1-15 December 2016 Cyber Attacks Timeline

It’s time to publish the first cyber attack timeline of December, covering the main cyber attacks occurred between the 1st and the 15th.

With regards to Cyber Crime, the most important events of this fortnight are probably the news related to the alleged hack against the Central Bank of Russia, happened in an unspecified date of 2016, and ensuring a bounty of the equivalent of $31 million to the attackers, and the mega breach affecting the 82.5 million users of Dailymotion. Other “minor” breaches impacted Shiseido (420,000 customers involved), Health Solutions (35,000 records), Quest Diagnostic (34,000 records), and Kagoya (50,000 users affected).

And while SWIFT revealed that it is still warning banks of a new wave of attacks, the Mirai botnet was also quite active: thousands of customers from TalkTalk, the UK Post Office and Eircom have lost their internet in the wake of yet another attack carried on by this IoT-powered botnet.

ThyssenKrupp was also on the spot, when the news emerged of a sophisticated attack starting earlier in February 2016 and discovered only in April of the same year. This was not the only important event in Germany, since the domestic intelligence agency reported an increase in targeted cyber attacks against political parties.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/12/2016LegionRahul Gandhi Twitter accountThe Twitter account of Rahul Gandhi, the heir of the Indian National Congress Party, India's oldest political party, is hacked.Account HijackingSingle IndividualsCCIN
201/12/2016?TalkTalkThousands of TalkTalk customers have their internet access cut by an attack targeting their internet routers.MalwareSingle IndividualsCCGB
301/12/2016?Post OfficeThousands of TalkTalk and Post Office customers have had their internet access cut by an attack targeting certain types of internet routers.MalwareSingle IndividualsCCGB
401/12/2016?Channel 2 and Channel 10Two main news channels in Israel were hacked and the attackers broadcasted a 30-second clip showing images of Muslim holy sites and Quranic scriptures.UnknownIndustry: TV BroadcastCCIL
502/12/2016?Central Bank of RussiaThe Central Bank of Russia confirms that in 2016 unknown hackers stole 2 billion rubles, equivalent to $31 million from accounts of the Central Bank.Account HijackingGovernmentCCRU
602/12/2016Football LeaksProfessional Football PlayerA group called Football Leaks dumps 1.9 terabytes of data, covering 18.6 million private documents, related to professional football player. The documents are handed over to the German publication Der Spiegel.UnknownSingle IndividualsCCEU
702/12/2016?Shiseido Co.Japanese cosmetics maker Shiseido Co. says that the online store run by subsidiary IPSA Co. has suffered illegal access and that personal information on about 420,000 customers may have leaked as a result.MalwareIndustry: CosmeticsCCJP
802/12/2016?Health SolutionsThe website of Health Solutions, one of the largest diagnostic laboratories in India, is breached, with hackers accessing a database that included no less than 35,000 medical records, including HIV reports for registered patients.UnknownHealthcareCCIN
902/12/2016Kapustkiycatropaejb.com.veKapustkiy hacks a website belonging to the Venezuelan army (catropaejb.com.ve) and exposes a total of 3,000 accounts.UnknownMilitaryCCVE
1003/12/2016AppState LeaksAppalachian State UniversityA group called AppState Leaks releases the data of 1,768 student from Appalachian State UniversityUnknownEducationCCUS
1104/12/2016?Intercom Wireless Frequency System of McDonald’s at the New Bern, N.CThe Intercom Wireless Frequency System of McDonald’s at the New Bern, N.C is hacked and broadcast unexpected messages to customers.UnknownIndustry: RestaurantCCUS
1204/12/2016KapustkiyNational Assembly of Ecuador (asambleanacional.gob.ec)Kapustkiy breaches the National Assembly of Ecuador and leaks the data via PasteBinSQLiGovernmentCCEC
1305/12/2016?DailymotionAn unknown hacker extracts 85.2 million unique email addresses and usernames from video-sharing site Dailymotion, one of the biggest video platforms in the world.UnknownVideo HostingCCFR
1405/12/2016?Eir TelecomEir warns customers that 2000 of its modems have been compromised by the Mirai botnet.MalwareSingle IndividualsCCIE
1505/12/2016Jonathan Ly (Expedia senior IT technician)ExpediaA former Expedia IT professional admits to illegally trading on secrets he discovered by hacking his own company's senior executives.Account HijackingIndustry: Travel TechnologyCCUS
1605/12/2016?Scottish Football AssociationThe Scottish Football Association issues a warning to fans after supporters received an email supposedly from the Scotland Supporters Club with an invoice for £170.Unknown (third party DB Hacked?)Org: SportCCSCOT
1706/12/2016?Bo ShenAn unknown hacker steals at least $300,000 in Augur and Ether cryptocurrency from Bo Shen, the founder of venture capital firm Fenbushi Capital, and one of the early adopters of many of today's cryptocurrencies.Account HijackingSingle IndividualsCCCN
1806/12/2016?State Treasury Service of Ukraine (treasury.gov.ua) and Ministry of FinanceThe Website of the State Treasury Service of Ukraine redirects the users to www.whoismrrobot.com. Also, the website of the Ministry of Finance of Ukraine experiences a service disruption.DNS HijackingGovernmentCCUA
1906/12/2016North KoreaSouth KoreaNorth Korea appears to have hacked South Korea's cyber command in what could be the latest cyberattack against Seoul.Targeted AttackGovernmentCEKR
2006/12/2016AdGholasPopular news websitesESET reveals the details of a massive malvertising campaign using the Stegano Exploit Kit carried on by a group dubbed AdGholas.MalvertisingSingle IndividualsCC>1
2106/12/2016?VTBState-Owned Russian Bank VTB reveals to have been targeted by hackers with a DDoS attack.DDoSFinanceCCRU
2206/12/2016?University of Wisconsin-Madison Law SchoolThe University of Wisconsin-Madison Law School reveals that a database containing Social Security numbers and name pairs od 1,213 Law School applicants for 2005-’06 was hacked last monthUnknownEducationCCUS
2307/12/2016ChinaUS Law FirmsA series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune.Targeted AttackLaw FirmsCCUS
2407/12/2016Kapustkiy and Kasimierz LArgentinian Ministry of Industry (Ministerio de Produccion, produccion.gob.ar)Kapustkiy and Kasimierz L, hack the website of the Argentinian Ministry of Industry (Ministerio de Produccion) and expose 18,000 accounts.SQLiGovernmentCCAR
2508/12/2016?ThyssenKruppThyssenKrupp reveals that in February of this year, hackers infiltrated its computer systems and stealthily carried out an espionage operation that reportedly managed to avoid detection until April.Targeted AttackIndustry: SteelCEDE
2608/12/2016Russia?GermanyGermany's domestic intelligence agency reports a striking increase in Russian propaganda and disinformation campaigns aimed at destabilizing German society, and targeted cyber attacks against political parties.Targeted AttackGovernmentCEDE
2708/12/2016?KagoyaKagoya, a famous hosting service provider in Japan suffers a security breach in which personal and financial data of its customers is stolen. In an email to their customers, Kagoya states that the attack affected about 50,000 customers who used their credit cards between April 1, 2015, to September 21, 2016.Command InjectionIndustry: Hosting ProviderCCJP
2809/12/2016LegionVijay MallyaIndian tycoon Vijay Mallya's Twitter account appears to have been hacked. The alleged hackers hijack Mallya's account and are currently leaking the industrialist's personal and sensitive informationAccount HijackingSingle IndividualsCCIN
2909/12/2016LegionBarkha Dutt and Ravish Kuma Twitter AccountsThe Legion collective hack the Twitter accounts of Barkha Dutt and Ravish Kumar, two prominent journalists with Indian NDTV news channel.Account HijackingSingle IndividualsCCIN
3009/12/2016Carbanak GangGlobal hospitality industryThe infamous Carbanak Gang resurfaces with renewed vigour. The cybergang now goes after the global hospitality industry.Targeted AttackIndustry: HospitalityCC>1
3112/12/2016?SWIFTReuters reveals that SWIFT is still warning banks of the escalating threat to their systems, which is becoming "persistent, adaptive and sophisticated".Targeted AttackFinanceCCN/A
3212/12/2016Kapustkiyambru.nlKapustkiy claims to have stolen thousands of passport numbers and other pieces of personal information from the website of a Russian consular department (ambru.nl)SQLiGovernmentCCRU
3312/12/2016?Quest DiagnosticsQuest Diagnostics says it is investigating a recent hack that exposed the personal health information of about 34,000 people. An “unauthorized third party” gained access to names, dates of birth, lab results and, in some cases, telephone numbers on Nov. 26 through the mobile health app MyQuest.Mobile App VulnerabilityHealthcareCCUS
3412/12/2016?KFCKFC warns its 1.2 million Colonel's Club loyalty scheme members that their data may have been breached after its website was hacked. Apparently only 30 users have been affected.UnknownIndustry: RestaurantCCUK
3512/12/2016LegionSeveral targets in IndiaIn an interview to the Washington Post, Legion declares to be in possession of several terabytes of raw data.Unknown>1CCIN
3613/12/2016?Ukraine's defence ministryUkraine's defence ministry says that its website is down due to cyber attacks that appeared aimed at disrupting it giving updates on the pro-Russian separatist conflict in eastern regions.DDoSGovernmentCWUA
3713/12/2016?Owners of 26 low-end Android SmartphonesSecurity researchers from Dr. Web have found malware hidden in the firmware of 26 low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users.MalwareSingle IndividualsCC>1
3813/12/2016?Frederick County Public SchoolsData on about 1,000 former students in Frederick County Public Schools in Maryland was likely exposed in a data breach that occurred prior to 2010 but which was only discovered in September of this year.UnknownEducationCCUS
3915/12/2016?Yahoo!The White House declares that the FBI is investigating a new attack that compromised at least 1bn Yahoo! user accounts and happened in 2013.UnknownIndustry: InternetCCUS
4015/12/2016Russian HackersPentagonRussian hackers reportedly launched a targeted cyberattack on Pentagon in August 2015, which saw the unclassified email system used by the Joint Chiefs of Staff hijacked, leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure.Targeted AttackGovernmentCWUS
4115/12/2016?Election Assistance CommissionThe Election Assistance Commission. The U.S. agency charged with ensuring that voting machines meet security standards, was itself penetrated by a hacker after the November elections, according to security firm Recorded Future, working with law enforcement on the matter.Targeted AttackGovernmentCEUS
4215/12/2016?Home Internet RoutersProofpoint reveals the details of a new exploit kit called DNSChanger able to infect internet routers in order to redirect users to malicious ads.DNSChanger EKSingle IndividualsCC>1
4315/12/2016BlackEnergyUkrainian BanksESET reports that BlackEnergy, the same group who targeted Ukrainian utilities last December has been using the TeleBots malware against Ukrainian banks in the last month.Targeted AttackFinanceCEUA
4415/12/2016KapustkiyOfficial website of the Russian National Visa Bureau in the Netherlands (rnvb.nl)The official website of the Russian National Visa Bureau in the Netherlands (rnvb.nl) is hacked with information of thousands of people exposed.SQLiGovernmentCCRU

Leave a Reply

%d bloggers like this: