16-31 May 2016 Cyber Attacks Timeline

It’s time to publish the second part of the Cyber Attacks timeline of May (Part I here), covering the main events between 16 and 31 May 2016.

Two more weeks, two more megabreaches: the total of account siphoned from Tumblr and MySpace exceeds 300 million setting a new unwelcome record. But that was not the only remarkable event for this fortnight, which also revealed the real extent of the SWIFT hack, involving 12 additional banks.

The hacktivists were also quite active in this period: the Anonymous added other targets to their OpIcarus, and also leaked 2 Gb of data from 33 Turkish hospitals. Phineas Phisher, the infamous hacktivist behind the attacks to Hacking Team and Gamma International was back, leaking the details of several cops from the Catalan Police Union (and posting a tutorial on YouTube).

Last but not least, this period also registered several Cyber Espionage operations, such as the attack against RUAG, a Swiss defense contractor (probably orchestrated from Russia) and the operations Stealth Falcon (against Emirati journalists, activists and dissidents) and OilRig (against Saudi Arabian financial institutions and technology organizations).

As usual, scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 05/05/2016 Russia? RUAG The identities of members of an elite Swiss special forces army unit have been revealed in a hack of the RUAG defence contractor Targeted Attack Industry: Defence Contractor CE CH
2 16/05/2016 ? Commercial Bank of Ceylon The Sri Lanka-based Commercial Bank of Ceylon releases a statement admitting that a “hacking attack” on its website resulted in a successful intrusion. However, no customer data has been compromised. Unknown Finance CC LK
3 17/05/2016 ? Several Websites Cyphort Labs unveil the details of a new Angler Campaign targeting 19 Websites, including UltraVNC. JS injection >1 CC >1
4 18/05/2016 ? Phishing Government Websites Netcraft reveals a banking phishing campaign targeting customers of Wells Fargo, Google, and AOL and exploited using Bangladesh Government websites. Account Hijacking Single Individuals CC BD
5 18/05/2016 ? Anti Ukraine Government Separatists Researchers from ESET unveil the details of another cyberespionage operation in Ukraine: Operation Groundbait targeting anti-governative separatists. Targeted Attack Single Individuals CE UA
6 18/05/2016 ? San Juan County San Juan County reports that the information of patients in the county’s DWI treatment program may have been compromised after an attacker gained remote access to one of its computers Unknown Government CC US
7 18/05/2016 Anonymous 33 Turkish Hospitals Hacker(s) claiming to be part of Anonymous post online a link pointing to a 2GB archive containing personal records stolen from 33 Turkish hospitals. SQLi Healthcare H TR
8 18/05/2016 ? Complete Chiropractic & Bodywork Therapies Complete Chiropractic & Bodywork Therapies notifies 4,082 patients after discovering that malware had been injected into their system in November, 2015. Malware Healthcare CC US
9 18/05/2016 ? The Sydney Morning Herald The Age Digital Editions Two Australian-based news websites, belonging to Fairfax Media, The Sydney Morning Herald and The Age Digital Editions, have been hacked and as a result, over 13,000 email subscriber accounts have been leaked online. SQLi News CC AU
10 19/05/2016 ? Noodles & Company Noodles & Company says it has hired outside investigators to probe reports of a credit card breach at some locations. PoS Malware Industry: Restaurant CC US
11 20/05/2016 North Korea? Bank in Ecuador Here’s the third victim of the SWIFT hack: bank in Ecuador was also the victim of a similar attack in 2015 which saw cybercriminals stealing around $9m. Targeted Attack Finance CC EC
12 20/05/2016 ? Fur Affinity Fur Affinity, a community people with an interest in anthropomorphic animal characters such as wolves and foxes is hacked and the hackers may have run off with email addresses and hashed passwords. ImageMagick Vulnerability Forum CC US
13 20/05/2016 ? Ubiquity Networks Ubiquity Networks reveals that an exploit which can lead to completely hijacked network devices is being used in fresh campaigns against its devices. Malware Industry: Networking CC US
14 20/05/2016 Phineas Fisher Sindicat de Mossos d’Esquadra Phineas Fisher, the hacker behind the Gamma International and Hacking Team breaches hacks the Sindicat de Mossos d’Esquadra (the Catalan police union), published personal information about police officers (including their badge numbers), and hijack their Twitter account. SQLi Law Enforcement H ES
15 21/05/2016 ? majorgeeks.com 270,000 reccords from majorgeeks.com appear in the dark web. Unknown Online Services CC US
16 22/05/2016 bRpsd chilisuae.com bRpsd hacks chilisuae.com and dumps 5,584 records. Unknown Industry: Restaurant CC AE
17 22/05/2016 Azmeth burgerking.com.ar Azmeth hacks burgerking.com.au and dumps 4,833 records with usernames and hashed passwords. SQLi Industry: Restaurant CC AR
18 22/05/2016 ? hortinews.co.ke 42,000+ usernames and passwords appear in the dark web. Unknown News CC KE
19 23/05/2016 ? Stamford Podiatry Group Stamford Podiatry Group notifies patients that medical and personal information of 40,000 individuals was compromised in a recent security incident. Unknown Healthcare CC US
20 23/05/2016 Amar^SHG Météo France (meteofrance.com) A hacker who goes by the nickname of Amar^SHG (formerly Kuroi’SH) defaces France’s most visited weather portal, Météo France. Defacement Online Services H FR
21 23/05/2016 Ke3chang Multiple Embassies Around the World FireEye reveals the details of a cyber-espionage group tied to China and called Ke3chang targeting multiple embassies around the world. Targeted Attack Government CE >1
22 23/05/2016 ? raas.com.au An anonymous hacker hacks raas.com.au and dumps 3,456 records with usernames and hashed passwords. SQLi Real Estate CC AU
23 24/05/2016 Attackers from three countries including Saudi Arabia Statistical Centre of Iran The Statistical Centre of Iran is targeted by unknown attackers. Iran tracks the origin of the attack from three Arab countries including Saudi Arabia. Unknown Government CE IR
24 24/05/2016 ? hypergen.ch An unknown hacker hacks hypergen.ch and dumps 22,000 accounts. Unknown Online Services CC CH
25 25/05/2016 ? NS1 Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provide. DDoS Industry: Internet Services CC US
26 25/05/2016 ? Twitter accounts of over 2,500 individuals Twitter accounts of over 2,500 users, including accounts that have a large number of followers, are hacked in the span of two weeks. The hacked accounts appear to have been replaced by pornbots that weet sexual content and post links to adult dating websites. Account Hijacking Single Individuals CC >1
27 26/05/2016 ? scrum.org Scrum.org, the Scrum certification and training site contacts users to warn them of a security breach. Undisclosed Vulnerability Online Services CC US
28 27/05/2016 [email protected] MySpace A hacker hiding behind the email address [email protected] publishes a database containing 360 million records belonging to MySpace. The database is the alleged result of a breach occurred in 2013. Unknown Social Network CC US
29 27/05/2016 ? 12 more banks The investigation into the attempted $1 billion electronic heist at the Central Bank of Bangladesh expands to as many as 12 more banks that all use the SWIFT payment network. Targeted Attack Finance CC >1
30 27/05/2016 ? Reddit A surge in account hijacking and takeovers forces Reddit to reset 100,000 passwords. Account Hijacking Social Network CC US
31 27/05/2016 ? Southeast Eye Institute The Southeast Eye Institute reports a possible data breach after an unauthorized individual gained access to data of 87,000 patients via a third party affiliate.   Unknown Healthcare CC US
32 27/05/2016 ? Fiverr Fiverr suffers Six-Hour DDoS Attack After Removing DDoS-for-Hire Listings. DDoS Online Marketplace CC IL
33 27/05/2016 SonnySpooks paypalsucks.com SonnySpooks hacks paypalsucks.com and dumps 82,169 records with usernames and hashed passwords. Unknown Online Services CC US
34 28/05/2016 Tiger Mate Zameen.com A Bangladeshi hacker going with the handle of Tiger Mate hacks and defaces one of Pakistan’s largest real estate websites Zameen.com. The hacker has also leaks the site’s entire database online. Defacement Real Estate CC PK
35 29/05/2016 Stealth Falcon Emirati Journalists, Activists and Dissidents The University of Toronto reveals the details of a cyber-espionage group codenamed Stealth Falcon, using a combination of home-cooked malware and social engineering tactics to spy on Emirati journalists, activists, and dissidents. Targeted Attack Single Individuals CE AE
36 29/05/2016 OilRig Saudi Arabian financial institutions and technology organizations Researchers from Palo Alto Networks reveal the details of a cyber-espionage campaign named OilRig, targeting Saudi Arabian financial institutions and technology organizations. Account Hijacking Finance Industry: Technology CE SA
37 29/05/2016 ? Transport for NSW Transport for NSW says it is investigating a “compromise” of the TrainLink website’s reservations system, which is since then shut down. The company states that no personal data or credit card has been compromised. Unknown Transport CC AU
38 30/05/2016 Peace Tumblr 65 million passwords of Tumblr are on sell on the underground. The company admitted to have suffered a breach on May 12. Unknown Social Network CC US
39 30/05/2016 @[email protected] Katy Perry’s Twitter Account (@katyperry) Katy Perry’s Twitter account is taken over by a hacker dubbed @[email protected], sending out a series of bizarre Tweets to the pop star’s 89 million-plus followers. Account Hijacking Single Individual CC US
40 30/05/2016 World Hacker Team (WHT) National Oil Corporation of Kenya World Hacker team hacks the National Oil Corporation of Kenya and posted a link online containing the database dump. SQLi Industry: Energy H KE
41 31/05/2016 @FkPoliceAnonOps Spanish Police Department @FkPoliceAnonOps hacks the Spanish Police Department and leaks personal details of 5,000 Spanish police officers online. SQLi Law Enforcement H ES
42 31/05/2016 MitM3R umoveindia.com MitM3R hacks umoveindia.com and dumps 18,416 records with usernames and hashed passwords. Unknown Real Estate CC IN
43 13-19/05/2016 Anonymous 18 banks including, Bank of Scotland, Bank of France, five US Federal Reserve branches Special Mention of the month: In name of OpIcarus, Anonymous affiliated hackers have continued their DDoS campaign on international financial institutions. The hacktivist collective attacked 18 banks between 13 and 19 May. Apart from the New York stock exchange, Bank of Scotland, Bank of France, five US Federal Reserve branches, among others were targeted by the collective. DDoS Finance H >1

Leave a Reply

%d bloggers like this: