1-15 February 2016 Cyber Attacks Timeline

Despite my battle against CLUSIT about the origin of “their” data used to compile the statistics for the Italian Cyber Crime Report, it’s time to catch up and publish the first part of the statistics for the main cyber attacks of February.

The Cybercrime is the sector that offered the largest number of events. The list of the victims includes the University of Central Florida, the US Internal Revenue Service, the FBI, the Department of Homeland Security, and several Russian Banks particularly targeted by criminals. Moreover, a massive compromising of WordPress websites, and a brute force attack against 20 million Alibaba accounts complete the damage report.

Hacktivists were equally super active, especially against South Africa (and also other African countries) fallen under the blows of #OpAfrica.

Last but not least, Ukraine was hit by a new wave of attacks carried on through a new sample of the BlackEnergy malware family, while a local Israeli media revealed a long lastling cyber espionage campaign originating from Iran and targeting a total of 1,800 individuals, including a former chief of staff of the Israeli Army.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/02/2016 bRpsd focusfeatures.com bRpsd hacks focusfeatures.com and dumps 13,040 usernames and hashed passwords. Unknown Industry: Entertainment CC US
2 03/02/2016 ? WordPress CMS A large number of websites that run on the WordPress content management system are hacked to deliver crypto ransomware and other malicious software to unwitting end users. WordPress Vulnerability Single Individuals CC >1
3 03/02/2016 ? Magnolia Health Corporation Magnolia Health Corporation suffers a breach after an unknown perpetrator uses MHC CEO Kensett Moyle’s email address to request an Excel spreadsheet containing employee information. Account Hijacking Healthcare CC US
4 03/02/2016 Blink Hacker Group Thai Prisons The Blink Hacker group, a known division of the Anonymous hacker collective, has leaked the databases of 100 websites belonging to Thai prisons. Unknown Law Enforcement H TH
5 04/02/2016 ? University of Central Florida The University of Central Florida (UCF) admits that hackers broke into its systems and stole the personal details of more than 63,000 staff and students. The breach was discovered in early January. Unknown Education CC US
6 04/02/2016 Anonymous Roosh V Roosh V, the controversial ‘neo-masculinist’, claims to have been doxxed by an online group associated with Anonymous. Unknown Single Individual H US
7 04/02/2016 ? Several Russian Banks The Cyber Crime Department of the Russian Interior Ministry reveals the details of an operation able to steal about 1.5 bln rubles ($19.8 mln) from several dozen Russian banks, during 2015 via compromised Visa and MasterCard international payment systems. Unknown Finance CC RU
8 04/02/2016 ? mavic-mp3.com An unknown hacker hacks mavic-mp3.com and dumps 26,934 usernames and passwords. Unknown Industry: Cycling Equipment CC IT
9 05/02/2016 ? Alibaba Group’s TaoBao Local media report that hackers in China have attempted to access over 20 million active accounts on Alibaba Group’s Taobao e-commerce website. Account Hijacking Industry: E-Commerce CC CN
10 05/02/2016 ? Unknown Retailer A data breach at an unidentified online retailer force Tesco Bank to cancel some of its customers’ cards as a precaution. Users of cards from other companies are also likely to be affected. Unknown Industry: Retail CC UK
11 05/02/2016 SonnySpooks epicbot.com SonnySpooks hacks epicbot.com and dumps 40,704 records with hashed passwords. SQLi Online Services CC US
12 05/02/2016 @0x1Taylor teksyndicate.com @0x1Taylor hacks teksyndicate.com and dumps more than 30,000 records with usernames and hashed passwords. SQLi Online Services CC US
13 06/02/2016 ? Loanbase Popular international Bitcoin crowd-lending platform Loanbase suffers a security breach. Attackers are able to steal 20 BTC (8,000 USD worth). SQLi Bitcoin Exchange CC US
14 06/02/2016 World Hacker Team Broadband Systems Corporation (bsc.rw) Hacktivists kick off their #OpAfrica and breached the backend of the Broadband Systems Corporation Account Hijacking Industry: Software H RW
15 06/02/2016 Hanom1960 Uganda’s Ministry of Finance (finance.go.ug) And #OpAfrica continues with the dump of the details of 220 government employees from Uganda’s Ministry of Finance Unknown Government H UG
16 06/02/2016 Team Pak Cyber Attacker Indian Revenue Service (IRS) irsofficersonline.gov.in Pakistani Hackers deface the official web portal of the Indian Revenue Service (IRS). Defacement Government IN H
17 07/02/2016 Penis AKA @DotGovs Department of Homeland Security In name of #FreePalestine, a hacker called Penis AKA @DotGovs dumps the data belonging to 9,000 DHS officials. The trove is allegedly obtained after compromising the email address of a DHS employee. Account Hijacking Government H US
18 08/02/2016 Penis AKA @DotGovs FBI Penis AKA @DotGovs completes his job and dumps the data of 9,000 FBI Employees. Account Hijacking Law Enforcement H US
19 08/02/2016 ? Energobank Bloomberg reveals that hackers used malware to penetrate the defenses of Energobank, a Russian regional bank and move the ruble-dollar rate more than 15 percent in minutes, according to Group-IB, the Moscow-based cyber-security firm hired to investigate the attack. The “Metel” or “Corkow” malware was used to carry on the attack. Targeted Attack Finance CC RU
20 08/02/2016 ? Several Banks Worldwide Kaspersky researchers reveal to have discovered and tracked a new variant of the Carbanak Trojan (Carbanak 2.0) with new features. Malware (Carbanak 2.0) Finance CC >1
21 08/02/2016 CGMAN Russian Banks Kaspersky researchers shed some light on a new cyber-crime group, called GCMAN, targeting Russian banks. Malware Finance CC CY
22 09/02/2016 ? US Internal Revenue Service The US Internal Revenue Service is the target of an attack able to steal the electronic tax-return credentials for 101,000 social security numbers. The attack is performed using credentials stolen from an external source. Brute Force Government CC US
23 09/02/2016 Iran’s Revolutionary Guard Ex-Israeli Army Chief of Staff Channel 10 reveals that hackers affiliated to the Iran’s Revolutionary Guard breached the computers of 1,800 individuals including a former Israeli Army Chief of Staff. Targeted Attack Single Individuals CE IL
24 09/02/2016 ? South Wales Fire and Rescue Service South Wales Fire and Rescue Service discloses a security breach relating to employees’ personal data. Unknown Fire and Rescue CC UK
25 10/02/2016 ? Skype Malvertising Campaigns achieve a new level, using Skype to distribute the Angler Exploit Kit, as discovered by F-Secure. Malvertising Single Individuals CC >1
26 10/02/2016 Chilean Hackers CONADI (for Corporación Nacional de Desarrollo Indígena) conadi.gob.cl A group of Chilean hacktivists that goes by the name of Chilean Hackers break into the database of CONADI and steal the personal details of 304,189 Chilean citizens looking for state benefits from the country’s government. Unknown Government H CL
27 10/02/2016 Hanom1960, Chilean Hackers, Hazzard Bolivian Army (ejercito.mil.bo) A group of hackers breach the official email servers belonging to the Bolivian Army, download emails, and dump some of the data online. Zimbra Vulnerability Military H BO
28 10/02/2016 ? AlphaBay An example of a phishing campaign against Criminals: an ongoing phishing campaign targets users of the AlphaBay Darknet black market. Account Hijacking DarkNet Web Market CC N/A
29 11/02/2016 ? Ukrainian Mining Company and Railway Operator Researchers from Trend Micro unveil further details on the attacks targeting Ukraine in December. Samples of the same BlackEnergy family have been used to target also a mining company and a railway operator in Ukraine. Targeted Attack Industry: Mining Railway Operator CW UA
30 11/02/2016 Anonymous V-Report (v-report.co.za) In name of #OpAfrica, the Anonymous hack V-Report, a local Job portal. They claim to have stolen the details of 33,000+ individuals, but only leak the details of 54 Government Employees. Unknown Industry: Job Seeking H ZA
31 11/02/2016 ? digitalnintendo.com An unknown hackers hacks digitalnintendo.com and dumps 23,000+ usernames and hashed passwords. Unknown Online Services CC US
32 12/02/2016 Anonymous South Africa Government Communications and Information Systems (GCIS) In name of #OpAfrica, the Anonymous dump names, phone numbers, email addresses and hashed passwords of more than 1,000 government employees. SQLi Government H ZA
33 12/02/2016 Tobitow Webafrica In name of #OpAfrica, Tobitow, a member of Team Hack Argentino and Anonymous Argentina, exploit a vulnerability in the Web hosting service of Webafrica and defaced 2,532 South African websites. Defacement Industry: ISP H ZA
34 12/02/2016 ? British Association for Counselling and Psychotherapy BACP.co.uk The first example of a ransomware targeting a website: the website of the British Association for Counselling and Psychotherapy is replaced with instructions on how to pay off the extortionists: $150 (£100) in Bitcoin. Malware Org: Health CC UK
35 12/02/2016 @Smitt3nz AKA Rubber oursportscentral.com @Smitt3nz AKA Rubber hacks oursportscentral.com and dumps 12,8806 usernames and hashed passwords. SQLi Online Services CC US
36 15/02/2016 ROR[RG] Turkish National Police (EMG) A hacker known as ROR[RG] dump 17.8GB of information data from the Turkish National Police (EMG) servers. The leak allegedly happened two years ago. Unknown Law Enforcement CC TR
37 15/02/2016 ? Bitcoin Accounts A research reveals that hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure called “brain wallets” in which funds are stored in users’ minds through memorization of a password rather than a 64-character private key. Brute Force Cryptocoin Exchange CC >1
38 15/02/2016 ? Wajam Browser Add-On Researchers from Malwarebytes identify a new malvertising campaign using the Wajam Browser Add-on. Malvertising Single Individuals CC >1
39 15/02/2016 af, Ringo Starr’s Twitter Account An unknown hacker under the name “af,” hijacks the Twitter account of the ex Beatles’ drummer Ringo Starr Account Hijacking Single Individual CC UK
40 15/02/2016 World Hacker Team South Africa’s Department of Water Affairs (DWA) In name of #OpAfrica and #OpMonsanto hackers from World Hacker Team hack the South Africa’s Department of Water Affairs (DWA) and leak the data of 5,800 government employees. Unknown Government H ZA
41 15/02/2016 World Hacker Team Tanzania Telecommunications Company Limited Hackers from World Hacker Team hack Tanzania Telecommunications Company Limited, a state-owned company that provides fixed basic telephone services and dump the details of around 2,000 employees. Unknown Industry: Telco H TZ
42 15/02/2016 New World Hackers (NWH) Xbox Live The New World Hackers crew takes down the Xbox Live Service DDoS Industry: Software CC US

Leave a Reply

%d bloggers like this: