16-31 December 2015 Cyber Attacks Timeline

Happy new year and happy new timeline! It’s time to publish the last timeline of the year, which closes 2015 and covers the main events occurred between 16 and 31 December 2015. I do not remember such a complicated Christmas from an Infosec perspective.

The problems have begun with the threats of the Phantom Squad, who had declared to DDoS the PlayStation Network and Xbox Live, emulation the actions of the Lizard Squad one year ago. The mission has been only partially accomplished since only Xbox Live and Electronic Arts have been partially affected. However many other primary targets have been DDoSed: the list of the victims also include: Linode, several Turkish Banks, BBC and most of all Steam. The latter in particular has paid the highest price since a caching configuration change applied to handle the DDoS attack has lead to the inadvertent exposure of 34.000 users.

Then Juniper Networks has issued an urgent security advisory about “unauthorized code”, active since 2012, found within the operating system used by some of the company’s firewalls and Secure Service Gateway appliances, and few days later Chris Vicker, a security researcher has discovered a leaked database of more than 3.3 million user accounts belonging to Sanrio Digital, and finally Ukraine has admitted to have been targeted, during the Christmas Eve, by an alleged Russian malware that has caused several power outages in the country.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target
Class
Attack Class Country
1 16/12/2015 Phantom Squad Xbox Live Phantom Squad prepare their Christmas campaign and claim responsibility for a DDoS attack on Microsoft’s Xbox Live service. DDoS Industry: Video Games CC US
2 16/12/2015 APT16 Taiwan Security researchers from FireEye unveil the details of APT16, a new APT group linked to mainland China, targeting Taiwanese politicians and members of the media, just weeks before the country’s elections. Targeted Attack Government CE TW
3 16/12/2015 C0d3c1t4d3l keepyourlinks.com C0d3c1t4d3l hacks keepyourlinks.com and dumps 4,586 usernames and clear text passwords. Unknown Online Services CC US
4 17/12/2015 ? Juniper Networks Juniper Networks issues an urgent security advisory about “unauthorized code” found within the operating system used by some of the company’s firewalls and Secure Service Gateway appliances. The vulnerability, which may have been in place in some firewalls as far back as 2012 and which shipped with systems to customers until late 2013, allows an attacker to gain remote administrative access to systems with telnet or ssh access enabled. Unauthorized Code Industry: Networking CE US
5 17/12/2015 ? Landry’s Inc. Landry’s Inc. is the latest hospitality firm to suffer a credit card breach PoS Malware? Industry: Hospitality CC US
6 17/12/2015 Mexican Drug Cartels Unmanned Air Vehicles The US Department of Homeland Security (DHS) and the US Customs and Border Protection (CBP) agency report on incidents where drug traffickers have hacked unmanned air vehicles (UAVs, drones) in order to illegally and secretly cross the US-Mexican border. GPS Spoofing Government CC US
7 18/12/2015 ? Gyft Digital gift card retailer Gyft forces a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. Unknown Industry: Online Services CC US
8 18/12/2015 Databoss BitTorrent clients qTorrent, Deluge and SumoTorrent A hacker known as Databoss steals the databases of BitTorrent clients qTorrent and Deluge, and offers access to all the data via his website databoss.io. Unknown BitTorrent Clients CC N/A
9 19/12/2015 Monte Melkonian Cyber Army Azerbaijani Ministry of Labour and Social protection Azerbaijani Ministry of Emergency Situations Armenian hackers from The Monte Melkonian Cyber Army hack the official websites of Azerbaijani Ministry of Labour and Social protection and the Ministry of Emergency Situations, and leak a trove of sensitive documents belonging to local citizens. Unknown Government CW AZ
10 19/12/2015 Comcastkids agpestores.com A Crew called Comcastkids hacks agpestores.com and dumps 120,000 usernames and passwords. SQLi Industry: Payment Processing CC US
11 19/12/2015 ? Unnamed Delhi-based Firm The Delhi Police is probing a cyber heist in which suspected Isis hackers have routed payments made to a Delhi-based firm to the bank accounts associated with Islamic State (Isis) in Turkey. Account Hijacking N/A CC IN
12 20/12/2015 Iranian hackers New York Dam The Wall Street Journal reports that Iranian hackers penetrated the online control system of a New York dam in 2013. Apparently hackers gained access to the dam through a cellular modem. Targeted Attack Utilities CE US
13 20/12/2015 ? Martub Shkreli Martin Shkreli, the pharmaceutical executive of Turing Pharmaceuticals facing U.S. charges of securities fraud, has his Twitter account hacked. Account Hijacking Single Individual CC US
14 21/12/2015 ? Sanrio Digital Chris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com. Unknown Industry: Toys CC JP
15 22/12/2015 Roaming Tiger Russian Speaking Organizations Palo Alto Networks unveils the details on a cyber-espionage campaign currently targeting Russian or Russian-speaking organizations. The campaign seems the continuation of an operation first uncovered by ESET, called Roaming Tiger. Suspects are directed to China. Targeted Attack Government CE RU
16 23/12/2015 ? Hyatt Hotels Corporation Hyatt Hotels Corporation announces that it recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations (627 properties across more than 50 countries). PoS Malware Industry: Hospitality CC US
17 24/12/2015 ? Livestream Video live-streaming service Livestream notifies customers of a security breach that may have given unauthorized persons access to user information such as email addresses, encrypted passwords, dates of birth and phone numbers. Unknown Online Services CC US
18 24/12/2015 Phantom Squad Electronic Arts Phantom Squad, the group of hackers who threatened to ruin the Christmas for gamers decide to keep their promise and take down the Electronic Arts servers. DDoS Industry: Video Games CC US
19 24/12/2015 Russia? Ukrainian Utilities The Ukrainian government blames power outages in the Western Ukraine on “hacker attacks by Russian special services”. According to the Security Service of Ukraine (SBU), malware has been found in the networks of some utilities. Moreover, these malware intrusions coincided with a “non-stop telephone flood at utility plants’ technical support departments”, according to local reports. Targeted Attack Government CW UA
20 24/12/2015 Anonymous Rabaa Team Ministry of the Environment in Costa Rica sirea.minae.go.cr/ Egyptian hackers associated with the Anonymous Rabaa Team deface the website of the Ministry of the Environment in Costa Rica, and more specifically, two pages with details about the System of Conservation Areas and the Isla del Coco (Cocos Island), the inspiration for Isla Nublar from the Jurassic Park movies. Defacement Government H CR
21 24/12/2015 Anonymous Turkish leading banks such as Isbank, Garanti and Ziraat Bank Anonymous claims responsibility for the wave of DDoS attacks against Turkey (accusing the government to support ISIS) and starts a second wave against some Turkish leading banks such as Isbank, Garanti and Ziraat Bank. DDoS Finance H TR
22 24/12/2015 ? Brian Kreb’s Paypal Account Brian Kreb’s PayPal account is hacked. The attackers tried unsuccessfully to send his PayPal funds to Junaid Hussain, a 17-year-old member of the hacktivist group Team Poison tied to the jihadist militant group ISIS. Account Hijacking Single Individual CC US
23 24/12/2015 Exe-code geolify.com Exe-code hacks geolify.com and dumps 3.706 usernames and hashed passwords. Unknown Online Services CC AU
24 25/12/2015 ? Steam A DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34.000 users. DDoS Industry: Video Games CC US
25 25/12/2015 Anonymous Asia Pacific Telecommunity apt.int Members of the Anonymous hacker collective deface the Asia Pacific Telecommunity website (apt.int), gain access to the site’s admin panel and also manage to get their hands on a database dump. Defacement Org: Telecommunication H INT
26 25/12/2015 ? Road Sign A crook decides to boost Donald Trump’s visibility in the GOP nomination race by breaking into a road sign in Corona (California) and changing its default message into one in support of the Republican candidate. Road Sign Hacking Road Sign CC US
27 27/12/2015 ? University of Connecticut The official Web portal of the University of Connecticut is compromised and used to spread malware to all visitors, masqueraded as a fake Adobe Flash Player update. DNS Hijacking Education CC US
28 27/12/2015 ElSurveillance 79 escort websites A Moroccan hacker who calls himself ElSurveillance defaces and steals data from 79 escort websites, as part of a larger campaign he started last summer, a campaign against adult and escort portals motivated by religious beliefs. Defacement Adult Sites (Escort) H >1
29 27/12/2015 ? Quincy Credit Union Quincy Credit Union temporarily suspends its customers’ ATM cards after multiple people reported fraudulent charges. The banks confirms it is investigating a possible hack. Unknown Finance CC US
30 28/12/2015 ? 191 million American citizens registered to vote Researcher Chris Vickery uncovers a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote (300 Gb). The data appears to date back to 2000. The researchers point the finger to NationBuilder, a service that sets up digital campaigns for political parties. Unknown Government CC US
31 28/12/2015 ? Rutgers University Rutgers University is the target of a large-scale DDoS attack that keeps some of its systems down for four days between December 24 and December 28. DDoS Education CC US
32 28/12/2015 ? Several Dance Moms cast members Several Dance Moms cast members, including Abby Lee Miller, Mackenzie Ziegler and others have their phone numbers and other cast info posted on social media by an unknown hacker. Account Hijacking Single Individuals CC US
33 28/12/2015 ? tunesoman.com An unknown hacker hacks tunesoman.com and dumps 7,343 usernames and passwords. Unknown Industry: E-Commerce CC OM
34 29/12/2015 ? Linode Virtual server host Linode is the target of a four days lasting DDoS attack. DDoS Industry: Hosting CC US
35 29/12/2015 Mr.Sh4hz3b-HaXoR aerobertics.be A hacker called Mr.Sh4hz3b-HaXoR hacks aerobertics.be and dumps 1,259 usernames and hashed passwords. SQLi Industry: E-Commerce CC BE
36 30/12/2015 Mr 4nOnymOus (part of 034th adr355 Cr3w) kasganjlive.in Another episode of the Cyber War between India and Pakistan. A local news portal of Kasganj district (kasganjlive.in) is hacked by a Pakistani hacker called Mr 4nOnymOus. Defacement News CW IN
37 30/12/2015 ? psicamp.it/ An unknown hacker hacks psicamp.it and dumps 2049 usernames and passwords. Unknown Org: Health CC IT
38 31/12/2015 ? BBC All the BBC’s websites are unavailable early following a DDoS attack. DDoS Industry: Media CC UK
39 31/12/2015 China? Several individuals leaders of China’s Tibetan and Uighur minorities According to former Microsoft employees, Microsoft experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular, but it decided not to tell the victims, allowing the hackers to continue their campaign. Targeted Attack Single Individuals CE .TI
40 31/12/2015 ? Cyberoam Security firm Cyberoam confirms a cyber attack on its systems last week, resulting in possible leakage of its database containing personal details of one million records of customers and partners. Apparently the author of the attack is trying to sell the database in the dark web for 100 BTC ($43,000). Unknown Industry: Security Hardware and Software CC IN
41 31/12/2015 bRpsd autolet.it A hacker called bRpsd hacks autolet.it and dumps 2,716 records including usernames and clear text passwords. SQLi Industry: E-Commerce CC IT

Leave a Reply

%d bloggers like this: