1-15 March 2016 Cyber Attacks Timeline

It’s time to publish the timeline of the main cyber attacks occurred during the first fortnight of March, two weeks that have been characterized by an unbelievable amount of attacks aimed to file fraudulent tax returns and carried on via Business Email Compromise (and the list of the victims includes a well-known brand like Seagate).

Other remarkable events motivated by Cyber Crime include the breach suffered by 21st Century Oncology (2.2 Million patients and employees possibly compromised) and the heist against the Central Bank of Bangladesh where the $ 80 million stolen by the attackers could have been much worse without the spelling mistake that allowed to detect the illegitimate activity of the criminals.

Finland, South Korea and India were the main victims of operations motivated by Cyber Espionage a sector that also offered multiple noticeable events in this period.

Last but not least, hacktivists preferred to keep a low profile, the chronicles report the leak of Donald Trump’s voicemail, a wave of DDoS attacks against several targets in Salt Lake City (these two operations were carried on by hacktivists affiliated to the Anonymous collective) and a spree of attacks against targets in Russia in retaliation for the the Malaysia Airlines Flight MH17.

f you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/03/2016 ? Seagate Seagate is the last victim of a payroll phish. A Seagate employee sends the data to an outside e-mail address after receiving an e-mail purportedly from Seagate’s CEO Stephen Luczo requesting 2015 W-2 data for current and former Seagate employees. Account Hijacking Industry: Computer Storage CC US
2 01/03/2016 ? Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG), BIMCO [Baltic and International Maritime Council] and The Standard Club issue a warning regarding an alleged security breach in the Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG), potentially resulting in the release of ships’ data to pirates. MTISC-GoG denies the claims. Unknown Org: Anti-Piracy Maritime Security CC GU
3 01/03/2016 @TheFamilyMethod Bank of North Dakota Members of the @TheFamilyMethod claim to have hacked the Bank of North Dakota and dump the records of 124 transactions. SQLi Finance CC US
4 01/03/2016 @0x1Taylor sktorrent.eu @0x1Taylor hacks sktorrent.eu and dumps more than 117,000 usernames and passwords. SQLi Torrent Tracker CC SK
5 01/03/2016 ? Pharm-Olam International Pharm-Olam International starts notifying employees of a security incident that compromised their names, Social Security and income information Account Hijacking Industry: Legal Services CC US
6 01/03/2016 RyanDa1338 plastic4you.ru RyanDa1338 hacks plastic4you.ru and dumps 26,396 usernames and passwords. Unknown Industry: Plastic Surgery CC RU
7 01/03/2016 DarkHotel Several Executives Chinese Company ThreatBook reveals a new spree in the infamous DarkHotel Campaign dubbed Operation 8651. Targeted Attack >1 CE >1
8 02/03/2016 ? Central Concrete Supply Central Concrete Supply notifies its employers of a security incident that might have been exposed their personal information. Account Hijacking Industry: Concrete CC US
9 02/03/2016 ? cplusplustutor.com An unknown hacker hacks cplusplustutor.com and dumps 5,596 usernames and hashed passwords. Unknown Online Services CC US
10 03/03/2016 ? Unnamed Global Shipping Company An incident detailed in the recently released Verizon Data Breach Digest report, unveiled this week at the RSA security conference reveals that a global shipping company has been the victim of high-seas piracy aided by a network intrusion. The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo. Unknown Industry: Shipping CC N/A
11 03/03/2016 ? Cox Communications Cox Communications investigates a possible data breach after alleged names, email addresses, phone numbers, and other information relating to some 40,000 employees is currently advertised on The Real Deal Market, a marketplace specialising in stolen data and computer exploits. Unknown Industry: Telco CC US
12 04/03/2016 ? Moneytree Moneytree is the latest company to alert current and former employees that their tax data, including Social Security numbers, salary and address information, was accidentally handed over directly to scam artists. Account Hijacking Industry: Financial Services CC US
13 04/03/2016 ? Mansueto Ventures Another victim of a payroll phish: unknown criminals obtain the IDs of 90 percent of the employees of Mansueto Ventures and use the data to file the fraudulent tax returns. Account Hijacking Industry: Publishing CC US
14 04/03/2016 ? GCI GCI notifies more than 2,500 employees that their W-2 forms were stolen in an apparent phishing scam in February. Account Hijacking Industry: Telco CC US
15 04/03/2016 ? Rosen Hotels & Resorts US chain Rosen Hotels & Resorts is the latest to confirm a malware-based breach of its payment processing systems. The breach covered an extended period between September 2, 2014 to February 18, 2016 POS Malware Industry: Hotel and Hospitality CC US
16 04/03/2016 Cyber Anakin Several websites including km.ru and nival.com Cyber Anakin, a teenage hacker angry about the downing of the Malaysia Airlines Flight MH17, claims to have breached several random Russian websites and spilling the private information on 1.5 million of Russian internet users. Unknown >1 H RU
17 05/03/2016 Anonymous Donald Trump’s voicemail Donald Trump’s voicemail is allegedly  hacked by members of Anonymous. The messages are published on Gawker. Account Hijacking Single Individual H US
18 05/03/2016 Caliphate Cyber Army 55 New Jersey police officers Hackers from the Caliphate Cyber Army release the information of 55 New jersey Police Officers, including home addresses, phone numbers and working locations. Unknown Law Enforcement CW US
19 05/03/2016 Hackers affiliated to ISIS Unnamed South Korean news-clipping firm South Korean officials launch an investigation into whether an Islamic State militant group hacked a South Korean news-clipping firm’s computer network. Data on 20 South Koreans was reportedly acquired in the attack Unknown Industry: News CW KR
20 07/03/2016 Pawn Storm Several Government Offices in Turkey A new report from Trend Micro reveals that the Russian Group behind the Operation Pawn Storm is targeting several offices in Turkey Targeted Attack Government CE TR
21 07/03/2016 Operation Transparent Tribe Indian Officials Worldwide Researchers from ProofPoint reveal the details of Operation Transparent Tribe, a campaign against Indian Officials worldwide. Targeted Attack Government CE IN
22 07/03/2016 ? Ezaki Glico Co. Ezaki Glico Co. reveals that personal data on users of its online shopping site may have been compromised following unauthorized accesses. Up to 83,194 records of personal data may have been stolen, including 43,744 that contained credit card information, according to the firm. Unknown Industry: Food manufacturing CC JP
23 08/03/2016 North Korea South Korea The South Korean National Intelligence Service (NIS) claims that North Korea hacked the smartphones of senior South Korean government officials and stole call history, texts, and even voice calls. South Korean officials’ smartphones were attacked between the end of February and early March using texts to plant malicious codes. Malware Government CE KR
24 08/03/2016 China or Russia? Finland Foreign Ministry Finland foreign minister Erkki Tuomioja reveals to the media that foreign ministry computer network has been infiltrated by spies. The breach has apparently been going on for four years. Suspects are directed to Russia or China. Targeted Attack Government CE FI
25 08/03/2016 ? 1-800 Flowers 1-800 Flowers sends out data breach letters notifying customers that a hacker might have stolen their personal information. Unknown Industry: Retail CC US
26 08/03/2016 ? hawkingtech.com An unknown hacker hacks hawkingtech.com and dumps 12,548 records with usernamens and hashed passwords. Unknown Industry: Home routers CC US
27 09/03/2016 OnionDog Companies and government agencies of Korean-speaking countries Chinese security researchers from cyber-security vendor Qihoo 360 reveals the details of a malicious actor named OnionDog that’s been targeting Korean-speaking countries since October 2013. Targeted Attack Government CE KR
28 09/03/2016 ? Greenshades A breach in the website of Greenshades causes a spike of tax refund frauds. Account Hijacking Industry: Payroll Services CC US
29 10/03/2016 ? Bangladesh Central Bank Reuters reports that unknown hackers were able to breach the Bangladesh Bank’s systems and steal its credentials for payment transfers, using them to transfer money to entities in the Philippines and Sri Lanka. The hackers were able to get away with a bounty of about $80 million, but a spelling mistake helped prevent a further nearly $1 billion theft. Account Hijacking Finance CC BD
30 10/03/2016 ? 21st Century Oncology US cancer clinic 21st Century Oncology admits that a breach on its systems may have exposed private information on 2.2 million patients and employees. The breach happened in November 2015 but the FBI asked 21st Century to hold off from disclosing the incident until a thorough investigation had been completed. Unknown Healthcare CC US
31 10/03/2016 ? Unnamed American Express third-party card processor American Express warns some customers that their personal details may have been exposed due to a data breach of a third-party service provider. Unknown Industry: Financial Services CC US
32 10/03/2016 ? Litecointalk Forum The Litecointalk forum is hacked, and all users are forced to reset their passwords. Unknown Forum CC US
33 10/03/2016 SonnySpooks buzzmachines.com SonnySpooks hacks buzzmachines.com and dumps nearly 37.000 usernames and passwords. SQLi Online Services CC US
34 10/03/2016 ? virtualworldlets.net An unknown hacker hacks virtualworldlets.net and dumps 13,421 usernames and clear text passwords. SQLi Online Services CC UK
35 11/03/2016 ? Staminus Staminus, a security company specialized in hosting and DDoS protection, is the victim of unknown hackers who breach their network, reset the routers to factory settings and dump customer data. Unknown Industry: DDoS protection CC US
36 11/03/2016 ? worldchess.com Controversial website worldchess.com, broadcasting in exclusive the World Chess Candidates Tournament, is the target of a DDoS attack. DDoS Entertainment CC US
37 11/03/2016 ? West Bloomfield School District West Bloomfield School District officials send an email to parents saying a security breach to their network exposed certain student information. Unknown Education CC US
38 13/03/2016 New World Hackers group (NWH) Official Websites of the Salt Lake City Police and Airport Hackers from New World Hackers group (NWH) claim to have taken down the official website of Salt Lake City police, the airport, First Utah Bank and Downtown Alliance in a form of protest against the shooting of the teenager Abdi Mohamed. DDoS Government H US
39 14/03/2016 ? Several high profile websites including The New York Times, the BBC, MSN, and AOL Several security vendors including Trend Micro and Malwarebytes reveal the details of a large scale malvertising campaign targeting high profile sites, including The New York Times, the BBC, MSN, and AOL. Malvertising Single Individuals CC >1
40 15/03/2016 Metropolis allosambre.com Metropolis hacks allosambre.com and dumps 1,535 usernames and clear text passwords. SQLi Online Services CC FR
41 15/03/2016 Suckfly Several government and commercial organizations Symantec reveals the details of Suckfly, a malicious actor based in China, whose attack modus operandi involves the use of stolen legitimate certificates to sign the malware used for their operations. Targeted Attack >1 CE >1
42 15/03/2016 ? Bayley’s Outdoor equipment retailer Bailey’s Inc. notifies its customers that an attacker may have stolen payment card information of 250,000 customers from the company website and that the length of the breach was longer than once thought (between Dec. 1, 2011 and Jan. 26, 2016). Unknown Industry: Retail CC US
43 15/03/2016 ? Russian customers of a dozen of unnamed banks The customers of dozens of banks in Russia are targeted by hackers pretending to be the security arm of the Russian Central Bank, FinCERT. Account Hijacking Single Individuals CC RU
44 15/03/2016 ? LAZ Parking LAZ Parking reveals that tax and revenue information for about 14,000 employees may have been stolen by an “unknown individual. Unknown Industry: Parking CC US
45 Special Mention of the Month This month has seen a remarkable number of W-2 data breaches aimed to use the stolen identities to file fraudulent tax returns. Victims include: – Ameripride – Actifio – Endologix – DataXu – Billy Casper Golf – Care.com – Matric NAC and Matrix Service Company Applied Systems – SevOne – SalientCRGT – Mitchell International – WorkCare – Foss – PerkinElmer – Advance Auto Parts – Sequoia Union High School District Account Hijacking >1 CC US

Leave a Reply

%d bloggers like this: