1-15 May 2016 Cyber Attacks Timeline

It’s time to review the main cyber attacks of the first two weeks of May, a fortnight that has seen quite a sustained level of activity and has been characterized by two trends: the discovery of several massive breaches, and a  wave of DDoS attacks carried on by hacktivist affiliated to the Anonymous collective and targeting several banks worldwide (codename: OpIcarus).

Regarding the first trend, there have been several noticeable events: a trove of passwords discovered in the dark web (a total of more than 300 million accounts spread in two different leaks and belonging to different services such as Google, Microsoft and mail.ru), and the alleged hack of two additional services (Fling.com, an adult site, and Neopets, a virtual pet community), compromising millions of accounts.

The hacktivist have quite “hacktive” as well (it reminded me the “good old days”). Despite their action has been limited to DDoS attacks, the list of the targets is quite long and includes, among the others, the Bank of Greece and the Bank of England.

Other interesting events include the release of the leak of UAE Investbank, and the discovery of a long-lasting campaign orchestrated by Iranian actors.

As usual, scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 02/05/2016 ? Alpha Payroll Services Alpha Payroll Services notifies that an employee has fallen victim of a phishing scam targeting clients’ 2015 employee W-2 information. Account Hijacking Industry: Payroll Services CC US
2 02/05/2016 ? 70 US military men A group claiming to be British hackers supporting the Islamic State (ISIS) publishes a ‘hit list’ of more than 70 US military men who have allegedly been involved in drone strikes against terrorists in Syria. Unknown Military CW US
3 02/05/2016 Iran Israel Researchers from Palo Alto reveal the details of Infy, a new targeted attack campaign dating back nearly a decade and likely to have originated from Iran. Targeted Attack >1 CE IL
4 02/05/2016 0x2Taylor remotestaff.com.au 0x2Taylor hacks remotestaff.com.au and dumps 99,888 records with usernames and hashed passwords. SQLi Industry: Job Search CC AU
5 03/05/2016 Anonymous Bank of Greece The Anonymous Kick off OpIcarus and take down the Bank of Greece DDoS Finance H GR
6 03/05/2016 ? Union League Club Union League Club says it is working with the FBI to investigate a security breach involving guests’ credit card information. An employee accused to have installed malicious software is fired. Malware Social Club CC US
7 04/05/2016 ? KMOV, WBTV Malwarebytes reveals the details of a malvertising campaign targeting visitors to two TV stations (KMOV and WBTV) affiliated with the American CBS TV network. Malvertising Industry: Broadcast CE US
8 05/05/2016 ? Several databases The discovery of a database containing the details of over 57 million people allegedly hacked by Russian hackers brings to light a massive breach occurred in 2015. Unknown >1 CC >1
9 05/05/2016 ? Several databases Another massive breach discovered. A trove of 272.3 million accounts belonging to several services including mail.ru, Google, Microsoft is put on sold on the dark web. Unknown >1 CC >1
10 05/05/2016 ? Equifax Unknown individuals access Equifax’s W2Express website and steal tax and salary data. Unknown Industry: Financial Services CC US
11 05/05/2016 ? Bay Area Children’s Association Bay Area Children’s Association reports that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider. Malware Org: Non-Profit CC US
12 05/05/2016 ? Neopets Tens of millions of user accounts from virtual pets community Neopets are hacked and traded on the criminal underground. Unknown Virtual Community CC US
13 05/05/2016 Phineas Phisher AKA Hack Back! AKA @GammaGroupPR N/A The hacker behind the notorious attacks against Gamma Group and Hacking Team steals 10.000$ worth in Bitcoins from several victims and donates the money to a Kurdish anti capitalist group called Rojava Plan. Unknown N/A H N/A
14 05/05/2016 Anonymous Central Bank of Cyprus (centralbank.gov.cy) OpIcarus continues and this time the hacktivists of the Anonymous collective take down the Central Bank of Cyprus (centralbank.gov.cy) DDoS Finance H CY
15 05/05/2016 @TehBVM Reddit A black hat hacker dubbed @TehBVM takes over random subreddits, removing moderators, and changing the subreddit’s CSS style, leaving a defacement message behind. Defacement Social Network CC US
16 05/05/2016 ? Saint Agnes Medical Center 2,800 employees of the Saint Agnes Medical Center are impacted by a possible identity theft after scammers got the W-2’s of everyone employed by the hospital. Account Hijacking Healthcare CC US
17 06/05/2016 ? Nulled.IO The Nulled.IO forum is compromised and its data consequently leaked, consisting of a 9.45GB SQL file. SQLi Hacker Forum CC US
18 06/05/2016 Anonymous Boris Dobrodeev Hacktivists from the Anonymous collective leak what could be the email inbox of Boris Dobrodeev, the former boss of Russian social network VK, previously known as VKontakte. Unknown Single Individual H RU
19 06/05/2016 ? Fling.com A hacker called Peace claims to be selling tens of millions of user accounts for adult dating site Fling.com on the dark web, including information on sexual desires, preferences, and other personal details. The data allegedly belongs to a breach happened in 2011. Unknown Adult Site CC US
20 06/05/2016 Bozkurtlar UAE Investbank A 10GB file has been published online that purports to hold sensitive financial data on tens of thousands of customers belonging to UAE Investbank. A Turkish group dubbed Bozkurtlar claims responsibility for the attack. Unknown Finance CC AE
21 07/05/2016 Anonymous Several Banks Worldwide OpIcarus continues and the Anonymous take down other banks across the world, including: The Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives, the Dutch Central Bank, the National Bank of Panama, the Central Bank of Kenya, the Central Bank of Mexico and the Central Bank of Bosnia and Herzegovina. DDoS Finance H DO GG MV NL PA KE MX BA
22 0x2Taylor leoprinting.co.uk 0x2Taylor hacks leoprinting.co.uk and dumps 14,958 transaction records with usernames and hashed passwords. SQLi Industry: E-Commerce CC UK
23 08/05/2016 ? 51Degrees Mobile device detection company 51Degrees reveals to have been hacked. Unknown Industry: Software CC UK
24 09/05/2016 ? Kiddicare Babycare retailer Kiddicare has warned customers that personal data consisting of 795,000 records shared with the store has been stolen by hackers. Unknown Industry: Retail CC UK
25 09/05/2016 ? UserVoice UserVoice admits to have suffered a cyberattack in April which has exposed sensitive data belonging to a small subset of users with administrator or contributor status (0.001%). Unknown Industry: Software CC US
26 09/05/2016 ? PerezHilton.com Cyphort Labs reveal the details of a malvertising campaign targeting PerezHilton.com Malvertising Blog CC US
27 09/05/2016 ? Mayfield Brain & Spine Mayfield Brain & Spine notifies its patients of a fake email containing malware sent to them. The incident affects a total of 23,341 patients. Malware Healthcare CC US
28 09/05/2016 Jimmy deways.com Jimmy hacks deways.com and dumps 24,084 usernames and hashed passwords. SQLi Industry: Car Rental CC FR
29 10/05/2016 Team Pak Cyber Lions Utkal University utkaluniversity.ac.in The Utkal University portal is taken down after it is defaced. Defacement Education H IN
30 11/05/2016 North Korea Hanjin Heavy Industries South Korea points the finger to North Korea after Hanjin Heavy Industries, a navy defence contractor. is hacked. Targeted Attack Industry: Defense CE KR
31 11/05/2016 Pawn Storm German Christian Democratic Union Security Researchers from Trend Micro reveal that Pawn Storm, one of the oldest APTs engaging in cyber espionage, is targeting members of the German Christian Democratic Union (CDU), the political party of German Chancellor Angela Merkel (and also other targets). Targeted Attack Government CE DE
32 11/05/2016 ? Medical Colleagues of Texas Hackers breach the computer network of a doctors’ group in Katy, potentially accessing more than 60,000 medical records and personnel files. Malware Healthcare CC US
33 12/05/2016 shenfenzheng Several Chinese Communist Party Officials and Captains of Industry Personal information on dozens of Chinese Communist Party officials and captains of industry is exposed on Twitter from an account under the name “shenfenzheng”. Unknown Single Individuals CC CN
34 12/05/2016 ? >4000 Journalists More than 4,000 journalists, accused by pro-Kiev activists of “collaborating with terrorists” for their reporting from war-torn eastern Ukraine, have their personal details leaked on a website called Mirotvorets (Pace Keeper). Unknown Single Individuals H >1
35 12/05/2016 ? Unnamed Adult Forum An unnamed porn forum is hacked and details of 100,000 members leaked SQLi Adult Forum CC N/A
36 12/05/2016 ? Besa Hitman-for-Hire Service bRpsd hacks the Dark Web portal of the Albanian mafia group called Besa, and dumps the data online and exposing their hitman-for-hire service. SQLi Online Services CC AL
37 13/05/2016 ? Tien Phong Bank SWIFT confirms a new attack in which attackers managed to illegally transfer funds from a member bank by using its system. Further details, including the bank name are revealed two days after. Targeted Attack Finance CC N/A
38 13/05/2016 Anonymous Bank of England In name of OpIcarus, the Anonymous claim to have taken down the internal email server of the Bank of England Unknown Finance H UK
39 13/05/2016 New World Hackers University of Limpopo New World Hackers (NWH), one of the hacking crews participating in the Anonymous #OpAfrica campaign, leak data obtained after hacking and then defacing the website of the University of Limpopo from the town of Polokwane, South Africa. SQLi Education H ZA
40 13/05/2016 Anonymous BannedOffline Ghost Squad Central Bank of Jordan Central bank of South Korea Bank of Compagnie Monegasque Central Bank of Montenegro Another round of OpIcarus. This time the targets are: Central Bank of Jordan, Central bank of South Korea, Bank of Compagnie Monegasque, Central Bank of Montenegro. DDoS Finance H JO KR FR ME
41 13/05/2016 ? Avention Avention, investigate data breaches affecting personal information of its employees. Account Hijacking Industry: Software CC US
42 13/05/2016 SonnySpooks fijilive.com SonnySpooks hacks fijilive.com and dumps 91,460 usernames and hashed passwords. SQLi News CC FJ
43 14/05/2016 Bozkurtlar Dutch Bangla Bank City Bank Trust Bank Business Universal Development Bank Sanima Bank Commercial Bank of Ceylon The Turkish hacker group Bozkurtlar leaks data allegedly belonging to six international banks: the Dutch Bangla Bank (Bangladesh), The City Bank (Bangladesh), Trust Bank (Bangladesh), Business Universal Development Bank (Nepal) and Sanima Bank (Nepal), and then for the Commercial Bank of Ceylon (Sri Lanka). SQLi Finance CC BD NP LK
44 14/05/2016 Anonymous ncgov.org ncgov.net ncgov.com np.nc.gov governor.state.nc.us northcarolina.gov In name of #OpLGBT, the Anonymous take down a number of government websites in North Carolina. DDoS Government H US
45 14/05/2016 1×0123 Pornhub[.]com Few days after kicking off its bug bounty problem, Pornhub is hacked by an underground researcher who claims to sell the access to a command execution shell for $1000. Undisclosed Vulnerability Adult Site CC US
46 14/05/2016 ? Hi-Tec Sports Hi-Tec Sports notifies customers about a compromise affecting its online ordering system and payment card data. Malware Industry: Sportswear CC NL
47 15/05/2016 GhostShell Several Targets GhostShell, is back with a new leak as part of his new campaign called Light Hacktivism. His new leak after a few months of silence involves a list of 32 websites from where the hacker has taken readily available data containing sensitive information. Misconfigured FTP Server >1 H >1
48 15/05/2016 ? Gatecoin Hong Kong-based Bitcoin and Ethereum exchange service Gatecoin announces the theft of a large amount of cryptocurrency following what they believe was a server intrusion. The company says it lost 250 Bitcoin ($114,500) and 185,000 Ethereum ($1,850,000), totaling over $2,000,000. Unknown Bitcoin Exchange CC HK
49 15/05/2016 Anonymous Bank of France Central bank of the United Arab Emirates Central Bank of Tunisia Central Bank of Trinidad and Tobago Philippine National Bank Other targets taken down in name of OpIcarus DDoS Finance H FR AE TN TT PH

Leave a Reply

%d bloggers like this: