16-31 July 2016 Cyber Attacks Timeline

Let’s close the timeline of July with the second part of the Cyber Attacks Timeline (Part I here).

There are several macro events that characterized this fortnight: we could simply start from the trail of hacks against the US Democratic Party (4 only in these two weeks). And if this is not enough, these two weeks also featured multiple cyber attacks carried on in the wake of the foiled coup in Turkey (outside the nation such as the DDoS  attacks against Wikileaks and RT.com, but also inside the nation since Wikileaks was crippled while leaking  295,000 emails allegedly hacked from AKP the Turkey ruling party, by an old acquaintance like Phineas Fisher).

And obviously the invasion of Pokemon GO is a massive phenomenon. So massive to attract the unwelcome attentions of the OurMine and PoodleCorp crews, who purportedly took down the server infrastructure in two distint attacks.

The OurMine collective was also involved in other primary Twitter accounts hijacks (Shuhei Yoshida, the president of worldwide studios at Sony, and, John Hanke, the CEO of Niantic, the studio that developed Pokemon GO), but also belonging to Sarah Silverman’s account was hacked in the same period.

And, last but not least, other massive breaches were reported, targeting Interpark, a South Korean E-Commerce Company (10.1 million users affected), and two video games: the forum of Clash of Kings (1.6 million) and Warframe (775,000 users affected).

Even hactivists were quite active (Donald Trump is always a compelling target, in any case scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 14/07/2016 Unknown Agency in India (Airtel?) Cloudflare An unknown agency in India mysteriously hijacks the traffic of local users directed to several websites including The Pirate Bay. Unknown Industry: Internet Service CC IN
2 15/07/2016 Mons Several Pro-ISIS Websites An unknown attacker going by the handle of Mons, takes down several Pro-ISIS websites. DDoS Org: Terrorism H N/A
3 16/07/2016 ? RT.com RT.com is target of a sustained DDoS attack during the coverage of the attempted coup in Turkey. DDoS News CW RU
4 16/07/2016 AnonKeyGen The Websites of the cities of Loon and Panglao Hackers claiming to be Chinese deface the official government portals for two local government units (LGUs) from the Philippines: the cities of Loon and Panglao. The defacements come just days after the Permanent Court of Arbitration at The Hague ruled in favour of the Philippines over the South China Sea dispute. Defacement Government CW PH
5 17/07/2016 ? Library of Congress (loc.gov) The Library of Congress is the target of a 4 days DDoS attack. DDoS Government CC US
6 17/07/2016 PoodleCorp Pokemon GO Servers PoodleCorp hackers claim to have taken down the Pokemon GO Servers. DDoS Industry: Video Games CC JP
7 18/07/2016 OurMine Pokemon GO Servers This time OurMine hackers claim to have taken down the Pokemon GO servers. DDoS Industry: Video Games CC JP
8 18/07/2016 AnonKeyGen Philippines Commision On Audit (COA) The same alleged Chinese hackers deface the official portal of the Commission On Audit. Defacement Government CW PH
9 18/07/2016 ? Road Sign Another example of road sign hacking: someone hacks into the electronic sign in a Cobb County neighborhood (Georgia) and hacks it with anti-police messages. Defacement Road Sign CC US
10 19/07/2016 Phineas Fisher? AKP (Turkey’s ruling political party). WikiLeaks publishes what it’s calling the Erdoğan Emails, a searchable collection of 294,548 emails it says are leaked from the AKP, Turkey’s ruling political party. Unknown Org: Political Party H TR
11 19/07/2016 ? Wikileaks WikiLeaks suffers a sustained DDoS attack after announcing mega leak of Turkey government documents. DDoS Org: Non-Profit CC INT
12 19/07/2016 ? Several websites of major businesses Invincea discovers a major campaign hijacking high profile websites, through the SoakSoak botnet, to deliver the CryptXXX ransomware. Malicious Code Injection >1 CC >1
13 19/07/2016 Undetected Alpine County Superior Court (alpine.courts.ca.gov) A hacker going by the online handle of “Undetected” defaces the official website of Alpine County Superior Court (alpine.courts.ca.gov) posting a message against Donald Trump. Defacement Government H US
14 20/07/2016 Guccifer 2.0 US Democratic Party Guccifer 2.0, the hacker suspected of breaching the US Democratic National Committee releases another trove of internal documents containing financial documents, staff lists, donor records and memos marked as ‘private and confidential’. Targeted Attack Org: Political Party CE US
15 20/07/2016 OurMine Minecraft Account OurMine hackers claim to have gained access to any account linked to the wildly popular world-building video game Minecraft. Account Hijacking Industry: Video Games CC US
16 20/07/2016 OurMine Shuhei Yoshida’s Twitter account (@yosp) OurMine hackers claim to have hijacked the Twitter Account of Shuhei Yoshida, the president of worldwide studios at Sony. Account Hijacking Industry: Entertainment CC JP
17 20/07/2016 ? Warframe User details of 775,000 Warframe users are leaked and sold in the dark web. The breach occurred in November 2014. SQLi via Drupal vulnerability Industry: Video Games CC US
18 20/07/2016 ? Beggars Group Beggars Group, home of independent music labels 4AD, Matador, Rough Trade Records, XL Recordings and Young Turks, warns US customers of a data breach. People who purchased any products from the websites for the aforementioned labels between 28 April 2015 and 4 May 2016 may have been victims of the data breach Unknown Industry: Entertainment CC UK
19 20/07/2016 ? Several E-Commerce Websites Sucuri reveals a new phishing technique that aims to compromise legitimate retail sites through their e-commerce solutions, by adding a short, malicious JavaScript snippet to the code that runs checkout pages. Malicious Code Injection Single Individuals CC >1
20 20/07/2016 Anonymous Brasil Rio Court (tjrj.jus.br) Anonymous Brasil, the Brazil branch of the Anonymous hacker collective launches a DDoS attack against the website (tjrj.jus.br) of the Rio court that banned WhatsApp usage across the country. DDoS Government H BR
21 21/07/2016 ? News 9 (News9.com) Oklahoma’s News 9 website is the victim of a malvertising attack which lasted at least a week. Malvertising News CC US
22 22/07/2016 ? Democratic National Committee (DNC) Wikileaks releases nearly 20,000 emails sent out by senior officials of the Democratic National Committee (DNC). Unknown Org: Political Party H US
23 22/07/2016 North Korea? Interpark Interpark becomes aware that its systems have been infiltrated and that names, addresses and phone numbers of roughly 10.3 million customers have been stolen two months earlier. The authors of the attack come allegedly from North Korea. Targeted Attack Industry: E-Commerce CC KR
24 22/07/2016 ? Clash of Kings Forum An unknown hacker hacks the official forum for popular mobile game “Clash of Kings,” and makes off with close to 1.6 million accounts. The hack was carried out on July 14 vBulletin Vulnerability Online Forum CC US
25 22/07/2016 Anonymous Izmir Gaz In name of #OpTurkey, an unknown member of the Anonymous hacker collective dumps a database online, claiming to belong to Izmir Gaz, a Turkish energy and natural gas provider. Unknown Industry: Energy and Gas H TR
26 22/07/2016 ? Illinois State Board of Elections Online Voter Registration Portal The Illinois State Board of Elections reveals a hack on its online voter registration portal. The hack happened on July, the 12th. Unknown Government CC US
27 22/07/2016 ? Laser & Dermatologic Surgery Center Laser & Dermatologic Surgery Center notifies 31,000 users of a possible compromise of their personal information. Malware Healthcare CC US
28 23/07/2016 ? Several ISPs in Mumbai Several Internet Service Providers in Mumbai are the targets of an unprecedented waves of DDoS attacks. DDoS Industry: Telco CC IN
29 24/07/2016 Ali David Sonboly Selina Akim’s Facebook Account Reports surface that Ali David Sonboly, the eighteen-year-old teenager who opened fire inside a McDonald’s restaurant at the Olympia Mall in Munich, Germany, used a hacked Facebook account to lure victims to the restaurant. Account Hijacking Single Individual CC DE
30 25/07/2016 ? GunMag Warehouse Reports surface of a possible data breach at the magazine clearing house GunMag Warehouse. Undisclosed Vulnerability in the e-commerce platform Industry: E-Commerce CC US
31 25/07/2016 ? Hunting & Fishing NZ (huntingandfishing.co.nz) Hunting & Fishing NZ (huntingandfishing.co.nz) is hacked and urges users to change their passwords. Unknown Industry: Retail CC NZ
32 26/07/2016 OurMine TechCrunch The website of technology outlet TechCrunch is defaced by a the infamous hacking group OurMine. Defacement News CC US
33 26/07/2016 ? Tinder Users Tinder users fall victim of a scam campaign where hackers using bots trick users into paying for adult content. Spam Bot Single Individuals CC >1
34 26/07/2016 ? O2 O2 customers’ data emerges on the dark web. O2 denies the breach, the data is probably obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log onto O2 accounts. Credential Stuffing Industry: Telco CC UK
35 26/07/2016 GP Whitehat Two Gay Porn Websites A self defined “whitehat” hacks two gay porn websites, HotGuysFuck[.]com and GayHoopla[.]com, both owned by the same company, Blurred Media LLC., and dumps 30,000 accounts. Unknown Adult Sites CC US
36 26/07/2016 ? Kimpton Hotels Kimpton Hotels says it is investigating reports of a credit card breach at multiple locations. PoS Malware Industry: Hotel and Hospitality CC US
37 26/07/2016 The Dark Overlord Athens Orthopedic Clinic The Athens Orthopedic Clinic (AOC) in Georgia confirms a breach and notifies patients of a data breach that compromised the personal information of current and former patients. The database was leaked one month before. Account Hijacking (via a third party vendor) Healthcare CC US
38 26/07/2016 ? Shapeways Custom 3D model printing business Shapeways is hacked and notifies customers that the attacker gained access to shipping and email addresses, usernames and hashed passwords. Unknown Industry: 3D Printing CC US
39 27/07/2016 Anonymous Sarah Silverman’s Twitter Account (@SarahKSilverman) After announcing her support to Hillary Clinton, the Twitter Account of Sarah Silverman (@SarahKSilverman) is hacked by an Anonymous member. Account Hijacking Single Individual H US
40 27/07/2016 The Dark Overlord A group of clinics in Farmington, Missouri And a group of clinics in Farmington, Missouri confirms the breach by The Dark Overlord. Targets include: Midwest Imaging Center, LLC; Van Ness Orthopedic and Sports Medicine, Inc.; Mineral Area Pain Center, P.C.; Select Pain & Spine Dr. Christopher T. Sloan, D.P.M Account Hijacking (via a third party vendor) Healthcare CC US
41 28/07/2016 ? Multiple Web Sites Researchers from ProofPoint and Trend Micro unveil the details of a malvertising campaign dubbed AdGholas, which has been found to have targeted one million victims, successfully infecting thousands, everyday. Malvertising Single Individuals CC >1
42 29/07/2016 ? US Democratic Party People familiar with the matter tell Reuters that a computer network used by Democratic presidential nominee Hillary Clinton’s campaign was hacked as part of a broad cyber attack on Democratic political organizations. Hackers had access to the analytics program’s server for approximately five days. Targeted Attack Org: Political Party CE US
43 29/07/2016 ? Democratic Congressional Campaign Committee (DCCC) The FBI investigates a second cyber attack targeting the interests of the US Democratic Party after a breach is reported at the Democratic Congressional Campaign Committee (DCCC), a group that handles donations for democrats running for the US House of Representatives. Targeted Attack Org: Political Party CE US
44 29/07/2016 China 1937CN Vietnam Airlines Airport websites in Vietnam are defaced and the attacks are attributed to China-based hackers, who deface the website of the state-owned Vietnam Airlines. The group says the attack is a “warning message” to Vietnam and Philippines, the countries involved in a dispute over territorial rights in the South China Sea. Apparently the details of 411,000 passengers have been fallen in the hand of the hackers. Unknown Airline CW VN
45 29/07/2016 ? Disney’s Playdom Forum (playdomforums.com) Disney notifies users of its Playdom Forum that hackers have made off with sensitive personal information which could put their privacy and online security at risk. The victims are potentially 356K. Unknown Industry: Entertainment CC US
46 29/07/2016 ? Several Websites Sucuri reveals that several websites using the FreeDNS hosting service from NameCheap have their visitors redirected to malicious, cloned sites via an IP address that once hosted command-and-control servers for the Conficker worm. DNS Hijacking >1 CC >1
47 29/07/2016 ? Prosthetic & Orthotic Care (P&O Care) And also Prosthetic & Orthotic Care (P&O Care) confirms to have been hacked by the Dark Overlord. Undisclosed Vulnerability Healthcare CC US
48 30/07/2016 ? Around 20 state agencies, defence companies and other organisations in Russia Russia’s Federal Security Service, the FSB, claims that a “coordinated attack” has seen spyware infect the computer networks of around 20 state agencies, defence companies and other organisations in the county. Targeted Attack Government CE RU
49 30/07/2016 G4mm4 from Ghost Squad Twitter account of Afghanistan’s Chief Executive Dr. Abdullah Abdullah The official Twitter account of Afghanistan’s Chief Executive Dr. Abdullah Abdullah has been hacked by Ghost Squad. Account Hijacking Single Individual CC AF
50 31/07/2016 OurMine Niantic CEO John Hanke’s Twitter account The latest victim of the infamous collective OurMine is Niantic CEO (the developer of Pokemon Go) John Hanke’s Twitter account. The hackers ask for the release of Pokemon Go in Brazil. Account Hijacking Single Individual CC US

 

Leave a Reply

%d bloggers like this: