1-15 September 2016 Cyber Attacks Timeline

Autumn is here! And unluckily its winds were not strong enough to sweep off the trail of mega breaches that are really the most remarkable infosec trends of this troubled 2016. Yes, it’s true, this timeline covers only the first two weeks of September and apparently the number of attacks decreased in comparison with the previous two months, however the damage report includes 100 million accounts from Rambler.ru, 43 million from Last.fm, 33 million from QIP.ru, and 2.2 million from ClixSense. Is this enough? Unfortunately not (ask to Yahoo!).

Other remarkable events include the hack of the World Anti-Doping Agency (WADA) by the infamous APT28 (AKA Fancy Bear) with the consequent leak of sensitive data on athletes, and the massive DDoS against Linode.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/09/2016?Last.fmMore than 43 million of user records from UK-based music streaming service Last.fm surfaced from a hack that occurred in 2012. Each record reportedly contains a username, email address, hashed password and profile data.UnknownOnline MusicCCUK
201/09/2016APT32 Hong Kong Government Agencies.Security company FireEye reveals that two Hong Kong government agencies have come under attack from cyberspies originating in China in the month leading up to Sunday’s legislative elections.Targeted AttackGovernmentCEHK
301/09/2016?Btc-E.comLeakedSource reveals that Btc-E.com had 568,355 users hacked in October of 2014. Data contains usernames, emails, passwords, ip addresses, register dates, languages and some internal data such as how many coins the user had.UnknownBitcoin ExchangeCCUS
401/09/2016?Bitcointalk.orgLeakedSource reveals that Bitcointalk.org had 499,593 users hacked in May of 2015. Data contains usernames, emails, passwords, birthdays, secret questions, hashed secret answers and some other internal data.UnknownOnline ForumCCUS
501/09/2016?University of New MexicoOver 1,000 former students and employees of UNM have their identity stolen from a University database. After a month of silence, UNM establishes a call center to assist victims of the incident.UnknownEducationCCUS
601/09/2016?Transmission BitTorrent ClientDevelopers of the Transmission BitTorrent client admitted that hackers replaced downloads of its file-sharing software with trojanized code. The hack, detected within hours, was designed to spread a Mac OS X backdoor, Kidnap, which steals user credentials. It’s unclear how many people were affected.Account HijackingOrg: SoftwareCCUS
701/09/2016Ghost Squad Hackers (GSH)12 websites belonging to the Afghan governmentHacktivist group Ghost Squad Hackers (GSH) defaced 12 websites belonging to the Afghan government.DefacementGovernmentHAF
801/09/2016Expl.oit AKA Exploitexilemod.comA group of hackers going by the online handle of “Expl.oit” or “Exploit” hack the official website of Exile Mod gaming forum and leaks personal details of 11,902 registered users.SQLiOnline ForumCCDE
901/09/2016?manaliveinc.orgThe non-profit organization Man Alive is hacked, and a patient database with sensitive personal and treatment information is put up for sale on the dark web.UnknownOrg: Non-ProfitCCUS
1001/09/2016websites-hunter AKA @websitehunterAl Zahra Private Medical Centre (alzahra.com)The Al Zahra Private Medical Centre is hacked by an individual calling himself websites-hunter, who dumps the database online.UnknownHealthcareCCUAE
1102/09/2016?LinodeLinode reports the first of a series of DoS attacks on September 2nd, September 4th and September 5th. Another round will strike the company on Saturday, September 10th. Some of the attacks lasted up to eight hours.DDoSIndustry: Hosting ProviderCCUS
1202/09/2016?Hutton HotelHutton Hotel reports a breach of its payment card system warning guests that their information may have been compromisedMalwareIndustry: Hotel and HospitalityCCUS
1302/09/2016Anti-Armenia TeamArmenian GovernmentAzerbaijani hacktivists from Anti-Armenia Team leak the passport details of foreign visitors to Armenia and more after breaking into Armenian government servers.UnknownGovernmentHAM
1402/09/2016?LightspeedPoint of sales vendor Lightspeed is breached with password, customer data, and API keys possibly exposed, and notifies customers in an email saying that the information was contained in a compromised databaseUnknownIndustry: SoftwareCCCA
1503/09/2016OurMineVarietyEntertainment news site Variety is briefly taken over by the infamous hacker group OurMine. The hacking collective manages to break into Variety's content management system and defaces the site with a post of their own claiming responsibility for the attack. The group also floods the site's email subscribers' inboxes with dozens of identical emailsAccount HijackingNewsCCUS
1603/09/2016Spain SquadTwitterA group of hackers dubbed Spain Squad claims to have found a way to seize inactive and suspended Twitter accounts, and sells them on the social network.Unknown VulnerabilitySocial MediaCCUS
1703/09/2016MyrotvoretsUkrainian alleged pro-Russian JournalistsMyrotvorets, a group of Ukrainian nationalist hackers, leaks the personal details of local journalists they consider pro-Russian for the second time in four months.Account HijackingSingle IndividualsHUA
1805/09/2016?BrazzersNearly 800,000 accounts for popular porn site Brazzers have been exposed in a data breachUnknownAdult SiteCCUS
1906/09/2016DayKalifRambler.ruNearly 100 million usernames and passwords from the Russian internet giant Rambler surface online in the latest in a long line of hacks that first occurred back in 2012.Unknown VulnerabilityIndustry: Internet ServicesCCRU
2006/09/2016?University of AlaskaUniversity of Alaska officials announces that an attacker using employee credentials may have accessed student information of approximately 5,400 individuals.Account HijackingEducationCCUS
2107/09/2016North Korea?Project on Crowdsourced Imagery Analysis (geo4nonpro.org)Servers belonging to the Project on Crowdsourced Imagery Analysis (PCIA), hosting data about nuclear tests, have been the subject of DDoS attacks just two days before North Korea's most recent nuclear tests.DDoSOrg: Non-ProfitCWUS
2207/09/2016Aslan Neferler Tim or Lion Soldiers TeamVienna AirportAustrian police investigates a failed cyberattack on Vienna's airport saying they are looking into the authenticity of a claim of responsibility from a Turkish nationalist group.UnknownAirportHAT
2307/09/2016?Hutton HotelThe Hutton Hotel says it engaged a third-party cyber security firm after it was notified of a possible breach by its payment processor. The investigation found that malware designed to capture card data had been installed on the hotel's payment processing system.PoS MalwareIndustry: Hotel and HospitalityCCUS
2408/09/2016?EurekAlert! (eurekalert.org)Popular science website EurekAlert!, which handles embargoed reports on health, medicine, and technology is hacked. The announcement in the website states that usernames and passwords to the service have been compromised. The hacker has also leaks two embargoed reports.UnknownNewsCCUS
2508/09/2016?vDoSvDos, a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 DDoS attacks is massively hacked, spilling secrets about tens of thousands of paying customers and their targets.Unknown VulnerabilityDDoS-for-hireCCIL
2608/09/2016?libero.itThe database of the Italian portal libero.it is leaked online (about 750,000 users).UnknownIndustry: ISPCCIT
2709/09/2016?VoIpTalkTelephony provider VolPtalk may have been hit by hackers. The firm discreetly informs customers about a potential data breach and request to reset their passwords as a precautionary measure.UnknownIndustry: TelephonyCCUK
2809/09/2016?KrebsOnSecuritySecurity researcher Brian Krebs' website KrebsOnSecurity comes under "heavy and sustainable" attack after two 18 year-old Israeli hackers were arrested over their connection with a DDoS-for-hire service called vDOS.DDoSNewsCCUS
2909/09/2016Aslan Neferler Tim or Lion Soldiers TeamAustrian National Bank (OeNB.at)Turkish hackers have launched DoS (Denial-of-Service) attacks against the web servers of the Austrian National Bank (OeNB).DDoSGovernmentHAT
3009/09/2016?Almelo.nlHackers steal 22 gigabytes of data from municipal servers in AlmeloUnknownGovernmentCCNL
3110/09/2016DaykalifQIP.ruQIP.ru is the latest organization to join the list of companies hit by mega breaches. A hacker dubbed daykalif dumps a trove of 33 million accounts.UnknownIndustry: SoftwareCCRU
3211/09/2016B0yzTeamBremerton Housing Authority (bremertonhousing.org)A group of cyber criminals defaces the official website of Bremerton Housing Authority (bremertonhousing.org) and demands $4,000 as ransom.DefacementOrg: HousingCCUS
3313/09/2016APT28 AKA Fancy BearWorld Anti-Doping Agency (Wada)The World Anti-Doping Agency (Wada) confirms that a suspected Russian hacking group illegally accessed its 'administration and management system' - known as 'Adams' and stole troves of sensitive data on athletes. Among those targeted are Serena and Venus Williams, gymnast Simone Biles, and American basketball star Elena Delle Donne. Compromised information includes confidential medical data, such as Therapeutic Use Exemptions,Account HijackingOrg: SportCCN/A
3413/09/2016?ClixSensePlaintext passwords, usernames, e-mail addresses, and other personal information for more than 2.2 million people who created accounts with ClixSense are published online. The attackers claim to release additional 4.4 million accounts.UnknownPay-per-clickCCUS
3513/09/2016?Thousands of Seagate NASThousands of Seagate Central network-attached storage (NAS) devices have been found hosting cryptocurrency mining malware called Miner-C which turns them into repositories to infect other devices.MalwareSingle IndividualsCC>A
3614/09/2016?St. Francis Health SystemSt. Francis Health System is hacked and the data is sold on the Dark Web for 24 BTC (14,500 USD, 11,000 GBP, 13,000 EUR)UnknownHealthcareCCUS
3714/09/2016?Empireminecraft.comEmpireminecraft notifies its users of the compromise of one of the staff member's email account. As a result the attacker was able to access confidential information.Account HijackingOnline ForumCCUS
3815/09/2016MuslimLeets (aka Muj4hida)American Human Rights Council (AHRC.org) and 62 other websitesA hacker going by the name MuslimLeets (aka Muj4hida) defaces the American Human Rights Council (AHRC) and 62 other websites, leaving a message calling for jihad.DefacementOrg: Non-ProfitHUS

Leave a Reply

%d bloggers like this: