1-15 August 2016 Cyber Attacks Timeline

It has been a real cruel infosec summer! At least the first fifteen days of August that have shown a remarkable number of cyber attacks, and an even more staggering number of compromised accounts.

Effectively the month did not start very well: 200 alleged Yahoo! accounts have been published on the Real Deal marketplace by Peace, the same hacker who had previously sold the DB dumps of MySpace and Linkedin.

But this has not been the only mega breach of this fortnight: 15 million Iranian users of Telegram have been compromised by attackers tied with the infamous state-sponsored group Rocket Kitten, 3.7 million customers of Banner Health, an Arizona-based healthcare group, have been equally compromised (unfortunately the trail of massive breaches affecting healthcare continue), and finally, hackers belonging to the Pravy Sector collective have dumped more than 150GB of data from Central Ohio Urology Group.

Other interesting events in cyber crime include the discovery of malware in 20 locations of HEI Hotels & Resorts, the chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels, the hack against Bitfinex, in which hackers made off with $65m worth of Bitcoins (£48m, €57m), creating a turmoil in the value of the crypto currency, and the wave of DDoS attacks orchestrated by the PoodleCorp collective against several video games portals such as Blizzard’s battle.net or the PlayStation Network.

And whereas the Anonymous turned their attentions mainly against Brazil, because of the Olympic Games of Rio2016, the list of cyber espionage operation is really too long to summarize, so I strongly recommend you to scroll down the whole timeline.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/08/2016 Peace Yahoo! Peace, the hacker who has previously sold dumps of Myspace and LinkedIn, lists 200 million supposed credentials of Yahoo users on The Real Deal marketplace. Yahoo confirms to be aware of the claim. Unknown Industry: Internet CC US
2 01/08/2016 North Korea South Korea North Korean hackers gain access to data of dozens of South Korean officials including diplomats and top security personnel. Emails and passwords of as many as 56 people are leaked. Account Hijacking Government CE KR
3 01/08/2016 ? Klimpton Hotels and Restaurants Klimpton Hotels and Restaurants advises guests of a possible credit card breach. POS Malware Industry: Hotel and Hospitality CC US
4 01/08/2016 Anonymous Several websites belonging to Andrej Babis, Czech Republic’s Finance Minister. In name of OpBlokada, the Czech and the Slovakian divisions of the Anonymous ddos the websites of private companies owned by Andrej Babis, Czech Republic’s Finance Minister. Targets include: Agrofert, Hyza, Cepro, Preol, Penam, Uniles, and Wotan Forest. DDoS Government H CZ
5 02/08/2016 Iranian hackers linked to the state-sponsored group Rocket Kitten Iranian Telegram Users Iranian hackers linked to the state sponsored group called Rotten Kitten have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users. Account Hijacking via Telegram Vulnerability Single Individuals CE IR
6 02/08/2016  ? Bitfinex The price of bitcoin plummets after Hong Kong-based digital currency exchange Bitfinex was hit by hackers who stole $65m (£48m, €57m) of the digital currency. Unknown Bitcoin Exchange CC HK
7 02/08/2016 Pravy Sector Central Ohio Urology Group (centralohiourology.com) Pravy Sector, the Pro-Ukraine hacker (or hackers) dump 150 GB of data from the Central Ohio Urology Group. SQLi Healthcare CC US
8 02/08/2016 ? 123-Reg (123-reg.co.uk) 123-Reg is taken down by a massive DDoS attack. DDoS Industry: Web Hosting CC UK
9 02/08/2016 ? Banner Health Arizona healthcare group Banner Health reveals that hackers may have accessed records of 3.7 million of its customers. The attack was initiated on 17 June. Unknown Healthcare CC US
10 02/08/2016 Group5 (linked to Iran) Syrian Dissidents Citizen Lab reveals the details of a new cyberespionage group, appearing to be associated with Iran, which has launched an advanced malware operation targeting Syrian dissidents. Targeted Attack Single Individuals CE SY
11 02/08/2016 Afzal Faizal Unnamed Indian Bank A pro-Pakistani hacker dubbed Afzal Faizal claims to have obtained access to the e-payment system of a nationalized bank Unknown Finance CW IN
12 02/08/2016 PeggleCrew Fosshub (fosshub.com) A hacking crew that goes by the name of PeggleCrew compromises Fosshub and embedded malware inside the files hosted on the website and offered for download. Account Hijacking Online Services CC US
13 02/08/2016 Zurael_sTz parsiva.daba.co.ir An Israeli hacker going by the handle of Zurael_sTz hacks the official website of Iranian Internet services provider Daba and leaks login credentials of thousands of registered users. The total hack should include 52K users, despite only a smaller number of accounts is dumped. Unknown Industry: ISP H IR
14 03/08/2016 PoodleCorp Blizzard’s Battle.net Blizzard’s Battle.net servers are hit by a massive DDoS attack causing latency, connection and login issues across popular games such as Overwatch, World of Warcraft and Hearthstone DDoS Industry: Video Games CC US
15 03/08/2016 PoodleCorp League of Legend (leagueoflegendes.com) And the PoodleCorp collective also claims to have taken down the website of League of Legends (leagueoflegends.com) DDoS Industry: Video Games CC US
16 03/08/2016 ? Romelu Lukaku’s Instagram Account Romelu Lukaku, the Everton footballer is the latest celebrity to have his own Instagram account hacked. Account Hijacking Single Individuals CC BE
17 04/08/2016 ? An Garda Síochána (Irish Police) Police in Ireland launches a probe after a hacker attempted to break into its computer network, forcing officials to temporarily shut down several of their systems to ensure the security of data held on staff and the public Malware Law Enforcement CC IE
18 04/08/2016 China Several targets including the Philippines Department of Justice F-Secure reveals the details of NanHaiShu, a spy campaign aimed at accessing information from high-profile targets involved in the South China Sea dispute. Targeted Attack Government CE PH
19 04/08/2016 Kazakhstan Government? Kazakh Dissidents The Electronic Frontier Foundation reveals the details of Operation Manul, a cyber espionage campaign targeting journalists, political activists and lawyers. Targeted Attack Single Individuals CE KZ
20 04/08/2016 ? Christians Against Poverty (capuk.org) UK debt relief charity Christians Against Poverty notifies supporters following a data breach that exposed personal details including phone and bank account numbers, and banking sort codes. Unidentified hackers broke into the charity’s systems in late July. The intrusion was only detected a week later. Unknown Org: Charity CC UK
21 04/08/2016 Intsights ISIS Forum on the Dark Web Intsights, an Israeli cyber-intelligence firm, claims to have uncovered plans for future ISIS attacks after hacking into an ISIS forum the group had used in the past to plan other attacks. Account Hijacking Org: Terrorism CW N/A
22 04/08/2016 PoodleCorp PlayStation Network The PoodleCorp collective claims to have taken down the PlayStation Network servers. DDoS Industry: Video Games JP CC
23 04/08/2016 PoodleCorp GTAOnline And this time the PoodleCorp collective claims to have taken down the GTA (Grand Theft Auto) website. DDoS Industry: Video Games US CC
24 05/08/2016 ? The Khronos Group (khronos.org) Accounts of employees from Apple, Intel, and Google are exposed after the website of the Khronos Group, a non-profit organization, is hacked. SQLi Org: Non-Profit CC US
25 05/08/2016 ? Smartphone users in China and Japan Bitdefender reveals the details of an Android RAT designed to target smartphones with specific IMEI numbers in China and Japan. Malware Single Individuals CC JP CN
26 05/08/2016 Anonymous Brazil Several Brazilian government websites The online hacktivists of Anonymous Brazil take down several Brazilian government websites to protest against the ongoing Olympics in Rio de Janeiro. Targets include: the official website of the federal government for the 2016 Games (brasil2016.gov.br), Portal of the State Government of Rio de Janeiro (rj.gov.br), Ministry of sports (esporte.gov.br), Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com). DDoS Government H BR
27 05/08/2016 Anonymous Brazil Several Brazilian government individuals In the second phase of their operation, Anonymous Brazil claims to have leaked personal details of Mayor of Rio de Janeiro, Governor of Rio de Janeiro, Minister of Sport, President of the Brazilian Olympic Committee and three businessmen who are allegedly involved in corruption. Unknown Single Individuals H BR
28 06/08/2016 OurMine Alexa Losey Twitter Account The OurMine collective hacks the Twitter account of popular Youtuber Alexa Losey Account Hijacking Single Individuals CC US
29 07/08/2016 Strider Selected targets in Russia, China, Sweden, and Belgium Symantec reveals the details of Strider, a previously unknown group conducting cyber espionage-style attacks against selected targets in Russia, China, Sweden, and Belgium (36 infections across 7 organizations since 2011). The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks. Its code contains a reference to Sauron, the all-seeing antagonist in Lord of the Rings. Targeted Attack >1 CE RU CN SE BE
30 07/08/2016 OurMine Twitter and Quora account of Zach Klein, co-founder of video-sharing website Vimeo The official Twitter and Quora account of Zach Klein, co-founder of video-sharing website Vimeo are hacked by the OurMine collective. Account Hijacking Single Individuals CC US
31 08/08/2016 Carbanak Gang MICROS The Carbanak Gang appears to have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems, and used that access to steal administrative credentials and implant malicious code on 700 terminals. POS Malware Industry: PoS Systems CC US
32 08/08/2016 New World Hackers michaelphelps.com New World Hackers claim responsibility for taking down the personal website of Michael Phelps. DDoS Single Individuals CC US
33 09/08/2016 ? Australian Bureau of Statistics (abs.gov.au) Millions of Australian citizens hoping to take part in the country’s first ever digital census are left frustrated after the website used to complete the survey is taken down by a DDoS attack DDoS Government CC AU
34 09/08/2016 ? PoS Systems Worldwide Panda Labs reveals the details of a criminal group is using compromised LogMeIn accounts belonging to systems running PoS software to access those computers and infect them with the new PosCardStealer malware. PoS Malware >1 CC >1
35 09/08/2016 ? Brant County Health Unit Brant County Health Unit reveals that an unauthorized person gained access to the immunization records of nearly 500 people between July 2015 and October 2015. Unknown Healthcare CC US
36 10/08/2016 ? Dota 2 Forum The forum for the popular online multiplayer game, Dota 2 is hacked and as a result, 2 million accounts are leaked. The Attack was executed on July 10. SQLi (via vBulletin vulnerability) Industry: Video Games CC US
37 10/08/2016 ? Instagram Users Symantec reveals the details of a campaign aimed to hack Instagram accounts, altering profiles with sexually suggestive imagery to lure users to adult dating and porn spam. Account Hijacking Single Individuals CC >1
38 10/08/2016 ? Webcam A Texas mother realizes that someone hacked into a webcam positioned in her two daughters’ bedroom and streamed their private goings-on live online for thousands to watch. Account Hijacking Single Individuals CC US
39 10/08/2016 ? Anderson County Anderson County government officials and the sheriff’s office investigate a possible computer security breach (a “potential system-wide breach” of the main courthouse server) involving 1,800 people. Unknown Government CC US
40 11/08/2016 ? Natwest users Malwarebytes reveals the details of a social engineering campaign carried out on Twitter and made inserting a fake account into a conversation with legitimate support channels. This specific campaign targets Natwest bank accounts. Account Hijacking Single Individuals CC >1
41 11/08/2016 Carbanak Gang 5 PoS Systems manufacturer including Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell Forbes reveals that the Carbanak Gang also breached 5 more cash registers providers. POS Malware Industry: PoS Systems CC US
42 11/08/2016 ? LinkedIn A new lawsuit reveals that data thieves used a massive botnet against LinkedIn to steal members’ personal information via information scraping by fake profiles. Bots Social Network CC US
43 11/08/2016 ? swimming.org.au Swimming.org.au, the swimming Australia’s website is hit by a DDoS attack in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat. DDoS Org: Sport CC AU
44 11/08/2016 Monsoon Group (Indian speaking hackers) Chinese nationals within different industries and government agencies in Southern Asia Forcepoint reveals the details of the Monsoon Group (also known as Patchwork APT, Dropping Elephant, and Operation Hangover), a crew of hackers based in India, who has compromised both Chinese nationals within different industries and government agencies in Southern Asia, as far back as 2013. Targeted Attack >1 CE >1
45 11/08/2016 ? Municipality of Ede The Municipality of Ede reveals to have discovered on July 8th that the personal information of about 3,700 Ede residents has been accessed by unauthorized persons due to a security vulnerability on the municipal site. Unknown Government CC NL
46 12/08/2016 Guccifer 2.0 Democratic Congressional Campaign Committee (DCCC) Guccifer 2.0 leaks a fresh batch of documents, memos and passwords, this time from the Democratic Congressional Campaign Committee (DCCC). They include a spreadsheet of congressional contacts’ phone numbers and email addresses, internal memos and what purports to be documents stolen from the computer of Nancy Pelosi, the highest-ranking Democrat in Congress. Account Hijacking Org: Political Party CC US
47 12/08/2016 ? Major Iranian Oil and Gas Facilities Iran’s Supreme National Cyberspace Council investigates whether a recent string of oil and petrochemical fires were caused by a cyberattack. Targeted Attack Industry: Oil and Gas CW IR
48 12/08/2016 Anonymous Poland World Anti-Doping Agency and Court of Arbitration for Sport (tas-cas.org) A collective associated with the Polish branch of the Anonymous hacks the servers of the World Anti-Doping Agency and Court of Arbitration for Sport (tas-cas.org) and dumps a 412MB file which contains 3,121 unique email accounts along with their passwords. SQLi Org: Sport H INT
49 12/08/2016 ? Valley Anesthesiology and Pain Consultants (VAPC) Valley Anesthesiology and Pain Consultants announces that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. The incident involves approximately 882,590 patients, and all current and former employees and providers. Unknown Healthcare CC US
50 13/08/2016 ? Yulia Stepanova’s WADA Account The World Anti-Doping Agency (WADA) confirms that hackers appear to have accessed the online account of Russian athletics doping whistleblower Yulia Stepanova. Account Hijacking Single Individuals CC RU
51 14/08/2016 ? HEI Hotels & Resorts HEI Hotels & Resorts, the chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels, reveals that the payment systems for 20 of its locations has been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. The malware was discovered in early to mid-June. PoS Malware Industry: Hotel and Hospitality CC US
52 14/08/2016 ? Sage Software A data breach at Sage Software may have compromised personal information for employees at 280 UK businesses. The breach was caused by “unauthorised access” by someone using an “internal” company computer login. The alleged author of the attack, a 32 years old woman, is arrested on August 17. Account Hijacking Industry: Software CC UK
53 15/08/2016 Shadow Brokers The Equation Group An anonymous group calling itself Shadow Brokers publishes what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency known as “The Equation Group”. A further analysis confirms the link with the state sponsored crew. Unknown Government CC US
54 15/08/2016 Queensland Police Service’s Task Force Argos US Tor Users Motherboard reveals that, in 2014, Australian authorities hacked Tor users in the US as part of a child pornography investigation against The Love Zone, a dark web child abuse site. Account Hijacking Single Individuals CC US
55 15/08/2016 Unknown India-based Hackers Several targets Malwarebytes reveals the details of Shakti, a trojan built with the only purpose to steal documents. Targeted Attack >1 CE >1
56 15/08/2016 ? .gov email addresses Unknown attackers launch a massive attack aimed at flooding targeted .gov email inboxes with subscription requests to thousands of email lists. DDoS Government CC US
57 15/08/2016 Kerala Cyber Warriors 50 Pakistan websites In occasion of the Indian Independence Day, Kerala Cyber Warriors deface 50 Pakistani Websites. Defacement >1 CW PK

Leave a Reply

%d bloggers like this: