16-30 November 2016 Cyber Attacks Timeline

It’s time to publish the second Cyber Attacks Timeline of November (Part I here), showing the main cyber incidents occurred between the 16th and the 30th and published in the news.

The decreasing trend that has characterized the last weeks seems over: this fortnight has seen a sharp rise in the number of attacks, and even if no mega breaches were detected, the list includes some remarkable events.

Analyzing the events related to Cyber Crime, the list includes a new massive attack orchestrated via the Mirai botnet, this time against Deutsche Telekom, whose 900,000 customers have been knocked offline. But also the breaches targeting Three Mobile, victim of two hackers (immediately arrested) able to access the customers’ database, and Gorilla Glue, whose 500Gb database has been leaked by The Dark Overlord, are worth to consider. And let’s not forget the gang dubbed Gobalt, who has attacked cash machines in more then a dozen of countries across Europe using the technique known as ‘jackpotting’.

Moving to a different sector (Cyberwar), an important event has been registered in Saudi Arabia (and apparently the outbreak is still ongoing) where a new version of the infamous Shamoon wiper malware (allegedly originating from Iran) has paralyzed eight Governmental institutions including the Central Bank.

The chart also includes a massive campaign against Android users dubbed Gooligan, the return of the infamous Fancy Bear APT group (AKA APT8), and another hack against Mark Zuckerberg’ Pinterest Account.

In any case, as I said earlier, the list is quite long this time, so feel free to scroll it all for the details of the cyber landscape in November.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
117/11/2016?Three MobileThree Mobile admits that hackers have successfully accessed its customer upgrade database after using an employee login. 6 million customers' private information is at risk.Account HijackingIndustry Mobile OperatorCCGB
217/11/2016IranEight Saudi InstitutionsEight Saudi institutions are hit by a destructive Cyber Attack allegedly generating from Iran, carried on using a new version of the infamous Shamoon Malware.MalwareGovernmentCWSA
317/11/2016The Dark OverlordGorilla GlueThe Dark Overlord claims to have stolen a wealth of company and personal information (500Gb) from US adhesive, glue, and tape company Gorilla GlueUnknownIndustry: Adhesive, Glue and TapeCCUS
417/11/2016OurMineMark Zuckerberg's Pinterest AccountOurMine hack Mark Zuckerberg's Pinterest Account and post a message suggesting they could help him with his online security.Account HijackingSingle IndividualCCUS
517/11/2016?Canadian army’s public recruitment website (forces.ca)The Canadian army’s public recruitment website (forces.ca) is hacked and briefly redirects visitors to the official website of the Chinese government.UnknownMilitaryCCCA
618/11/2016Amn3s1a TeamMega.nzThe Amn3s1a Team hacking group releases a data dump containing what the group claims is nearly 2GB of source code stolen from several Mega.nz servers.UnknownFile HostingCCNZ
718/11/2016?AskAn unknown attacker hijack the update mechanism employed by Ask Partner Network (APN) to download suspicious code onto unsuspecting users' PCs.MalwareIndustry: SoftwareCCUS
818/11/2016?Michigan State UniversityMichigan State University announces that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by an unauthorised third party.UnknownEducationCCUS
918/11/2016Kapustkiymobilita.gov.itKapustkiy hacks an Italian Government websites (mobilita.gov.it) and dumps 45,000 records.SQLiGovernmentCCIT
1020/11/2016KapustkiyEastern Indian Regional CouncilKapustkiy breaks into the Eastern Indian Regional Council and accesses the data of 17,000 students.SQLiGovernmentCCIN
1121/11/2016CobaltCash machines in more than a dozen countries across EuropeGroup IB reveals that cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash.MalwareFinanceCCEU
1221/11/2016Kapustkiy and CyberZeistHungarian Human Rights Foundation (hhrf.org)The Hungarian Human Rights Foundation website is hacked and the attackers manage to get access to over 20,000 accounts and personal information, including phone numbers and home addresses.SQLiOrg: Non-ProfitCCHU
1321/11/2016?TheCounterTheCounter, a third party Twitter site was hacked over the weekend and various celebrity and media accounts taken over to promote an “increase Twitter followers” service.Account HijackingSocial NetworkCCUS
1421/11/2016?Atlantis Paradise IslandAtlantis, Paradise Island announces a recent security incident that may have compromised the security of payment information between March 9, 2016 and October 22, 2016.PoS MalwareIndustry: Hotel and HospitalityCCBS
1521/11/2016?USOC (United States Olympic Committee)The U.S. Olympic Committee (USOC) notifies individuals who participated in the 100-Days Out event in April 2016 that their personal information has been acquired by an unauthorized individual who gained access to the email account of a contractor who ran security clearances for the event.Account HijackingOrg: SportCCUS
1622/11/2016?Madison Square GardenMadison Square Garden Co. admits that hackers may have stolen payment card data at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre from Nov. 9, 2015 to Oct. 24, 2016.MalwareIndustry: EntertainmentCCUS
1723/11/2016?US NavyHackers manage to get their hands on personal and sensitive information of over 130,000 US Navy officials after a laptop of an HPE Navy contactor is hacked. The breach was acknowledged on October, 27th.UnknownMilitaryCCUS
1823/11/2016?DeliverooCustomers of takeaway food app Deliveroo have their accounts hacked and run up bills for food that they did not order.UnknownIndustry: Online Food OrderingCCGB
1923/11/2016?MailchimpHackers compromise the Mailchimp database and manage to send out emails containing malicious links to subscribers of various different companies.UnknownIndustry: Email MarketingCCUS
2023/11/2016?Magento One CodingSucuri spots a redirect injected into the Magento One coding, which is used by many ecommerce sites, able to redirect the users to phishing pages.JS redirectionSingle IndividualsCC>1
2123/11/2016Gh0s7Instituto de la Función Registral del Estado México (IFREM)Gh0s7 hacks the Instituto de la Función Registral del Estado México (IFREM) and dumps the entire database.UnknownGovernmentCCMX
2224/11/2016?Prominent journalists and professorsGoogle warns prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered over social media.Targeted AttackSingle IndividualsCE>1
2324/11/2016?Vascular Surgical AssociatesVascular Surgical Associates notifies patients of a hack discovered in September when a compromised vendor password was used to access an internal computer.Account HijackingHealthcareCCUS
2425/11/2016[email protected]Muni (San Francisco's Transit System)Computer systems at San Francisco’s transit system, Muni, are paralyzed following a malware attack. The author of the attack asks for a ransom of $73,000.MalwareUtilityCCUS
2525/11/2016?Financial and government institutions in Asia and AfricaFinancial and government institutions in Asia and Africa have been the victims of targeted cyber-attacks that have leveraged a zero-day in the InPage Word processor in attempts to install keyloggers and backdoor trojans on targeted computers.Targeted AttackFinance GovernmentCE>1
2625/11/2016APT28 (Fancy Bear)Senior anti-doping officials from WADA and USADAThe cyber-espionage group Fancy Bears, strikes again by hacking into the confidential emails of senior anti-doping officials from the World Anti-Doping Agency (Wada) and the United States Anti-Doping Agency (Usada).UnknownOrg: SportCCN/A
2726/11/2016?Deutsche Telekom900,000 Deutsche Telekom customers are knocked off the internet when their routers are hit by a malware attack launched through the Mirai Botnet exploiting a SOAP Remote Execution Vulnerability.MalwareIndustry: ISPCCDE
2826/11/2016Group_Dmarcareers.kna.kw (official website of the Kuwaiti parliament)The official website of the Kuwaiti parliament is defaced by hackers on their parliamentary election day. The hackers deface the main page leaving a message in Arabic accusing Abdul Hamid Dashti, a member of parliament (MP) of being an Iranian agent and urged other MPs to unite against him.DefacementGovernmentHKW
2926/11/2016KapustkiyThe High Commission of Ghana and the High Commission of FijiKapustkiy breaches the websites of the High Commission of Ghana and the High Commission of Fiji.SQLiGovernmentCCIN
3026/11/2016?[email protected]The miscreant behind this extortion attempt against the San Francisco Muni gets hacked himself. The author is an anonymous security researcher, able to compromise the extortionist’s inbox by guessing the answer to his secret question.Account HijackingSingle IndividualN/ARU
3127/11/2016?Valartis BankHackers are blackmailing the customers of Valartis Bank, a Liechtenstein bank, asking victims to send 10% of their funds to a Bitcoin address or have their bank accounts details exposed online,UnknownFinanceCCLU
3228/11/2016?Japanese Defence MinistryKyodo News reveals that the network of the Japanese Defence Ministry was the target of a cyber-attack in September this year.Targeted AttackGovernmentCEJP
3328/11/2016?xHamsterLeakbase reveals that 380,000 user account details for porn site xHamster are being traded on the digital underground.UnknownAdult SiteCC>1
3429/11/2016?Tor UsersTor officials confirm the presence of a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser.Malware (JS Exploit)Single IndividualsCC>1
3529/11/2016?European CommissionThe European Commission (EC) is the target of a distributed denial of service (DDoS) that leads to a breakdown in internet services for hours.DDoSOrg: Politics (EU Institution)CCEU
3629/11/2016?The Carleton UniversityThe computers of the Carleton University are paralyzed by a ransomware attack.MalwareEducationCCCA
3730/11/2016?Android 4 and Android 5 UsersResearchers at Check Point Software Technologies uncover a new malware variant called Gooligan that to date has hacked one million Google accounts worldwide by rooting the user's Android device, at an alarming rate of some 13,000 devices per day.MalwareSingle IndividualsCC>1
3830/11/2016?Android UsersResearchers at Palo Alto Networks reveal the details of a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information.MalwareSingle IndividualsCC>1
3930/11/2016?The National LotteryAbout 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot. However the firm says it does not believe its own systems has been compromised, but rather that the players' login details had been stolen from elsewhere.UnknownIndustry: LotteryCCGB
4030/11/2016?Erasmus UniversityThe Erasmus University is the victim of a breach affecting 270,000 students, whose personal information is compromised.UnknownEducationCCNL

Leave a Reply

%d bloggers like this: