1-15 January 2016 Cyber Attacks Timeline

It’s time to publish the first timeline of 2016, covering the main cyber attacks between 1 and 15 January 2016.

A new year begun under the sign of hacktivism, since the Anonymous and their affiliates have characterized this fortnight withseveral attacks (essentially DDoS ) against the governments of Thailand, Saudi Arabia, Nigeria, and also a primary automotive company like Nissan.

Time Warner Cable, Linode, and (partially) Citrix characterized the cyber crime landscape. In particular the event that occurred to Citrix is still surrounded by mistery, since the alleged hack, denied by the company, was unveiled in October.

Curiously there were no events driven by Cyber Espionage this month (so far).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 02/01/2016 New World Hacktivists (NWH) donaldjtrump.com The hacking group New World Hacktivists (NWH) takes down the official Election Campaign website of American Presidential candidate Donald Trump (donaldjtrump.com). The same attackers claim responsibility for the DDoS attack that crippled the BBC website during the New Year’s Eve. DDoS Single Individual H US
2 03/01/2016 Anonymous Saudi Arabian Government
Websites
The Anonymous protest against the execution of 47 people in Saudi Arabia and take down several high-profile Saudi Arabian government websites under the banner of operation #OpSaudi and #OpNimr. DDoS Government H SA
3 03/01/2016 Sc0rp!n [email protected] from Muslim Cyber Army Goa University unigoa.ac.in Sc0rp!n [email protected] from Muslim Cyber Army hacks the Goa University (unigoa.ac.in) and dumps 10,380 records with hashed passwords. Unknown Education H IN
4 04/01/2016 ? Saudi Ministry of Defense
moda.gov.sa
The tension between Iran and Saudi Arabia continue in the cyberspace: a group of unknown hackers carries on a DDoS attack on Saudi Arabian Ministry of Defense moda.gov.sa. DDoS Government H SA
5 05/01/2016 Anonymous 14 Thailand Police Websites The Anonymous start their campaign against the Thai government and claims responsibility for shutting down 14 Thailand police websites to protest the death sentences of two Myanmar migrant workers (Zaw Lin and Win Zaw Htun) convicted of murdering two British tourists (Hannah Witheridge and David Miller). DDoS Law Enforcement H TH
6 05/01/2016 ? Linode After struggling with a long-lasting DDoS attack, Linode reports a credential leak and runs a system-wide password reset on customer accounts. Account Hijacking Industry: Web Hosting CC US
7 05/01/2016 ? Right-Wing
Christian Group
Another massive database leaked in the wild… Chris Vickery, a security researcher discovers a leak containing 56 million records belonging to right-wing Christian group originating in the US. Unknown Organization: Political Party CC US
8 05/01/2016 ? Chinese Banks’ Customers McAfee reveals the details of a novel phishing campaign against Chinese banks’ customers that lures users sending phishing text messages and redirecting them to authenticate into fake websites. Account Hijacking Single Individuals CC CN
9 05/01/2016 ISIS Facebook Account of Ruqia Hassan The Independent reveals that after murdering the activist Ruqia Hassan Mohammed in September, the ISIS jihadists hijacked and continued to operate her social media accounts until very recently to lure other opponents into a trap. Account Hijacking Single Individual CW LB
10 05/01/2016 root AKA @ciadotgov allwomenstalk.com Root AKA @ciadotgov hacks allwomenstalk.com and dumps 136,938 usernames and passwords. Unknown Social Network CC UA
11 05/01/2016 ? gope.com.br An unknown hacker hacks gope.com.br and dumps 3,096 records including usernames and hashed passwords. SQLi Industry: recruiting CC BR
12 06/01/2016 ? Dell A new tech support scam targeting Dell customers raises concern that the PC manufacturer could have been breached since the criminals seem to be in possess of private information of the victims. Unknown Industry: Computer Hardware CC US
13 06/01/2016 ? Forbes Website Brian Baskin, a digital forensics expert, is served with malware when visiting the Forbes’ website, after the AD blocker as suggested. Malvertising News CC US
14 06/01/2016 GeNiuS-JorDan Republic of Uganda Ministry of Foreign Affairs A hacker going with the online handle of GeNiuS-JorDan defaces the official website of The Republic of Uganda, Ministry of Foreign Affairs, posting a message against the US Invasion of Iran. Defacement Government H UG
15 06/01/2016 Delete
TheDamnElite
alda-europe.eu A hacker called DeleteTheDamnElite hacks alda-europe.eu and dumps 6,594 emails. SQLi Organization: Politics CC N/A
16 07/01/2016 ? Time Warner Cable Time Warner Cable warns that login credentials for 320,000 customers may have been stolen. However the event looks more like a phishing attack rather than a direct hack. Account Hijacking Industry: Telco CC US
 17 07/01/2016 ? Japanese Banks’ Customers Researchers at IBM X-Force unmask the cybergang that controls the Rovnix Trojan launching an aggressive campaign against 14 major Japanese Banks. Malware Single Individuals CC JP
18 07/01/2016 root AKA @ciadotgov battlefy.com root AKA @ciadotgov hacks battlefy.com and dumps 89,299 usernames and hashed passwords. Unknown Online Services CC US
19 08/01/2016 Anonymous Nigerian Government websites In name of #OpNigeria and #OpCorruption, the Nigerian branch of the Anonymous takes down several government websites. DDoS Government H NG
20 08/01/2016 IBH Indian Black Hats Pakistani Government websites An Indian hacking crew going by the name of IBH (Indian Black Hats) defaces several Pakistani websites in revenge for the death of Lt. Col. Niranjan Kumar and as an homage to his two-year-old daughter Vismaya. Defacement Government CW PK
21 08/01/2016 ? Indian Institute of Management – Ahmedabad (IIM-A) iimcat.ac.in The results of the Common Admission Test (CAT) 2015 for the Indian Institute of Management – Ahmedabad are leaked before being officially released. Unknown Education CC IN
22 08/01/2016 Sonny 000webhost.com Forum A hacker called Sonny hacks the 000webhost.com forum and dumps 34,658 records including usernames and hashed passwords. SQLi Industry: Web Hosting CC CY
23 09/01/2016 ? Interxion Data center services Interxion informs customers that it has suffered a security breach, which has seen hackers access contact information stored in its CRM about corporate clients and prospects. The breach happened in December and could have affected 23,200 users. Unknown Industry: Web Hosting CC NL
24 09/01/2016 Fr0mShell over2craft.fr A crew called Fr0mShell hacks over2craft.fr and dumps 5,868 accounts with clear text passwords. Unknown Online Services CC FR
25 10/01/2016 ? Jeremy Corbyn Twitter Account @jeremycorbyn An attacker takes over the Twitter account of the Labour Leader Jeremy Corbyn and posts several bogus tweets. In particular one of them mocks the UK Prime Minister David Cameron. Account Hijacking Single Individual CC UK
26 10/01/2016 ROR[RG] LifeSafer A hacker called ROR[RG], who acts as the moderator of the recently re-booted Hell hacking forum, dumps supposed internal documents of LMG Holdings, and more specifically, at least one of the companies it owns, LifeSafer, specialized in Car Breathalyzer. Unknown Industry: Car Breathalyzer CC US
27 10/01/2016 Fr0mShell o2c.fr Fr0mShell hacks o2c.fr and dumps 4,160 accounts with clear text passwords. Unknown News CC FR
28 10/01/2016 root AKA @ciadotgov milq.com root AKA @ciadotgov hacks milq.com and dumps 3,594 usernames and hashed passwords Unknown Social Network CC CA
29 11/01/2016 ? faithless.co.uk 18,000 British fans of the dance music band Faithless have their personal data stolen after the website faithless.co.uk is hacked. The breach happened in September but is reported only in January 2016. SQLi Industry: Entertainment CC UK
30 11/01/2016 Crackas With Attitude or CWA Social Media Accounts of James Clapper Director of National Intelligence Crackas With Attitude or CWA, the same teen hackers who last year broke into the CIA Director John Brennan’s email accounts, now target the Director of National Intelligence James Clapper, breaking into several email accounts and changing the settings so that every call to his house number get forwarded to the Free Palestine Movement. Account Hijacking Single Individual H US
31 11/01/2016 ? TaxAct Tax software maker TaxAct informs some of its customers that an unauthorized third party accessed their TaxAct account in late 2015. Unknown Industry: Software CC US
32 11/01/2016 ? Minesota Court system.mncourts.gov The Minnesota court system announces that its website (mncourts.gov) was down for ten days in December due to a series of severe DDoS attacks. DDoS Government CC US
33 11/01/2016 ? Brigham and Women’s and Brigham and Women’s Faulkner Hospitals Brigham and Women’s and Brigham and Women’s Faulkner Hospitals report an incident involving the compromise of an employee’s email account. The information of 1,009 patients is compromised. Account Hijacking Healthcare CC US
34 12/01/2016 Cyber TeamRox Cambodian Websites A group of online hackers calling themselves Cyber TeamRox deface several Cambodian websites over the past two days, including those of the Cambodian Navy, AEON Microfinance and Build Bright University. Defacement >1 CC KH
35 13/01/2016 Anonymous nissan-global.com nissan.co.jp In name of #OpKillingBay, the Japanese carmaker suspends its global (nissan-global.com) and Japanese (nissan.co.jp) sites after they are DDoSed by the Anonymous. DDoS Industry: Automaker H JP
36 13/01/2016 Anonymous Hundreds of Thai Government Websites The Anonymous continue their campaign against Thai government and take down hundreds of government websites over death sentences handed down to two Myanmar migrant workers (Zaw Lin and Win Zaw Htun) for the murder of two British tourists (Hannah Witheridge and David Miller). DDoS Government H TH
37 13/01/2016 W0rm Citrix A Russian hacker dubbed W0rm claims to have broken into systems run by Citrix, and gained access to potentially a huge number of customers. Unknown Industry: Software CC US
38 13/01/2016 ElSurveillance ebar.com ElSurveillance hacks ebar.com and dumps 1,148 usernames and clear text passwords. Unknown News H US
39 14/01/2016 Crackas With Attitude or CWA Social Media Accounts of Vonna Weir Heaton The teen hackers of CWA hack the Facebook and Linkedin accounts of Vonna Weir Heaton, a former senior executive at the National Geospatial-Intelligence Agency (NGA). Account Hijacking Single Individual H US
40 14/01/2016 ? Hokkaido University Hokkaido University reveals that the personal data of more than 110,000 students and graduates may have been leaked due to unauthorized access of its computer systems by unknown parties. Unknown Education CC JP
41 14/01/2016 ? Blue Shield of California Blue Shield of California announces that personal information from nearly 21,000 individual and family plan customers was accessed in a security breach late last year. Unknown Healthcare CC US
42 14/01/2016 Blink Hacker Group Supreme Court of Thailand The Operation #BoycottThailand, aimed to expose the wrongdoing of Thai Police over the death sentences handed down to two Myanmar migrant workers, continues. Blink Hacker Group, a collective affiliated to the Anonymous leaks 1Gb of data belonging to Thailand’s Supreme Court. Unknown Government H TH
43 14/01/2016 bRpsd emkoelektronik.com A hacker with the handle bRpsd hacks emkoelektronik.com.tr and dumps 9,253 usernames with clear text passwords. Unknown Industry: Control Instruments CC TR
44 15/01/2016 ? Cryptsy Paul Vernon, founder of Cryptsy announces that the cryptocurrencies exchange has been hacked. The announcement is made more than a year after the discovery of the hack because Cryptsy, in the meantime, was trying to cover the losses, which amount to USD 6M. Code Backdoor Cryptocoin Exchange CC US

Leave a Reply

%d bloggers like this: