1-15 July 2016 Cyber Attacks Timeline

It’s time to publish the first timeline of July, covering the main cyber attacks occurred between July 1st and 15th, 2016.

I seriously believe, at this point, that 2016 will be inevitably remembered for the number of databases hacked and in several cases popping up in the Dark Web. Every month is bringing new victims, and July is no exception unfortunately (at least the first fifteen days).

The list of the noticeable victims of this month includes: ubuntuforums.org (2 Million accounts leaked), Netia (a Polish ISP that had the entire customer base leaked), Shadi.com (a dating website that suffered the leak of 2M accounts), the media company Penton (5 databases leaked for a total of 1.4 million passwords) and MTN Irancell (this latter is really massive since the leaked data amounts to 20 Million customers).

In the same time: Marissa Mayer and Jack Dorsey joined the hall of shame (both of them had their Twitter account hacked), hacktivists took a summer break as this fortnight just showed a couple of operations (against Zimbabwe and South Africa), and, despite there were several cyber espionage operations, none of them deserved a special mention.

As usual, scroll down the timeline for the details of the events (and be patient this time, since it’s longer than usual), and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/07/2016 ? MTN Irancell Law enforcers in Iran arrest a 19-year-old IT graduate for leaking personal data belonging to 20M ‘MTN Irancell’ customers in an elaborate scheme orchestrated with the help of the smartphone application Telegram. The database was allegedly stolen 3 years ago. Unknown Industry: Telco CC IR
2 01/07/2016 ? Three Unnamed Hospitals TrapX releases a new report revealing the details of three new attacks related to Medjack, an attack that relies on exploiting existing medical devices that run outdated software in order to enter the secure network of a healthcare unit. Targeted Attack Healthcare CC N/A
3 01/07/2016 aLem! Official website of Arizona State, Arizona House of Representatives and Arizona State Legislature A hacked called aLem! defaces the websites of Arizona State, Arizona House of Representatives and Arizona State Legislature. Defacement Government CC US
4 01/07/2016 hackermanfrisch Sovereign Order of Malta A hacker dubbed hackermanfrisch claims to have hacked the website of the Sovereign Order of Malta and leaks 1,786 login credentials in plaintext. Unknown Org: Religion CC N/A
5 01/07/2016 ? DID Electrical (DID.ie) DID Electrical reveals that more than 300 people have had card details stolen after online security breach. The attack happened between June 15 and June 26. Unknown Industry: Retail CC IE
6 01/07/2016 TheDarkOverlord Unknown Healthcare Database TheDarkOverlord puts up for sale a new healthcare database containing the data of about 24,000 patients. Unknown Healthcare CC US
7 03/07/2016 ? North Carolina State University An external attacker uses a phishing scam to break into a North Carolina State University email account containing personally identifiable information of 38,000 individuals. Account Hijacking Education CC US
8 04/07/2016 ? Trillian Cerulean Studios reveal to have discovered a breach affecting their Blog and Forums. The breach affects potentially 3M records and could possibly date back to December 2015. vBulletin Vulnerability Industry: Software CC US
9 04/07/2016 ? Several Danish Companies Researchers at Heimdal Security reveal the details of a spear phishing campaign targeting specifically Danish Business Organizations. Targeted Attack >1 CE DK
10 04/07/2016 PoodleCorp LeafyIsHere YouTube Channel PoodleCorp hacks LeafyIsHere, a popular YouTube Channel with >3M subscribers and defaces the main page. Account Hijacking YouTube Channels CC US
11 05/07/2016 ? topbutton.com The database of topbutton.com is leaked in the Dark Net. Unknown Social Network CC US
12 06/07/2016 Guccifer 2.0 US Democratic Party Guccifer 2.0 leaks more documents from the computer networks of the US Democratic Party and exposes plans to spend more than $800,000 (£614,660) on a “counter-convention” in an attempt to hijack the upcoming Republican National Convention (RNC). Unknown Org: Political Party CE US
13 06/07/2016 OurMine Wikileaks Because of a spat with the Anonymous, OurMine take down the Wikileaks website. DDoS Org: Hacktivism CC N/A
14 06/07/2016 ? Twitter Account for NASA’s Kepler (@NASAKepler) The official Twitter account for NASA’s Kepler (@NASAKepler) is hacked and posts an offending image and a dodgy link. Account Hijacking Government CC US
15 06/07/2016 Anonymous Several Zimbabwe Websites In name of #ZimShutDown2016 or #ShutDownZimbabwe, the Anonymous take down the websites of the country’s official portal (zim.gov.zw), ZANUPF – Zimbabwe African National Union- Patriotic Front (Zanu-PF) and Zimbabwe Broadcasting Corporation (zbc.co.zw). DDoS Government H ZW
16 07/07/2016 Pravyy Sector Netia A Ukrainian hacker going by the handle of Pravy Sektor (right sector) breaches the servers of Poland’s telecom company Netia SA and leak a 14GB file containin customers’ details. SQLi Industry: Telco CC PL
17 07/07/2016 @0x2Taylor Baton Rouge Police (brgov.com) In retaliation for the Alton Sterling killing, a hacker called @0x2Taylor hacks the Baton Rouge city government’s servers and leaks 50,000 Baton Rouge Police records. Account Hijacking Government H US
18 07/07/2016 APT “Patchwork” >1 Cymmetria Research releases a new report about a new APT dubbed “Patchwork” tied to Southeast Asia and the South China Sea, targeting governments and entities around the world including the U.S. Targeted Attack Government CE >1
19 07/07/2016 APT “Pacifier” Several Countries BitDefender reveals the details of “Pacifier”, a malicious actor targeting Romanian institutions and other foreign targets in countries such as Iran, India, the Philippines, Russia, Lithuania, Thailand, Vietnam, and Hungary. Targeted Attack >1 CE >1
20 08/07/2016 ? Datadog Datadog, the software-as-a-service monitoring and analytics platform, is hit by hackers and strongly suggests that customers initiate password resets. Unknown Industry: System Monitoring CC US
21 08/07/2016 uid0 5 databases belonging to the media company Penton (Web Hosting Talk, Mac Forums, HotScripts.com, dBforums, and A Best Web) Someone who goes by the name “uid0” allegedly steals more than 1.4 million passwords, email addresses, and other data from the databases of popular forums including Web Hosting Talk, and Mac Forums and HotScripts, and offers to sell the databases on the dark web underground market The Real Deal for a combined 7.2 bitcoin (approximately $4,752 at the current conversion rate) Account Hijacking Industry: IT Services and Marketing CC US
22 08/07/2016 OurMine Twitter accounts associated with Yahoo boss Marissa Mayer and the site’s co-founder Jack Dorsey OurMine hacks the Twitter accounts associated with Yahoo boss Marissa Mayer and the site’s co-founder Jack Dorsey. Account Hijacking Single Individuals CC US
23 08/07/2016 JokerStash Omni Hotels, Noodles & Company Omni Hotels & Resorts announces that point-of-sale systems at “some Omni properties” were infected with malware designed to collect payment card data, including cardholder names, credit or debit card numbers, security codes and expiration dates. 49 of Omni’s 60 North American hotels were affected, and over 50,000 payment card were leaked online. PoS Malware Industry: Hotel and Hospitality CC US
24 08/07/2016 0x2Taylor Amazon 0x2Taylor claims to have breached the servers of Amazon, and leaks the login credentials of 80,000 Kindle users. The company denies the breach and declares the data was not stolen from its servers and is not legitimate. Unknown Industry: E-Commerce CC US
25 08/07/2016 ? oshoworld.com An anonymous hacker dumps on the Dark Web the database of topcon.com containing 85K records. Unknown Industry: E-Commerce CC CA
26 09/07/2016 ? topcon.com An anonymous hacker dumps on the Dark Web the database of topcon.com containing 21K records. SQLi Industry: Optical Components CC JP
27 09/07/2016 ? ingersollrandproducts.com An anonymous hacker hacks ingersollrandproducts.com and leaks 14K usernames and hashed passwords. SQLi Industry: Mechanical Components. CC US
28 10/07/2016 ? Shadi.com Another Muslim Dating Website hacked. This time it’s the turn of shadi.com, which suffers 2M accounts dumped online, including clear text passwords. Unknown Dating CC US
29 11/07/2016 Anonymous Armscor (armscor.co.za) In name of OpAfrica, hackers affiliated to the Anonymous collective hacks armscor, a Pretoria based arms procurement agency, and leak 63 MB data in HTML files that include invoices numbers, order numbers, invoice amount and other data from Airbus, Thales group, Rolls Royce, EADS, Denel etc. Armscor denies that classified data was stolen though. SQLi Industry: Arms Procurement H ZA
30 11/07/2016 Dropping Elephant Asian Region Kaspersky Lab researchers reveals the details of a threat actor undertaking aggressive cyber espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs. The group is dubbed Dropping Elephant or Chinastrats. Targeted Attack Government CE >1
31 12/07/2016 OurMine HSBC Hacker group OurMine, claims that it temporarily took down the servers of HSBC in the US and the UK. DDoS Finance CC UK
32 12/07/2016 ? UK Network Rail Security firm DarkTrace reveals that four major cyberattacks have been reported on UK railway computer networks over the past year, Unknown Utility: Network Railway CC UK
33 12/07/2016 ? Top Eight Banks in Taiwan including Bank of Taiwan, Chang Hwa Bank, First Bank. The top eight banks in Taiwan have been forced to shut down activity on hundreds of ATMs after a coordinated group of thieves used malware to steal NT$70 million ($2.17m, £1.64m, €1.9m) in cash. Malware Finance CC TW
34 12/07/2016 ? 68 Philippines Government Websites In the same day the permanent court at The Hague rules for Philippines in the dispute against China for the islands in the West Philippine Sea, 69 Philippines Government Websites are taken down by a DDoS attack. DDoS Government CW CN
35 12/07/2016 ? Anhui Women and Children Health Hospital Unknown hackers steal nearly 6,000 private videos of newborn babies and upload them to a video-sharing website. Unknown Healthcare CC CN
36 12/07/2016 TheDarkOverlord Unnamed Healthcare Software Company The Dark Overlord offers the source code, software signing keys, and customer license database for a firm that develops and markets healthcare software. Unknown Industry: Software CC US
37 12/07/2016 SonnySpooks threedollarclick.com fourdollarclick.com sevendollarclick.com In a rage of hacking SonnySpooks hacks threedollarclick.com, fourdollarclick.com and sevendollarclick.com and dumps more than 200K records with usernames and hashed passwords. Unknown Online Services CC PA
38 12/07/2016 SonnySpooks acparadise.com SonnySpooks leaks the entire database of acparadise.com made of 55K records including username and passwords. Unknown Social Network CC US
39 12/07/2016 SonnySpooks pingpong.su SonnySpooks leaks the entire database of pingpong.su made of 57K records including username and passwords. Unknown Industry: E-Commerce CC RU
40 12/07/2016 SonnySpooks wii-records.com SonnySpooks leaks the entire database of wii-records.com made of 18K records including username and passwords. Unknown Online Forum CC CA
41 13/07/2016 China? Federal Deposit Insurance Corporation (FDIC) A report published by the House Committee on Science, Space and Technology found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Unfortunately the Incident was never reported. Targeted Attack Government CE US
42 14/07/2016 ? ubuntuforums.org Popular Ubuntu Forum ubuntuforums.org is hacked and 2 million user details that includes usernames, email addresses, and IP addresses are stolen. SQLi Org: Software CC ZA
43 14/07/2016 Pravyy Sector Poland’s Defence Ministry This time Pravyy Sector threaten to release data stolen from Poland’s Defence Ministry if the government doesn’t pay $50,000. The hackers shows a proof of the data he allegedly accessed. Unknown Government CC PL
44 14/07/2016 Guccifer 2.0 Democratic National Committee (DNC) Guccifer 2.0 leaks more documents reportedly stolen from the computer networks of the Democratic National Committee (DNC), including opposition research, political donor lists and internal memos. Unknown Org: Political Party CC US
45 14/07/2016 ? Steemit Social media site Steemit temporarily shuts down after a major hack. The attackers compromise 260 account make off with $85,000 worth of cryptocurrency. Unknown Social Network CC US
46 15/07/2015 ElSurveillance AfrikaDating.com ElSurveillance continues his #EscortsOffline campaign and leaks 12,738 user records from afrikadating.com. Unknown Escort Services H UK
47 15/07/2015 ElSurveillance AdultSingleSites.com.au In name of the same campaign ElSurveillance leaks 67.118 user records from adultsinglesites.com.au. Unknown Escort Services H AU
48 15/07/2015 ElSurveillance PinkDate.co.uk In name of the same campaign ElSurveillance leaks 67.118 user records from PinkDate.co.uk. Unknown Escort Services H UK

Leave a Reply

%d bloggers like this: