes of Internet traffic. The campaign is used to distribute the Angler and Neutrino EKs.Malvertising>1CC>1https://blog.malwarebytes.org/malvertising-2/2015/11/the-casino-malvertising-campaign/
617/11/2015?Several IndividualsUnknown hackers create a PayPal phishing site, making a clone site, using an SSL certificate of the World Bank Domain.Phishing>1CC>1https://www.hackread.com/world-bank-ssl-certificate-host-paypal-phishing-scam/
717/11/2015?http://www.trampolining-online.co.uk/An unknown hacker hacks trampolining-online.co.uk and dumps 16,353 usernames and hashed passwords.UnknownIndustry: E-CommerceCCUKhttps://siph0n.in/exploits.php?id=4209
817/11/2015?http://www.friendshipkey.com/An unknown hacker hacks friendshipkey.com and dumps 16,353 usernames and hashed passwords.UnknownDatingCCPKhttps://siph0n.in/exploits.php?id=4208
918/11/2015?LandeskLandesk alerts employees that a data breach may have exposed their personal information. According to some internal sources, the attackers first broke into Landesk network in June 2014.Targeted AttackIndustry: SoftwareCCUShttp://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/
1018/11/2015Hacker BubaInvest BankA hacker called Hacker Buba hacks into Invest Bank and holds it to ransom, demanding $3M, and leaking confidential data of clients on Twitter every few hours.UnknownFinanceCCUAEhttp://gulfnews.com/xpress/dubai/courts-crime/hacker-holds-uae-bank-to-ransom-demands-3m-1.1626394
1118/11/2015Dark SeoulTransportation and logistics sector in EuropeResearchers from Palo Alto identify a new campaign that shows similarities with the Infamous Dark Seoul campaign discovered in March 2013.Targeted AttackIndustry: TransportationCE>1http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/
1219/11/2015StrontiumComputer systems belonging to government bodies, diplomatic, and military institutions in NATO countries and into some parts of Eastern Europe.Microsoft unveils the details of Strontium (also known as APT28, Sednit, Sofacy and Fancy Bear), a threat actor that is thought to identify potential targets from mailing lists, public forums and social media sites, and then use spear phishing techniques to steal login credentials.Targeted Attack>1CE>1http://www.tripwire.com/state-of-security/security-data-protection/strontium-microsoft-warns-of-hacking-gang-targeting-government-and-nato-workers/
1320/11/2015?Starwood Hotels & ResortsStarwood Hotels & Resorts Worldwide Inc says that payment systems at 54 of its hotels in North America had been infected with a malware designed to collect payment card data.
PoS MalwareIndustry: Hotel and ResortCCUShttp://www.reuters.com/article/2015/11/20/us-starwood-hotels-hacking-idUSKCN0T91XO20151120#sRYDJwSG4gBkmgci.97
1420/11/2015AnonymousJapan's Health, Labor and Welfare Ministry
http://www.mhlw.go.jp/
The website of Japan's Health, Labor and Welfare Ministry is taken down by a DDoS attack. The Anonymous collective claims responsibility.DDoSGovernmentHJPhttp://www.globalpost.com/article/6691762/2015/11/21/japan-probes-possible-cyber-attack-anonymous-health-ministry-website
1521/11/2015NetPirates, @LulzNetPirates, dhiqar.nethttp://www.dhiqar.net/NetPirates hack dhiqar.net, an ISIS related website and dump 14,059 records with usernames and hashed passwords.SQLiOrg: Political PartyHIQhttps://siph0n.in/exploits.php?id=4235
1622/11/2015?Linux Australia
https://linux.org.au/
Linux Australia allegedly suffers a second leak of data from its servers, according to a message sent to its main mailing list by president Joshua Hesketh.UnknownOrg: SoftwareCCAUhttp://www.itwire.com/business-it-news/open-source/70431-linux-australia-suffers-another-data-leak
1722/11/2015Team System DZhttp://veterans.co.richland.wi.us/
http://recycling.co.richland.wi.us/
http://em.co.richland.wi.us/
A collective of Pro-ISIS hackers dubbed Team System DZ defaces three domains of the Richland County office.DefacementGovernmentHUShttps://www.hackread.com/isis-hacks-richland-county-veterans-services-site/
1823/11/2015?Five Unnamed BanksGroup-IB reveals that over the last 5 years criminals in Russia found a way to steal 252 million Rubles ($3.8 million) from five unnamed banks, using a novel technique called a “reverse ATM attack”. Reverse ATM AttackFinanceCCRUhttp://www.forbes.com/sites/thomasbrewster/2015/11/23/visa-mastercard-atm-fraud-hackers-steal-millions-dollars/
1923/11/2015?Pearson VUETechnology certification management provider Pearson VUE is the victim of a computer security breach after malware compromises its Credential Manager System.MalwareIndustry: MediaCCUKhttp://www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/
2023/11/2015?Several Wodrpress sites including blogs.independent.co.ukMalwarebytes identifies a campaign affecting dozens of WordPress sites compromised with the same malicious code redirecting to the Angler exploit kit. The campaign is a new version of the one previously known as EITest.Wordpress Vulnerability>1CC>1https://blog.malwarebytes.org/hacking-2/2015/11/catching-up-with-the-eitest-compromise-a-year-later/
2123/11/2015?Chinese nationals in commercial organizations.RSA unveils the details of a new undetectable RAT dubbed GlassRAT. The tool, active since three years, it is used as part of a very targeted campaign, focused on Chinese nationals in commercial organizations.Targeted Attack>1CECNhttp://www.infosecurity-magazine.com/news/glassrat-zerodetection-trojan/
2223/11/2015?Gigi HadidGigi Hadid admits to be blackmailed by a group of hackers who claim they're ready to leak private content from her iPhone unless she pays up.
Account HijackingSingle IndividualCCUShttp://www.tmz.com/2015/11/23/gigi-hadid-iphone-hackers/
2323/11/2015RyanDa1338http://www.hortinews.co.ke/RyanDa1338 hacks hortinews.co.ke and dumps 42,065 usernames and hashed passwords.UnknownNewsCCKEhttps://siph0n.in/exploits.php?id=4234
2424/11/2015?U.S. Air ForceThe U.S. Air Force investigates how classified data about a competition for a next-generation U.S. bomber was found into a report published by Forbes magazine.UnknownMilitaryCEUShttp://www.reuters.com/article/2015/11/25/usa-airforce-bomber-idUSL1N13G01220151125#2jOmxoHjGQ3smBxZ.97
2524/11/2015Turk Hack TeamRussian Central Bank
http://www.cbr.ru
Turkish hackers from Turk Hack Team take down the official website of Russian Central Bank (cbr.ru) amid tension near Syrian-Turkey border.DDoSFinanceHRUhttps://www.hackread.com/turkish-hackers-target-russian-central-bank-site/
2626/11/2015?Several additional Wordpress sites including the website of popular magazine Reader’s Digest (rd.com)Malwarebytes detects a different version of the campaign previously known as "EITest" is detected. The victims include the website of popular magazine Reader’s Digest (rd.com).Wordpress Vulnerability>1CC>1https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-other-wordpress-sites-compromised-push-angler-ek/
2726/11/2015Multiple Indian Hacking GroupsMultiple Pakistani TargetsMultiple hacking groups from India carry out coordinated attacks against more than 200 Pakistani websites, as revenge for 7th anniversary of the Mumbai November 26, 2008 terror attacks.DefacementGovernmentCWPKhttp://news.softpedia.com/news/indian-hackers-deface-125-pakistani-websites-as-payback-for-mumbai-2008-attacks-496903.shtml
2826/11/2015Multiple Pakistani Hacking GroupsCentral Bank of IndiaAnd as a partial revenge Pakistani hackers hack the website of the Central Bank of India. Rumors on Twitter also indicate that Pakistani hackers are also to blame for the downtime on the website of an Indian BJP Intellectuals cell.UnknownGovernmentCWINhttp://www.techworm.net/2015/11/indian-cyber-warriors-pay-homage-to-2611-martyrs-by-hacking-200.html
2927/11/2015?https://www.vtech.comA massive breach compromises 4.8 million of records from VTech, a Hong Kong toy company.SQLiIndustry: Children ToysCCHKhttp://www.troyhunt.com/2015/11/when-children-are-breached-inside.html
3027/11/2015?Unnamed hosting company affecting Hungryhouse.co.ukOnline takeaway service Hungryhouse resets the passwords of thousands of its customers following an apparent data breach at a third party hosting company. 10.000 users might be affectedUnknownIndustry: Online Food DeliveryCCUKhttp://www.theregister.co.uk/2015/11/27/hungryhouse_password_change/
3127/11/2015?https://www.cryptocoinsnews.com
https://hacked.com/
Two websites (CryptoCoinNews and Hacked) offer bounty of five bitcoins (worth about £1200) to catch blackmailer who is holding them to ransom with DDoS threat.DDoSNewsCCNOhttp://www.scmagazineuk.com/news-websites-offer-bitcoin-bounty-over-ddos-attacker/article/456389/
3227/11/2015AnonymousIceland Government WebsitesIn name of #OpWhales, the Anonymous take down almost all the Iceland government websites for about 13 hours as a protest against the whaling practices in Iceland.DDoSGovernmentHIShttps://www.hackread.com/anonymous-crushes-iceland-govt-for-whale-slaughter/
3327/11/2015Several Indian HackersSeveral Pakistani WebsitesIndian hackers pay homage to 26/11 Mumbai attack martyrs by hacking 200 Pakistani websitesDefacementGovernmentHPKhttp://www.techworm.net/2015/11/indian-cyber-warriors-pay-homage-to-2611-martyrs-by-hacking-200.html
3429/11/2015Pakistani Cyber AttackersJabalpur Police
http://www.jabalpurpolice.org
Hackers calling themselves “Pakistani cyber attackers” deface the official website of Jabalpur police with Pakistani flags and slogans claiming revenge against Indian attacks.DefacementLaw EnforcementCWINhttp://www.databreaches.net/madhya-pradesh-police-falls-to-pakistani-cyber-attackers/
3530/11/2015Armada CollectiveThree Unnamed Greek BanksReuters reveals that hackers belonging to the Armada Collective have staged cyber-attacks on three Greek banks and demanded a ransom in bitcoins, to stop their disruption.
DDoSFinanceCCGRhttp://www.reuters.com/article/2015/11/30/greece-banks-idUSL8N13P5B420151130#8J9mWZxowdvvfWli.97
3630/11/2015AnonymousUnited Nations Climate Change
https://unfccc.int/
Anonymous breach into the website of United Nations Framework Convention on Climate Change (UNFCCC) against the police attack on Cop21 March and leak personal information of 1415 officials.SQLiOrg: United NationsHN/Ahttps://www.hackread.com/anonymous-hacks-un-climate-change-website/
3730/11/2015AnonymousTaiwan PoliceIn name of #OpSingleGateway, the Anonymous hack Thailand Police Servers against Internet Censorship.SQLiLaw EnforcementHTWhttps://hacked.com/opsinglegateway-anonymous-hacks-thai-police-servers-proves-its-point/
3830/11/2015?http://sexyirelandescorts.com
http://vipescortsparis.com
http://viplondonescortsguide.com
http://stockholmescorts.org
http://romeitalyescorts.com
http://pragueescortsservices.com
http://newyorkescortsinfo.com
http://mylosangelesescorts.com
http://euroescortsberlin.com
http://escortszurich.com
http://calldubaiescorts.com
http://belgiumescortgirls.com
http://athensescortsgreece.com
http://escort-gallery.com
Special mention of the month for an anonymous hacker who dumps data from several Escort sites. The sum of the total accounts is close to 18,000.UnknownDatingCC>1

Leave a Reply

%d bloggers like this: