1-15 June 2016 Cyber Attacks Timeline

It’s time to publish the fist timeline of June. I know that the latest timelines are published a little bit late, however this month the number of registered attacks is considerably higher than the average.

Is it maybe a consequence of the trail of mega breaches that seems endless and continued in this month? Probably it is, since the list of the victims include: Badoo, VK.com (100 million records), Twitter (32 million), iMesh (51 million), several forums hosted by Verticalscope (45 million), and JTB (8 million).

Another interesting trend of this month concerns the hijacking of Twitter accounts, which made some famous victims such as Keith Richards, Mark Zuckenberg, Kylie Jenner and Drake.

And while the Anonymous continued their OpIcarus (actually it entered phase II dubbed Project Mayhem), the chronicles also report some interesting cyber espionage events, such as a new advanced malware, whose modus operandi closely remind Stuxnet (dubbed Irongate), the return of the Gaza Hacker Team crew, yet another massive operation against South Korea carried on by Pyongyang, and the hack of the Democratic National Committee allegedly carried on by Russian speaking attackers.

As usual, scroll down the timeline for the details of the events (and be patient this time, since it’s longer than usual), and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

 ID Date Author Target Description Attack Target Class Attack Class Country
1 01/06/2016 ? scrum.org Scrum.org contacts users to warn them of a security breach. Unknown attackers took control of their web server to hijack initial password configuration emails. Undisclosed Vulnerability Org: Software CC US
2 01/06/2016 ? Several Road Signs in the US A number of road signs in the US falls victim to a politically-motivated ‘hack’ attack after being altered to show messages relating to presidential candidates Donald Trump and Bernie Sanders. Unknown Road Signs CC US
3 01/06/2016 ? Saudi Arabia A new strain of Android spyware is identified that specifically targets security professionals in Saudi Arabia seeking jobs within the government and military. The malware is dubbed Android/ChatSpy. Targeted Attack Government CE SA
4 01/06/2016 Ghost Squad Hackers news.cnn.com mail.cnn.com Members of the Ghost Squad Hackers team, one of Anonymous’ former subdivisions, take down CNN and FOX News as part of a new hacktivism campaign dubbed OpSilence. DDoS News H US
5 02/06/2016 ? Badoo User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth. Unknown Social Network CC CN
6 02/06/2016 ? Taiwan’s ruling Democratic Progressive Party (DPP) The website of Taiwan’s ruling Democratic Progressive Party is under attack from cyber spies seeking to profile visitors to the site, part of a campaign to get information about the party’s policies following its election victory in January. Targeted Attack Org: Political Party CE TW
7 02/06/2016 ? 10,000 WordPress Websites More than 10,000 WordPress websites are infected by attackers exploiting an unpatched vulnerability in a widely used plugin called WP Mobile Detector, security researchers warned. WordPress Plugin Vulnerability >1 CC >1
8 02/06/2016 Anonymous London Stock Exchange (LSE) Hackers affiliated to the Anonymous collective claim to have taken down the London Stock Exchange in name of OpIcarus. DDoS Finance H UK
9 03/06/2016 ? >1 FireEye threat researchers discover a complex malware instance that borrows tricks from Stuxnet and is specifically designed to work on Siemens industrial control systems. The malware is dubbed “Irongate”. Targeted Attack >1 CE N/A
10 03/06/2016 ? CiCi’s Pizza CiCi’s Pizza, an American fast food business with more than 500 stores in 35 US states, appears to be the latest restaurant chain to struggle with a credit card breach. PoS Malware Industry: Restaurant CC US
11 03/06/2016 Anonymous Wesizwe In name of #OpAfrica, the Anonymous dump online data claimed to come from a database obtained from Wesizwe. SQLi Industry: Mining H ZA
12 03/06/2016 NullSploit skoolikit.co.uk NullSploit hacks skoolikit.co.uk and dumps 35,195 records Unknown Industry: E-Commerce CC UK
13 04/06/2016 GhostShell 110 MongoDB Servers GhostShell leaks a collection of database dumps, which he claims he obtained from 110 misconfigured MongoDB servers (36 million user records). MongoDB Vulnerability >1 CC >1
14 04/06/2016 ? TeamViewer Users of the remote login service TeamViewer report their computers have been ransacked by attackers who somehow gained access to their accounts. Account Hijacking Industry: Software CC DE
15 04/06/2016 ? BitGo A massive DDoS attack hits BitGo, a service that describes itself as the most secure Bitcoin wallet solution available today. DDoS Bitcoin Wallet CC US
16 04/06/2016 bRpsd wtspy.com bRpsd hacks wtspy.com and dumps 244,487 records. Unknown Industry: Software CC US
17 05/06/2016 Pakistan India FireEye security researchers discover a new wave of attacks against Indian government officials, linked to Pakistan. Targeted Attack Government CE IN
18 05/06/2016 ? Keith Richards Twitter Account (@officialKeef) Keith Richards has his Twitter account hacked. Account Hijacking Single Individual CC UK
19 05/06/2016 ? Tenacious D Twitter Account (@RealTenaciousD) Tenacious D, Jack Black’s music group, have their Twitter Account hacked and post the fake news of Jack Black’s death. Account Hijacking Single Individuals CC US
20 05/06/2016 ? Sh0ping[.]su Sh0ping[.]su, a platform known for selling stolen accounts on the dark market is hacked. The attackers leak 16,000 stolen accounts, 15,000 accounts taken from other sites, and 9,000 credit cards. Unknown Dark Market Platform CC N/A
21 05/06/2016 ? myrepospace.com myrepospace.com database, made of 252,951 records is dumped on the dark net. Unknown Online Services CC AU
22 06/06/2016 Tessa88 VK.com Russian social networking site VK.com appears to have been breached in 2012 with hackers selling some 100 million records for a mere US$580 in Bitcoins. Unknown Hacker Forum CC RU
23 06/06/2016 @2aiden3 Drake’s Twitter account (@Drake) Drake’s Twitter account was taken over by an account called @2aiden3 Account Hijacking Single Individual CC US
24 06/06/2016 ? Kylie Jenner’s Twitter account (@KylieJenner) Kylie Jenner is the latest celebrity to have her Twitter account hacked. Account Hijacking Single Individual CC US
25 06/06/2016 OurMine Team Mark Zuckerberg’s Twitter and Pinterest Accounts A hacker or hacking group going by the name of “OurMine Team” briefly takes control of Facebook chief Mark Zuckerberg’s Twitter and Pinterest accounts, apparently using information from a major LinkedIn security breach that occurred in 2012. Account Hijacking Single Individual CC US
26 07/06/2016 ? Twitter The same hacker who had links to the recent MySpace, LinkedIn, and Tumblr data breaches, claims to have obtained a database from Twitter, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.Tessa88 is selling the cache for 10 bitcoins, or about $5,820 at the time of writing. Unknown Social Network CC US
27 07/06/2016 ? Lorrie Cranor Lorrie Cranor, FTC’s chief technologist gets her mobile phone number hijacked by ID thief Account Hijacking Single Individual CC US
28 07/06/2016 ? US visa applicants in Switzerland F-Secure reveals the details of a campaign targeting US visa applicants in Switzerland. The unknown malware is called Qarallaz RAT or QRAT, and is being distributed via Skype by an unknown entity posing as a US government official Targeted Attack Single Individuals CC CH
29 07/06/2016 ? George Harrison Twitter Account (@GeorgeHarrison) George Harrison’s Twitter account is hacked but the hacker didn’t know he was dead. Account Hijacking Single Individual CC UK
30 08/06/2016 ? @NFL Twitter Account Online miscreants take over the National Football League’s Twitter account and usedit to falsely report the death of league commissioner Roger Goodell. Unknown Org: Sport League CC US
31 08/06/2016 ? Castorama French DIY goods store Castorama pull its website offline after unknown attackers manipulated the site search function to suggest rude versions of household appliances. Unknown Industry: Retail CC FR
32 08/06/2016 ? UTorrent Forum Hackers obtain 34,000 user accounts for the UTorrent forum of popular data trading software BitTorrent Unknown BitTorrent CC N/A
33 09/06/2016 Anonymous bilderbergmeeting.org In name of Project Mayhem, the phase 3 of OpIcarus, the Anonymous take down the official website of the Bilderberg Group, a controversial and highly secretive conference held with the so-called ‘political elite’ alongside experts from academia and finance. DDoS Org: Finance H IE
34 09/06/2016 Anonymous sibex.ro (Romania Stock Exchange) As part of the same operations, the Anonymous take down the Romania Stock Exchange (sibex.ro). DDoS Finance H RO
35 09/06/2016 NSA Unknown Government-Linked Louisiana Database A hacker under the pseudonym NSA puts on sale on the dark web a database that purports to hold over a quarter of a million driver licence records compromised from a government-linked databases in Louisiana, United States. Unknown Government CC US
36 09/06/2016 United Cyber Caliphate Thousands of Individuals The United Cyber Caliphate (UCC) releases its latest “kill list”. The list, which targets thousands of individuals and includes crucial personal information such as names and addresses, is believed to be the longest ever published by an Isis-affiliated group. Unknown Single Individuals CW >1
37 09/06/2016 ? DAC Group DAC Group suffers a security breach resulting in data theft of 93,000 customer accounts. The data also contains 77,000 accounts from State Farm, an Insurance company. Unknown Industry: Digital Content and Marketing CC CA
38 10/06/2016 ? DeRay Mckesson’s Twitter Account (@deray) Black Lives Matter activist and politician DeRay Mckesson has his Twitter account hacked. Account Hijacking Single Individual CC US
39 10/06/2016 Caliphate Cyber Army Arkansas Library Association The Caliphate Cyber Army (CCA) leaks details of 800 library workers from the Arkansas Library Association (ALA). Unknown Org: Culture CW US
40 10/06/2016 Faisal 1337 Karnataka State Police ksp.gov.in The official website of the Karnataka State Police (ksp.gov.in) is defaced by a Pakistani hacker dubbed Faisal 1337 from Team Pak Cyber Attackers. The hackers posts a Pakistani flag on the home page and some provocative messages. Defacement Law Enforcement CW IN
41 11/06/2016 WauchulaGhost Pro-ISIS Twitter Accounts Anonymous member WauchulaGhost reveals to have taken over Twitter accounts for ISIS supporters and defaced them with adult-themed images. Account Hijacking Org: Terrorism H N/A
42 11/06/2016 Gaza Hacker Team Government ClearSky reveals its first report about Operation DustSky, which sets the comeback of the Gaza Hacker Team with a new wave of attacks against Israel, US, Palestine, Egypt and Saudi Arabia. Targeted Attack Government CE >1
43 11/06/2016 MuhmadEmad eir.dell.com eir.dell.fr eir.dell.ie eir.dell.co.uk and eir.dell.nl A Kurdish hacker using the name MuhmadEmad defaces five Dell subdomains and leaves anti-Turkey and anti-ISIS messages on the sites. Defacement Industry: Computer Hardware H US FR IE UK NL
44 11/06/2016 Romantic Intruder 8 Indian Government Websites Two Pakistani hackers dubbed Romantic and Intruder deface eight Indian government websites including the Embassy of India in Turkey, the embassy of India in Greece, the embassy of India in Mexico, the consulate General of India in Brazil, the embassy of India in Romania, the Embassy of India in Tajikistan, and the High Commission of India in South Africa. Defacement Government CW IN
45 12/06/2016 ? University of Greenwich (gre.ac.uk) In what looks like an act of revenge from an ex-student or staff (still unclear) the server of Greenwich University is breached and completely leaked online. Unknown Education CC UK
46 12/06/2016 ? South African Broadcasting Corporation The South African Broadcasting Corporation (SABC), the country’s official state news broadcaster, confirms that it suffered a wave of cyberattacks orchestrated by a hacktivist aligned with the Anonymous collective. DDoS Industry: Broadcast H ZA
47 12/06/2016 W0rm forum.onverse.com W0rm hcks forum.onverse.com and dumps 6.051 accounts. Unknown Online Forum CC US
48 13/06/2016 North Korea South Korea North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival. The hacking began in 2014 and was detected in February. Targeted Attack >1 CW KR
49 13/06/2016 ? iMesh 51 Million user accounts for iMesh, a now defunct file sharing service, are put on sale on the dark web. Unknown File Sharing CC US
50 13/06/2016 ? Thousands legitimate websites Imperva researchers discover a long-running campaign that has been exploiting vulnerabilities in thousands of legitimate websites to increase SEO results for illicit websites. SEO Poisoning >1 CC >1
51 14/06/2016 Guccifer 2.0 (Russian affiliated hackers) Democratic National Committee Russian government hackers penetrate the computer network of the Democratic National Committee and gain access to the entire database, dumping a 231-page document purporting to be opposition research into Donald Trump. Unknown Org: Political Party CW US
52 14/06/2016 ? Github Someone using what appears to have been a list of e-mail addresses and passwords obtained from the breach of “other online services” makes a massive number of login attempts to GitHub’s repository .service. Brute Force Industry: Software CC US
53 14/06/2016 ? Several forums hosted by VerticalScope An unknown hacker steals tens of millions of accounts from over a thousand popular forums. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope. Unknown Industry: Media CC CA
54 14/06/2016 SkyNetCentral ikhwanweb.com (Muslim Broterhood English Website) A hacker going by the handle of SkyNetCentral conducted a series of distributed denial-of-service (DDoS) attack on the official website of Society of the Muslim Brothers or Muslim Brotherhood. The attacker also hacks some data. DDoS Org: Religion CC US
55 14/06/2016 Sofacy (APT) US Government Palo Alto Networks reveals the details of a cyberespionage group called Sofacy, which has launched a fresh attack against the US government, using a “new persistence mechanism” designed to help evade detection. Targeted Attack Government CE US
56 14/06/2016 Anonymous Africa EFF ZANU-PF Anonymous Africa takes down EFF and ZANU-PF, two black nationalist political parties in South Africa and Zimbabwe. DDoS Org: Political Party H ZA ZW
57 14/06/2016 ? Vermont Department of Fish and Wildlife (FWD) The Vermont Department of Fish and Wildlife (FWD) posts a notice for a suspected security breach related to the on-line purchase of licenses and tags from the Department. Unknown Government CC US
58 15/06/2016 ? >1 Kaspersky Lab researchers investigate xDedic marketplace, a global forum where cybercriminals sell access to compromised servers for as little as $6 each. The forum appears to be run by a Russian-speaking group and lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. Unknown >1 CC >1
59 15/06/2016 ? JTB Japan’s major travel agency JTB admits to have suffered a cyberattack which it fears has led to the theft of data belonging to 7.93 million users. Unknown Industry: Travel Agency CC JP
60 15/06/2016 ? Acer Acer informs the California attorney general that its online store was attacked by hackers. An unauthorized outside party has taken a year’s worth of full credit card data, names and addresses between mid-May 2015 and late-April this year. Unknown Industry: Computer Hardware CC TW
61 15/06/2016 Mofang (China) >1 Fox-IT reveals the details of Mofang (“to imitate” in Chinese), a newly discovered cyber-espionage group that targeted various countries around the globe since February 2012, when the group’s main malware, called ShimRat, was found the first time. Targeted Attack Bitcoin Exchange CE >1

Leave a Reply

%d bloggers like this: