16-31 March 2016 Cyber Attacks Timeline

Let’s go with the second part of the March Cyber Attacks Timeline (first part here), covering the main cyber attacks occurred between March 16 and 31.

1.5 million: this is the number of customer records stolen from Verizon Enterprise Solutions, and put published on an underground forum, in which can be considered the most important event of this fortnight. This event has shadowed another massive breach, in Japan, where the local police has discovered over 18 million user credentials hosted on a server of a local Japanese company, which allowed Chinese hackers to use its infrastructure for their attacks. Last but not least, this two weeks have also seen an unusual number of malvertising events with several high-profile victims.

The Anonymous were also quite active: most of all in the Philippines where hacktivists affiliated with the movement have dumped the entire populations of voters, consisting in 55 million records. Other minor operations hit Canada (a mining company), Kenya (a refinery), and Angola (28 government websites).

Last but not least, the Cyber War between India and Pakistan seems to be far from a conclusion. These two weeks have reported two operations carried on by Pakistan against India, one of which is quite particular: a malicious app uploaded in the Google Play Store, immediately become quite popular among the Indian Army, which allowed the Pakistani to snoop on the enemy’s conversations.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 15/03/2016 Pakistan India Google removes the malicious SmeshApp from its play store, after an investigation by CNN-IBN, an Indian TV station, reveals that Pakistan was using it to snoop on Indian military personnel. Mobile Malware Military CE IN
2 16/03/2016 NSHC Swiss People’s Party (SVP) A group of hackers dubbed NSHC claims to have hacked the database of Switzerland’s largest political party, the conservative Swiss People’s Party (SVP) and stolen the personal data of over 50,000 people, including the names and email addresses of SVP supporters. Unknown Org: Political Party CC CH
3 16/03/2016 NSHC Several websites including the Swiss Federal Railways (SBB) and a number of retailers, including electronic retailer InterDiscount The same group that hacked the SVP, takes down several swiss websites including the Swiss Federal Railways (SBB) and a number of retailers, including electronic retailer InterDiscount. DDoS Transportation Industry: Retail CC CH
4 17/03/2016 ? Lakes Region Scholarship Foundation Lakes Region Scholarship Foundation notifies past applicants that their names, addresses and Social Security numbers may have been stolen by hackers. Unknown Org: Education CC US
5 17/03/2016 ? River Cree Casino The River Cree casino says it was the victim of a “cyberattack” that resulted in the theft of customer and employee information. Unknown Industry: Hotel and Hospitality CC US
6 18/03/2016 ? usacycling.org (USA Cycling) In an email sent out to its over 62,000 members, USA Cycling, the official US cycling organization, warns to have suffered a “data security incident” that may have exposed members’ names, mailing addresses, email addresses, dates of birth, emergency contact details, and passwords. Unknown Org: Sport CC US
7 18/03/2016 KarmaSec visit-jy.com Hacktivists from KarmaSec hack the server of Japan’s Yamaguchi Prefecture Tourism Promotion Division (visit-jy.com) and leak a trove of data protesting in support of animal rights and brutality in the country. Unknown Industry: Tourism H JP
8 18/03/2016 SadClowns Several High Profiles including FOX News, BusinessInsider Proofpoint reveals how the malvertising campaign detected at the beginning of March has evolved. The malicious actors behind the campaign are dubbed “SadClowns”. Malvertising >1 CC >1
9 18/03/2016 BitQuick BitQuick announces to shut down its server following an attack that gave the attacker unauthorized administrative access. However, all funds, IDs and emails remain secured. Unknown Bitcoin Exchange CC US
10 19/03/2016 ? Several News Outlets in Sweden Several news outlets in sweden are taken down by a large-scale DDoS attack. The list of the victims include: Dagens Nyheter, Expression, Svenska Dagbladet, Aftonbladet, Sydsvenskan, Helsingborgs Dagblad, Dagens Industri. DDoS News CC SE
11 19/03/2016 ? naira4dollar.com Naira4dollar, a Nigerian e-currency exchange website, is the target of unknown hackers who are able to steal $15,000 worth of Bitcoins. Account Hijacking Bitcoin Exchange CC NG
12 20/03/2016 ? EC-Council (eccouncil.org) The website of EC-Council, the professional organization that administers the Certified Ethical Hacker program, is compromised to redirect the visitors to an Angler Exploit Kit landing page, where the infamous Teslacrypt ransomware is injected. Malicious PHP injection via WordPress Vulnerability Org: Security Professionals CC US
13 20/03/2016 ? Harry Styles and Kendall Jenner One Direction singer Harry Styles and his alleged girlfriend Kendall Jenner have their personal photos leaked online after iCloud account hack. Account Hijacking Single Individuals CC UK
14 20/03/2016 AnonymousCorrupt nasa.gov AnonymousCorrupt, a group of hacktivists linked to the Anonymous claim to have taken down the nasa.gov website. DDoS Government H US
15 21/03/2016 ? Norfolk General Hospital THe website of the Norfolk General Hospital is hacked to spread malware to its visitors. Joomla Vulnerability Healthcare CC CA
16 21/03/2016 ? Concordia University Concordia University warns the community about a possible computer security breach. Malware Education CC CA
17 22/03/2016 ? Kemuri Water Company (fantasy name for a water utility) The latest Verizon Data Breach Report reveals the details of an attack against a water utility company, in which the attackers were able to infiltrate the water utility’s control system and change the levels of chemicals being used to treat tap water. SQLi/Phishing Utility H N/A
18 22/03/2016 ? Pivotal Software Pivotal Software notifies the California Department of Justice Office of the Attorney General to have been hit with a W-2 phishing scam where an unknown number of the company’s employees had their tax data compromised. Account Hijacking Industry: Software CC US
19 22/03/2016 ? Kentucky State University Kentucky State University is the victim of a BEC scam: an employee, responding to an email supposedly from the school’s president, sends off the 2015 W-2s for about 1000 employees and students. Account Hijacking Education CC US
20 22/03/2016 ? Chinese Users FireEye reveals the details of a malvertising campaign, targeting Chinese users, employing the Baidu advertising platform, and abusing one of its ad APIs to push malware. Malvertising Several Individuals CC CN
21 23/03/2016 ? Sprouts Farmers Market Sprouts Farmers Market falls victim to a W-2 phishing scam, with the company admitting an employee sent off the tax data for all its workers to an unknown person. Account Hijacking Industry: Grocery CC US
22 23/03/2016 ? Ryman Hospitality Properties Ryman Hospitality Properties falls victim to a fraudulent phishing scam that resulted in employees’ IRS W-2 information, which includes Social Security numbers, being disclosed externally. Account Hijacking Industry: Hotel and Hospitality CC US
23 24/03/2016 ? Verizon Enterprise Solutions The contact information on some 1.5 million customers of Verizon Enterprise is published on an underground forum. THe company confirms to have recently discovered and remediated a security vulnerability on its enterprise client portal. Mongo DB Vulnerability Industry: Telco CC IT
24 24/03/2016 Pakistan India Trend Micro release the details of Operation C-Major, a Pakistan-Linked Cyber-Espionage Campaign Against Indian military employees. Targeted Attack Military CE IN
25 24/03/2016 @gift2death norfolkadmirals.com @gift2death posts online the personal information of roughly 250 Norfolk Admirals hockey team customers. SQLi Sport CC US
26 24/03/2016 ? vbulletin.com vnulletin.org Administrators of the vBulletin forums start a site-wide password reset operation after an unknown attacker gained access to one of their servers. Unknown Industry: Software CC US
27 24/03/2016 ? jasacare.org JASACare reports to have been attacked by hackers who managed to gain access to its email system. As a consequence of the breach of an employee’s email account, patient and employee data could have been potentially compromised. Account Hijacking Org: Home Care CC US
28 25/03/2016 ? gumtree.com.au Malwarebytes reveals the details of a malvertising campaign, distributing the infamous Angler Exploit Kit, and targeting gumtree.com.au. Malvertising Community CC AU
29 25/03/2016 ? OpSec Security OpSec Security joins the list of the companies victim of email scams, as a consequence the 2015 W-2 tax forms for current and former employees are compromised. Account Hijacking Industry: Anti-Counterfeiting CC US
30 25/03/2016 ? Tidewater Community College Tidewater Community College reports that the tax information of all those employed at the school in 2015 (3000 employees) is taken in a spear phishing scam. Account Hijacking Education CC US
31 25/03/2016 ? Mercy Iowa City and Mercy Clinic Mercy Iowa City and Mercy Clinic notify patients that a malware discovered on their systems could have compromised the identities of 15,000 users. Malware Healthcare CC US
32 26/03/2016 China Japan Tokyo police announces the discovery of over 18 million user credentials on a server of Nicchu Shinsei Corp., a local company that complicitly allowed Chinese hackers to use it in their attacks. Unknown Single Individuals CC JP
33 27/03/2016 Anonymous Philippines LulzSec Philippines COMELEC (comelec.gov.ph) The database of the Philippine Commission on Elections (COMELEC) is breached and the personal information of 55 million voters potentially exposed in two consecutive attacks. Unknown Government H PH
34 27/03/2016 ? SportPursuit sportpursuit.co.uk Clothes website SportPursuit is hit by hackers over the Easter weekend, potentially losing customers’ bank card details. Unknown Industry: E-Commerce CC IE
35 27/03/2016 Anonymous BCGold Corp. As part of its #OpCanary operation against multinational corporations, the Anonymous deface the homepage of BCGold Corp., a Canadian-based company focused primarily on gold and copper mining. Defacement Industry: Mining H CA
36 28/03/2016 Andrew “Weev” Auernheimer Several Universities including Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, and Mount Holyoke College Andrew “Weev” Auernheimer sends out a massive racist print job on the networks of several US Universities Unauthorized Access Education CC US
37 29/03/2016 ? likes.com livejournal.com Malwarebytes reveals the details of a malvertising campaign, distributing the infamous Angler Exploit Kit, and targeting likes.com and livejournal.com, two famous social network sites visited by respectively 110M and 140M visitors per month. Malvertising Social Network CW US
38 29/03/2016 ? Cravath Swaine & Moore LLP Weil Gotshal & Manges LLP FBI investigates the breaches at two know law firms Cravath Swaine & Moore LLP, and Weil Gotshal & Manges LLP, and issues a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting international law firm information used to facilitate business ventures. Targeted Attack Law Firms CC US
39 29/03/2016 Budminer Several Entities in Taiwan Symantec reveals the details of Backdoor.Dripion, a cyber espionage campaign attribute to a threat actor known as Budminer, targeting entities in Taiwan. Targeted Attack N/A CE TW
40 29/03/2016 Anonymous Kenya Petroleum Refineries Limited As part of their #OpAfrica, the Anonymous deface (rickroll) the website of Kenya Petroleum Refineries Limited. Defacement Industry: Oil and Energy H KE
41 29/03/2016 Anonymous Portugal 28 Angolan Government Websites In name of #OpLusofonia, the Portuguese branch of the Anonymous defaces 28 Angolan Government Websites in retaliation for the recent sentencing of 17 activists. Defacement Government H AO
42 29/03/2016 ? Several Hacked Websites Sucuri reveals the details of a new black hat SEO campaign that leverages a combination of hacked websites, backdoors, doorway scripts, and SEO poisoning to redirect users to pornographic sites. >1 >1 CC >1
43 30/03/2016 ? Coinkite Inc. After a sustained wave of DDoS attacks, the Bitcoin startup Coinkite Inc. officially announces the shutdown of its secure wallet service. DDoS Bitcoin Exchange CC US
44 31/03/2016 TheNeoBoss teamskeet[.]com A hacker called TheNeoBoss hacks teamskeet[.]com and advertises on the dark web the database supposedly containing email addresses, plain text passwords, names, and physical and IP addresses for over 237,000 users of the site, as well as the broader porn network, Paper Street Media (PSM). SQLi Adult Site CC US

Leave a Reply

%d bloggers like this: