1-15 April 2016 Cyber Attacks Timeline

Spring has sprung, and it’s now time to publish the first timeline of April.

Even if this fortnight has not been particularly rich of events from a mere numeric perspective, a few breaches are destined to be remembered for long for the consequences not necessarily limited at the infosec community. I am obviously talking about the Mossack Fonseca leak, the dump containing the records of 50 million Turkish citizens, and the 43Gb of data belonging to the Syrian Nation Agency for Network Services. The list of the victims of massive breaches also included Naughty America with its 3.8 million accounts.

On the Cyber Espionage/Cyber War front, this has been quite a tough period for Sweden whose air traffic control system has been allegedly targeted by Russian hackers (a solar storm according to the official version). In the same days the Swedish Armed force has revealed that their military computers were hacked and used in an attack targeting major US banks in 2013… Not a great reward for a military network.

And while the Cyber War between Armenia and Azerbaijan reached new levels (with the involvement of Turkish actors), there is nothing particularly meaningful to mention related to hacktivism. Well… Like every year hacktivists from all over the world threatened Israel in occasion of the so-called #OpIsrael declared for April 7th. However, following the trend of the last few years, the damages (if any) were absolutely negligible.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/04/2016 ? Sites running vulnerable WordPress and Joomla installations Avast warns about a longstanding black hat SEO campaign involving sites running hacked WordPress and Joomla installations. Malicious JQuery injection >1 CC >1
2 01/04/2016 Turk Hack Team Several Armenian Government Servers A group of Turkish hackers going by the online handle of Turk Hack Team (THT) defaces some Armenian Government servers to claim their hold on the Nagorno-Karabakh region. Defacement Government CW AM
3 02/04/2016 Monte Melkonian Cyber Army (MMCA) Several Azerbaijani Government Servers In retaliation for the THT attacks, Monte Melkonian Cyber Army from armenia defaces some Azerbaijani Government servers. Defacement Government CW AZ
4 02/04/2016 RyanDa1338 integratorimarket.it RyanDa1338 hacks integratorimarket.it and dumps 2,015 records with usernames with clear text passwords. Unknown Industry: E-Commerce CC US
5 04/04/2016 APT6 (linked to China) US Government and Commercial Networks FBI unusually warns that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, has compromised and stolen sensitive information from various government and commercial networks since at least 2011. Targeted Attack Government CE US
6 04/04/2016 ? Trump Hotel Collection The Trump Hotel Collection suffers another breach of its credit card system. PoS Malware Industry: Hotel and Hospitality CC US
7 04/04/2016 ? Stanford University Unknown hackers infiltrate the systems of the systems of W-2Express, a third party vendor, and download the W-2 forms of 3,500 Stanford University employees. Account Hijacking Education CC US
8 05/04/2016 ? Mossack Fonseca Apparently the staggering leak of 2.6 TB from law firm Mossack Fonseca known as Panama Papers seems to be due to a hack exploiting a WordPress Vulnerability. WordPress Vulnerability Industry: Legal Services H PA
9 05/04/2016 ? 50 Million Turkish Citizens Turkish authorities investigate the alleged leak of nearly 50 million citizens’ sensitive, personal data (almost two-thirds of the country’s 75 million-strong population). According to reports, a database that was uploaded online appeared to have been stolen in 2009 from a state agency which issues national ID cards. Unknown Government CC TR
10 05/04/2016 ? University of Liverpool University of Liverpool database of 6,500 staff posted on dark web forum. Leaked data includes: name, address and work email addresses. Unknown Education CC UK
11 05/04/2016 ? KIFT KIFT, a Top 40 radio station located in Colorado, is hacked an broadcasts vulgar “furry sex” ramblings. Account Hijacking Radio Station CC US
12 05/04/2016 ? Metropolitan Jewish Health System Metropolitan Jewish Health System notifies members and patients of phishing incident, possibly involving 2,483 individuals. Account Hijacking Healthcare CC US
13 06/04/2016 ? Coinwalllet CoinWallet is forced to shut down their operations by May 1, 2016, after a data breach. Unknown Bitcoin Exchange CC FR
14 06/04/2016 r3dm0v3 watsonsauctioneers.co.uk r3dm0v3 hacks watsonsauctioneers.co.uk and dumps 2,859 records with usernames and clear text passwords. SQLi Online Services CC UK
15 07/04/2016 ? nct.org.uk The National Childbirth Trust, a childbirth charity, apologies to 15,000 new and expectant parents after their registration details were accessed in a “data breach”. Targeted Attack Org: Charity CC UK
16 07/04/2016 Anti-Armenia Team Russian Embassy in Armenia (@rusembassyARM) Azerbaijani hackers from Anti-Armenia Team hijack the Twitter Account of Russian Embassy in Armenia (@rusembassyARM). Account Hijacking Government H AM
17 07/04/2016 ? solen.cz An unknown hacker hacks solen.cz and dumps nearly 5,000 records with usernames and clear text passwords. Unknown Online Services CC CZ
18 08/04/2016 Pyopz mothersenvogue.com Pyopz hacks mothersenvogue.com and dumps 2,382 records with usernames and hashed passwords. SQLi Industry: E-Commerce CC SG
19 09/04/2016 Anonymous Italy and LulzSec Italy Job-seeking portals In name of #OpNessunDorma, the duo Anonymous Italy and LulzSec Italy hacks numerous job-seeking portals and leaks some of their information online. Unknown Industry: Job Seeking H IT
20 09/04/2016 ? Whiting-Turner Whiting-Turner notifies employees of a potential breach to a vendor. Unknown Industry: Construction CC US
21 10/04/2016 @Echoison rochester.edu An unknown hacker dubbed @Echoison claims to have hacked the University of Rochester (rochester.edu) and dumps 5,944 records with usernames and hashed passwords. SQLi Education CC US
22 10/04/2016 TheFamily elifeask.com TheFamily hacks elifeask.com and dumps 1,529 usernames and hashed passwords. Unknown Online Services CC IN
23 11/04/2016 ? Swedish Armed Force Sometimes breaches are discovered after years: the Swedish Armed force reveal that their military computers were hacked and used in an attack targeting major US banks in 2013 Unknown Military CC SE
24 11/04/2016 ? At least 11 sites including marktplaats.nl, the Netherlands equivalent to eBay Some of the Netherlands’ most popular websites fall victim to a malvertising campaign that managed to compromise a widely used ad platform. Malvertising >1 CC NL
25 12/04/2016 Russia Sweden Despite the official reason is a solar storm, Sweden secretly suspects that a hacker group linked to Russian intelligence was responsible for an attack on its air traffic control systems last November. Targeted Attack Government CW SE
26 12/04/2016 The Real Deal NaughtyAmerica.com and affiliates websites including Suite703.com An unknown hacker offers a database containing emails and passwords of 3.8 million of Naughty America porn accounts for a mere $300 Unknown Adult Sites CC US
27 12/04/2016 Cyber Justice Team nans.gov.sy, the Nation Agency for Network Services The Cyber Justice Team has taken responsibility for a big hack of Syrian government networks, which resulted in a massive 43GB data leak online. SQLi Government H SY
28 13/04/2016 ? The Fappening Forum The Fappening Forum is hacked, exposing 179,000 accounts. After the breach the forum is hit by malvertising distributing ransomware. Unknown Forum CC US
29 13/04/2016 ? Olympia School District A phishing attack compromises the identities of more than 2,100 employees of Olympia School DIstrict. Account Hijacking Education CC US
30 13/04/2016 Anonymous Dalhousie University (dal.ca) Anonymous takes down the Dalhousie University website against 2015 rape, demanding punishment for the culprits. DDoS Education H CA
31 14/04/2016 Lizard Squad Blizzard’s Battle.net Blizzard’s Battle.net servers are taken down by a DDoS attack. DDoS Industry: Video Games CC US
32 15/04/2016 ? Janet British government-funded educational network Janet is hit by a DDoS. DDoS Org: Education Network CC UK
33 15/04/2016 ? gamescollection.it An unknown hacker hacks gamescollection.it and dumps 1,274 usernames and hashed passwords. SQLi Online Services CC IT
34 15/04/2016 ? The City of Baltimore The city of Baltimore investigates how the personal information of dozens of city employees was stolen and used to file fraudulent tax returns. Account Hijacking Government CC US
35 15/04/2016 Team System DZ Several Wisconsin’s Richland County Government websites Team System DZ, an Algeria-based hacking team, defaces several Wisconsin’s Richland County Government websites and leaves a defaced page with a message in support of ISIS. Defacement Government H US
36 15/04/2016 ? Innovak International 14 school systems, 3 in Alabama and 11 in Mississippi are impacted by a breach to Innovak International involving employees’ w-2 statements. Unknown Industry: Financial Services CC US
37 15/04/2016 ? Atique Orthodontics, P.A. Atique Orthodontics, P.A. (AOPA) is notifies certain patients about a security incident involving unauthorized access to a computer in its office. Unknown Healthcare CC US
38 15/04/2016 Sn0n jcm.co.uk Sn0n hacks the Journal of Chinese Medicine (jcm.co.uk) and dumps 13,668 records containing clear text passwords. SQLi Online Services CC UK
39 7-8/04/2016 Anonymous OpIsrael Special mention of the month for OpIsrael. Despite the announcements and the intentions, only small local targets were hit (with a few thousands accounts leaked). >1 >1 H IL

 

Leave a Reply

%d bloggers like this: