16-29 February 2016 Cyber Attacks Timeline

I know I was quite late with the timelines in the last period: I am trying to catch up as quickly as I can, and now it’s time to publish the second Cyber Attacks Timeline of February (first part here).

So it turned out that not even the Linux Distributions are immune from hackers: Linux Mint, the most popular flavor of the Open Source OS was the most important target of this fortnight: not only the forum has been hacked (and the details of 70,000 users leaked), but also the website was compromised to redirect the users to download a modified ISO with an embedded backdoor.

Another particularly devastating event (which curiously did not find too mach space in the media) hit Media1.com, a dating site, whose 27 million accounts were allegedly stolen and sold.

The Hacktivists were also quite active, especially in Italy where the Anonymous released 120,000 records from a local provider. Moreover this month has seen the comeback of the infamous collective TeaMp0isoN (or at least someone else using that name as at least two members have been possibly arrested).

Last but not least, a complex long-lasting cyber espionage operation against Japan has been revealed (Operation Dust Storm), and the US Secretary of Defense has admitted once and for all, that a cyber-offensive is currently ongoing to “interrupt [and] disrupt ISIL’s command and control”.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 16/02/2016 ? Spotify Hundreds of Spotify Premium account details are compromised and leaked online by an unknown hacker. A number of separate data dumps containing email addresses, passwords, account types and renewal dates appear online. Brute Force? Industry: Music Streaming CC RU
2 16/02/2016 ? Kankakee Valley REMC Kankakee Valley REMC falls victim to a possible breach, due to the access of a storage device on the cooperative’s network from a foreign IP.` Unknown Industry: Utility CC US
3 16/02/2016 ? 4,000 confidential records of police officers, lawyers and judges About 4,000 confidential records, the purported home addresses of police officers, lawyers, and judges, are published on the website PBSOTalk.com. Unknown Law Enforcement CC US
4 16/02/2016 Team Fursec differencegames.com Team Fursec hack differencegames.com and dump 16,589 usernames and hashed passwords. Unknown Online Games CC US
5 17/02/2016 Bravewanderer techfactory.net Bravewanderer hacks techfactory.net and dumps 15,601 usernames and clear text passwords. Unknown Industry: E-Commerce CC US
6 17/02/2016 Bravewanderer bfsihiring.com Bravewanderer hacks bfsihiring.com and dumps 24,317 usernames and clear text passwords. Unknown Industry: Recruiting CC IN
7 18/02/2016 Peace Linux Mint Forum A hacker called Peace claims to have stolen the entire database of the Linux Mint Forum (70,000 users). Unknown Org: Software CC N/A
8 19/02/2016 Qadmon (or Kadimon) Israel’s CCTV Systems Qadmon (or Kadimon), one of Hezbollah’s hacking units reveals it managed to breach many of Israel’s CCTV systems, having had access to camera feeds from various government buildings. Targeted Attack Government CE IL
9 19/02/2016 ? Bohemia Interactive Bohemia Interactive announces a potential security breach of the Mantis Feedback Tracker systems, used to collect feedback and bug reports for the games Arma 3 and DayZ. Unknown Industry: Video Games CC CZ
10 20/02/2016 Peace Linux Mint Distribution Clem Lefebvre, the creator of the Linux Mint Distribution reveals that an intrusion on the distribution’s web site took place, in which hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack the website to point to it. THe attackers are also able to breach the forum database. Malicious PHP Script Org: Software CC N/A
11 22/02/2016 ? York Hospital York Hospital reports a breach of 1,483 employees’ identifying information. Unknown Healthcare CC US
12 22/02/2016 Anonymous Websites of Italian Regions Apulia and Basilicata In name of #OpGreenRights, the Italian branch of the Anonymous collective takes down the websites on local authorities of Apulia and Basilicata for participating in the Trans Adriatic Pipeline (TAP) project. DDoS Government H IT
13 22/02/2016 Anonymous Centre d’Identification des Materiels de la Defense As a form of protest against French Arms Trade the Anonymous hack into one of the Web portals managed by France’s Ministry of Defense (outils.cimd.interarmees.defense.gouv.fr). Unknown Government H FR
14 22/02/2016 Anonymous Cincinnati Police Department Members of Anon Verdict, a sub-division of the Anonymous hacker collective, leak the details for 52 officers and employees of the Cincinnati Police Department. The Police Department questions the validity of the hack. Unknown Law Enforcement H US
15 24/02/2016 ? Japanese companies in electric utilities, oil and gas, finance, transportation and construction. Cylance reveals the details of Operation Dust Storm, a multi-year, multi-attack campaign against the Japanese critical infrastructure, carried on by a well-funded threat group, likely associated with a nation/state, targeting Japanese companies in electric utilities, oil and gas, finance, transportation and construction. Targeted Attack >1 CE JP
16 24/02/2016 ? Steven Petrow Steven Petrow, a USA Today journalist, reveals to have been hacked during a flight. Account Hijacking Single Individual CC US
17 24/02/2016 TeaMp0isoN AKA @TeaMp0sioN unwto.org United Nations World Tourism Organization Members of the TeaMp0isoN hacking crew hack into the United Nations World Tourism Organization and dump 1524 records with forum member usernames, email addresses, and MD5-hashed passwords. SQLi Org: United Nations H N/A
18 25/02/2016 ? Coast Central Credit Union The website of Coast Central Credit Union, a financial institution that serves more than 60,000 customers, is hacked, allowing attackers to implant a backdoor. Backdoor via Joomla plugin vulnerability Finance CC US
19 25/02/2016 ? RubberStamps.net RubberStamps.net notifies about 7,000 customers that its web site was compromised Unknown Industry: Stamps CC US
20 25/02/2016 ? incipio.com Incipio, LLC notifies an unspecified number of customers that malware compromised orders placed online. Malware Industry: E-Commerce CC US
21 26/02/2016 ? University of California Berkeley The University of California, Berkeley, admits to have been hit by a second data breach which may have exposed the data of 80,000 people to misuse. Unknown Education CC US
22 26/02/2016 ? Pickens County School District The Pickens County School District is flooded by a DDoS attack DDoS Education CC US
23 26/02/2016 TheFamily duelyst.com TheFamily hacks duelyst.com and dumps 13,732 usernames and hashed passwords. Unknown Online Games CC US
24 27/02/2016 Truthsec Miami Police Officer TruthSec, one of the smaller hacking crews that claim to be part of Anonymous, responds to a Miami police officer who doxed an innocent woman, by releasing his private information. Unknown Law Enforcement H US
25 27/02/2016 China Norway General Lt. Morten Haga Lunde, head of the Norwegian Intelligence Service E-tjenesten (Etterretningstjenesten) makes official statements accusing the Chinese government of launching cyber-attacks against his country. Targeted Attack Government CE NO
26 27/02/2016 LulzSec Italia primodominio.it LulzSec Italia hacks primodominio.it and dumps 126,422 usernames and passwords. Unknown Industry: Web Hosting H IT
27 28/02/2016 ? Snapchat Snapchat executives reveal in a blog post that the payroll data of some current and former employees was exposed as the result of a scam e-mail (allegedly sent by the company CEO Evan Spiegel) received by a human resources employee. Account Hijacking Industry: Software CC US
28 28/02/2016 TeaMp0isoN AKA @TeaMp0sioN mss.twcbc.com Time Warner Cable Business Class Managed Security Solutions portal Members of the TeaMp0isoN hacking crew hack into the Time Warner Cable (TWC) Business Class website, steal its database and dump online 4,191 records containing IDs, usernames, email addresses, and encrypted passwords. SQLi Industry: Telco CC US
29 28/02/2016 Cyber Caliphate Solar UK Ltd Hackers from Cyber Caliphate supporting the Islamic State group deface Solar UK Ltd. a small solar energy company, in revenge for a drone strike which killed Junaid Hussain. Defacement Industry: Solar Panel H UK
30 29/02/2016 US Military ISIL THe US Secretary of Defense Ash Carter reveals that the US military is currently waging a cyber-offensive to “interrupt [and] disrupt ISIL’s command and control, to cause them to lose confidence in their networks, to overload their network so that they can’t function…” Unknown Org: Terrorism CW N/A
31 29/02/2016 ? Israeli Banks’ Customers Kaspersky Lab reveal the details of ATMZombie, a sophisticated trojan targeting Israeli customers, characterized by the ability to exploit a loophole in one of the bank’s online features; and later by physically withdrawing money from the ATM, Malware Finance CC IL
32 29/02/2016 ? Mate1.com A hacker on the dark web forum Hell claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com. SQLi Dating CC CA

Leave a Reply

%d bloggers like this: