16-31 January 2016 Cyber Attacks Timeline

It’s time to publish the second part of the January 2016 Cyber Attacks Timeline (Part I here) covering the main Cyber Attacks occurred between January 16 and January 31.

This fortnight has shown quite a high number of events, in terms of impact the most important ones hit two companies, a bank (Crelan) and an aerospace industry (FACC), which lost respectively USD 75.8 and 54.5 as the effect of a BEC (Business Email Compromise).

Another remarkable event concerns a “possible” hack of NASA. The term “possible” is more than justified here since there are many doubts regarding the fact that the attack really happened.

And while Israel and Ukraine were the victims of more cyber attacks against their critical infrastructures, HSBC was flooded by a DDoS attack, the Cyber War between Armenian and Azerbaijani hackers added new chapters, and the Anonymous continued their personal war against the Taiwanese government.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 13/01/2016 ? TaxSlayer Tax preparation software publisher TaxSlayer notifies about 8,800 of its customers that an unauthorized third party may have gained access to the personal information contained on their tax return. Unknown Industry: Software CC US
2 16/01/2016 Russia? Kiev Airport Ukrainian authorities announce to review the defences of government computer systems, after detecting a cyber attack on Kiev’s main airport launched from a server in Russia. Targeted Attack Airport CW UA
3 16/01/2016 Börteçine Siber Tim Russian Embassy in Israel russianembassy.org.il A crew of Pro-Turkish hackers defaces the website of the Russian Embassy in Israel (russianembassy.org.il) Defacement Government H RU
4 16/01/2016 ? KickassTorrents kat.cr KickassTorrents (kat.cr) is taken down by a DDoS attack. DDoS Torrent Tracker CC N/A
5 16/01/2016 ? pagesjaunesdusenegal.com An unknown attacker hacks pagesjaunesdusenegal.com and dumps 9500 usernames and hashed passwords. Unknown Online Services CC US
6 18/01/2016 ? boards.ie The popular Irish forum boards.ie is taken down by a DDoS attack. DDoS Forum CC IE
7 18/01/2016 Islamic State Hacker Tsinghua University An ISIS-affiliated hacker dubbed “Islamic State Hacker” defaces the website of the Tsinghua University and leaves jihadist messages on some of the site’s pages. Defacement Education H CN
8 18/01/2016 CWA (Crackas WIth Attitude) John Holdren Crackas With Attitude claims to have hacked the home telephone and email account of President Barack Obama’s senior advisor on science and technology John Holdren. Account Hijacking Single Individual CC US
9 18/01/2016 Turk Hack Team Several Iranian Government Websites Hackers from Turk Hack Team take down several Iranian government websites including Ministry of information, Ministry of Foreign Affairs, Ministry of Energy and the official website of the President of the Islamic Republic of Iran (president.ir). DDoS Government H IR
10 19/01/2016 ? Crelan Belgian bank Crelan is the last victim of fraudsters, with a damage of over EUR 70 million (around $75,8 million). Account Hijacking Finance CC BE
11 19/01/2016 ? FACC Aerospace parts manufacturer FACC says that its financial accounting department has been attacked by hackers, who managed to steal approximately €50 million ($54.5 million). Account Hijacking Industry: Aerospace CC AT
12 19/01/2016 ? Royal Melbourne Hospital The Royal Melbourne Hospital’s core computer systems and personal computer systems have been infected by a virus. After two weeks the hospital still struggles to mitigate the infection. Malware Healthcare CC AU
13 19/01/2016 ? MSN.com Malwarebytes detects a malvertising campaign targeting the MSN Home Page via the AD network AdSpirit Malvertising Industry: Software CC US
14 19/01/2016 Gaza Cybergang or Gaza Hackers Team Several individuals in Israel, Egypt, Saudi Arabia, United Arab Emirates, Iraq, US and EU. ClearSky Cybersecurity reveals a new campaign originating from the Gaza Cybergang, also known as the Gaza Hackers Team. The malware is named DustSky (or NeD Worm), and targets victims in Israel, Egypt, Saudi Arabia, United Arab Emirates, Iraq, US and some European states. Targeted Attack >1 CE >1
15 19/01/2016 WKPF Ekonombank A group of Turkish hackers dubbed WKPF defaces the official website of Russia’s Joint-Stock Commercial Bank for Reconstruction and Development Ekonombank. Defacement Finance H RU
16 19/01/2016 root AKA @ciadotgov codemasters-project.net root AKA @ciadotgov hacks codemasters-project.net and dumps 57,109 usernames and hashed passwords. SQLi Forum CC N/A
17 20/01/2016 Russia? Ukrainian Utilities ESET reveals a new wave of cyberattacks against the Ukrainian electric power industry. Targeted Attack Utilities CW UA
18 20/01/2016 ? JYP Entertainment jype.com Unknown hackers take down the website of JYP Entertainment. DDoS Industry: Entertainment CC KR
19 21/01/2016 Anonymous? Flint Hospital Hurley Medical Center in Flint, Mich. is hit by a cyber attack, one day after the hacktivist group, Anonymous, threatened to take action for the city’s water crisis DDoS Healthcare H US
20 21/01/2016 MMCA (Monte Melkonian Cyber Army) Official websites of Permanent Mission of Armenia in NATO, Permanent Mission of the organization for Security and Co-operation in Europe (OSCE) and Permanent Mission of the United Nations. Hackers from the Monte Melkonian Cyber Army deface the official websites of Permanent Mission of Armenia in NATO, Permanent Mission of the organization for Security and Co-operation in Europe (OSCE) and Permanent Mission of the United Nations. Defacement >1 CW >1
21 22/01/2016 ? State of Michigan Portal michigan.gov The State of Michigan confirms to have suffered a cyber attack similar to the one targeting Hurley Medical Center. DDoS Government H US
22 22/01/2016 ? Anonymous, Hurley Medical Center, Flint The University of Virginia admits to have been targeted by a data breach which has placed the private data of employees at risk. Cyberattackers were able to access a component of the HR system, leading to the exposure of information belonging to approximately 1,400 Academic Division employees. Account Hijacking Finance CC US
23 22/01/2016 ? Premier Lotteries Ireland Premier Lotteries Ireland (PLI), which runs the Irish Lottery, confirms in a statement that it suffered a distributed denial-of-service (DDoS) attack that knocked its website offline and made it inaccessible to gamblers for some hours. DDoS Lottery CC IE
24 22/01/2016 ? Irish Government Websites A number of Irish government-related and public sector websites are knocked offline by an apparent DDoS attack. DDoS Government CC IE
25 22/01/2016 Crazy-3r3r blog.imam-khomeini.ir A Saudi hacker called Crazy-3r3r defaces the official web portal of Supreme Leader of Iran Ruhollah Khomeini (blog.imam-khomeini.ir) Defacement Single Individual CW IR
26 23/01/2016 Anonymous Narita International Airport The Anonymous claim responsibility for taking down the Narita International Airport website in revenge for the detainment of a leading US animal rights DDoS Airport H JP
27 23/01/2016 Ourmine forums.dayzgame.com The online forums of the DayZ gaming community (forums.dayzgame.com) are compromised by a group of Saudi Arabian hackers known as OurMine. 200,000 accounts could be potentially compromised. Unknown Forum CC US
28 23/01/2016 Lorde Bashtien 80 police officers from several Miami departments. A hacker dubbed Lorde Bashtien releases the personal details of 80 police officers from the Miami Police Department, the Miami-Dade Police Department, and the Miami Beach Police Department. Unknown Law Enforcement H US
29 23/01/2016 Black-Spy toyota.ru Black-Spy hacks toyota.ru and dumps 5,108 records with personal data. Unknown Industry: Automotive CC RU
30 23/01/2016 root AKA @ciadotgov kakasure.com root AKA @ciadotgov hacks kakasure.com and dumps 57,000 usernames and hashed passwords. Unknown Online Services CC JP
31 24/01/2016 Codoso or C0d0s0 Single Individuals Security researchers from Palo Alto Networks report an increased activity from Codoso or C0d0s0, the Chinese-linked cyber-espionage group that previously hacked Forbes.com and later Samsung Pay. Targeted Attack Single Individuals CE >1
32 24/01/2016 ? Bank Yerushalayim Hackers break into the servers of Bank Yerushalayim and access data on thousands of customers. Unknown Finance CC IL
33 24/01/2016 Gensu & Turkhackteam museomodena.ferrari.com The hack is not particularly impacting (664 usernames) but it affects an official subdomain of Ferrari. Unknown Industry: Automotive CC IT
34 25/01/2016 Scarlet Mimic Minority Activist Groups in China Researchers from Palo Alto Networks unveil a four-year long cyber-attack campaign with the primary mission of gathering information about minority activist groups in China (Uyghur and Tibetan groups). The campaign is dubbed ‘Scarlet Mimic’ Targeted Attack Activists Groups CE CN
35 25/01/2016 Anonymous Conservative 2016iowacaucus.com A crew dubbed Anonymous Conservative defaces the 2016 Iowa Caucus website (2016iowacaucus.com). Defacement Org: Politics H US
36 25/01/2016 ? Hailey Baldwin Unknown hackers obtain personal details of Hailey Baldwin and dump personal data including her phone number. Account Hijacking Single Individual CC US
37 26/01/2016 ? Israel’s Electric Authority The Israeli Energy Minister reveals that the Israel’s Electric Authority is currently targeted by a severe cyber-attack. Targeted Attack Utilities CC IL
38 26/01/2016 ? Fraternal Order of Police (FOP) fop.net UK-based researcher and activist Thomas White releases 2.5 GB of data stolen in a recent hack of the computer systems of the Fraternal Order of Police (FOP), the biggest police union in the United States. The activist is not the author of the attack and admits to have received the data from an unknown source Unknown Law Enforcement CC US
39 26/01/2016 ? Several .edu and .gov targets Symantec reports the worldwide infection of 3,500 public servers with a malicious script that redirects victims to other compromised websites that could be used to download malware and which the company said could be part of a recon effort for future attacks. HTML redirection Education Government CE US
40 26/01/2016 ? Sydney Data Center The notorious spyware FinFisher, used to infect mobile phones and computers, has been found in a Sydney data centre. The origin is claimed to be in Indonesia. Targeted Attack N/A CE N/A
41 26/01/2016 Hanom1960 AKA @hanomlulzsec Costa Rica Ministry of Culture and Foreign Affairs rree.go.cr In name of #OpPuraVida, a form of protest against the CAFTA trade deal, a hacker dubbed Hanom1960 AKA @hanomlulzsec hacks the Costa Rica Ministry of Culture and Foreign Affairs. Defacement Government H CR
42 27/01/2016 ? Wendy’s Wendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. Unknown Industry: Restaurant CC US
43 28/01/2016 ? CPanel CPanel says the company has managed to repel a cyberattack against servers containing customer data. One of the cPanel customer databases might have been breached. Unknown Industry: Software CC US
44 28/01/2016 ? Rotten Tomatoes and The Jerusalem Post Website Malwarebytes identifies a malvertising campaign targeting several high-profile sites such as: Rotten Tomatoes and The Jerusalem Post. Malvertising >1 CC >1
45 28/01/2016 Anonymous Taiwanese Prison System Anonymous’ crusade against the Thai justice system continues: the hacktivists take down 20 websites belonging to the local prison system. DDoS Law Enforcement H TH
46 28/01/2016 MMCA (Monte Melkonian Cyber Army) Azerbaijani government servers Hackers from Monte Melkonian Cyber Army take down several Azerbaijani government servers including: the E-Government Portal (e-gov.az), Ministry of Taxes of the Republic of Azerbaijan (taxes.gov.az) and the official Internet resource of the State Bodies (gov.az). DDoS Government CW AZ
47 28/01/2016 ? valleyevents.ca An unknown hacker hacks valleyevents.ca and dumps 4.646 usernames and hashed passwords. Unknown Online Services CC CA
48 29/01/2016 ? HSBC HSBC is hit by an apparent DDoS attack on its online banking system. DDoS Finance CC UK
49 29/01/2016 ? Neiman Marcus Group Neiman Marcus Group (NMG) reports that someone gained unauthorized access to 5,200 online customer accounts on the Neiman Marcus, Bergdorf Goodman, Last Call, and CUSP websites. Unknown Industry: Retail CC US
50 30/01/2016 Hanom1960 AKA @hanomlulzsec Colombian Ministry of Education & Colombian Ministry of Information and Communications Hanom1960 continues his campaign and leaks the databases of the Colombian Ministry of Education & Colombian Ministry of Information and Communications. Unknown Government H CO
51 30/01/2016 ? pastebin.com Pastebin is taken down by a huge DDoS attack. DDoS Online Services CC NL
52 31/01/2016 Anonsec nasa.gov The AnonSec collective claims to have broken into the computer systems of NASA, partially hijacking a drone, stealing hours of on-board footage from the agency’s fleet of aircraft, hundreds of data logs from its weather and climate missions, as well as a list of names, phone numbers and emails of more than 2,400 employees. The Agency denies the hack and many experts believe the information is unclassified and partially public. Malware Government H US

Leave a Reply

%d bloggers like this: