1-15 January 2017 Cyber Attacks Timeline

It’s time to publish the first timeline of this 2017 listing the main cyber attacks occurred between 1 and 15 January 2017. Of course the new infosec year could not start without a mega breach, and ESEA, a video-game community, is the first victim (more than 1.5 million records compromised).

Despite this massive breach, the most important events of this fortnight have been the discovery of a long lasting cyber espionage campaign in Italy dubbed EyePyramid, targeting the political and economical elite, and the massive cyber attack against Barts Health Trust, the largest NHS trust in England.

The chronicles also report yet another cyber attack against SWIFT and multiple ransomware infections (a trend that is becoming increasingly familiar unfortunately). In any case scroll down the list for all the details.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/01/2017>1Several Institutions in the British GovernmentThe British National Cyber Security Centre reveals to have foiled 86 attacks in its first month of activity most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs. Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems.>1GovernmentCEGB
201/01/2017?Transmission and electricity producing linesSources from the Energy Ministry claim that a major cyber-attack is the cause of the widespread electricity cuts across Istanbul. Turkey sources blame the USUnknownUtilities: Electricity and Transmission LinesCW?TR
301/01/2017CyberZeistfbi.govExploiting a vulnerability of Plone CMS, CyberZeist claim to have hacked fbi.gov and leaks the records of 155 FBI officials on pastebin. Plone denies that a 0-day vulnerability has been exploited to carry on the attack.Plone CMS vulnerabilityGovernmentCCUS
401/01/2017?Susan M. Hughes Center (hughescenter.net)The Susan M. Hughes Center notifies a ransomware incident affecting 11,400 patients.MalwareHealthcareCCUS
503/01/2017AnonymousVictoria’s Human Rights CommissionA group claiming to be part of the Anonymous collective defaces Victoria’s Human Rights Commission website (humanrightscommission.vic.gov.au) with a nonsensical message about its social network AnonPlus.DefacementGovernmentHGB
604/01/2017?India National Defence Academy (NDA) and National Investigation Agency (NIA)Indian security forces have been alerted by central intelligence agencies that a WhatsApp virus is threatening to hack into their personal information and banking data.MalwareMilitaryCEIN
704/01/2017Kuroi’SHgoogle.com.brKuroi’SH hjacks the DNS record of google.com.br and redirects the users to a defaced page. The hacks happens compromising the records held by registro.br.DNS HijackingIndustry: internet ServicesCCBR
804/01/2017?Emory Brain Health CenterEmory Healthcare is one of the victims of the MongoDB ransomware attacks and has its database, managed by a third-party and containing 90,000 records encrypted.MalwareHealthcareCCUS
904/01/2017?Northside Independent School DistrictThe Northside Independent School District sends letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk after several employees' email accounts have been compromised.Account HijackingEducationCCUS
1005/01/2017DragonOK APTSeveral Entities in JapanPalo Alto reveals the details of DragonOK APT, an operation carried on by a Chinese malicious actor targeting primarily Japan, and other regions such as Taiwan, Tibet, and RussiaTargeted Attack>1CE>1
1105/01/2017OilRig APTSeveral entities in IsraelClearSky Security discovers a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The campaign targets at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office.Targeted Attack>1CEIL
1205/01/2017?University of AlbertaThe University of Alberta discloses the details of a malware attack, occurred late last year, involving 300 computers and putting over 3,000 students at risk.MalwareEducationCCCA
1306/01/2017CyberwolfgangSquare Enix's European Twitter Account (@SQUARE_ENIX_EU)Video game giant Square Enix's European Twitter account is hacked by a group of hackers calling themselves the "cyberwolfgang" and posts multiple tweets mocking other companies including rival gaming company EA, media outlet TechCrunch .Account HijackingIndustry: Video GamesCCJP
1406/01/2017?Arizona Department of AdministrationArizona officials investigate how and when several computers used by state legislators and their staffs became infected with malware.MalwareGovernmentCCUS
1506/01/2017?123-Reg123-Reg is the target of a DDoS attack which disrupted the company's services only days into 2017.DDoSIndustry: Web HostingCCGB
1606/01/2017Kapustkiyesguarnacpuntademata.mil.veOne of the websites belonging to Venezuela’s ministry of defense (esguarnacpuntademata.mil.ve) is hacked by Kapustkiy in protest of what the attacker described as the dictatorship of President Nicolas Maduro in the country. The attacker leaks 2,100 records.SQLiMilitaryHVE
1707/01/2017?MJ FreewayMJ Freeway, a Denver company whose tracking software is used by hundreds of marijuana companies to comply with state regulations, says its main servers and backup system are down after a "targeted cyber attack".Targeted AttackIndustry: SoftwareCCUS
1807/01/2017?Princeton UniversityPrinceton University is one of the 27,000 victims that have their data wiped by attackers leveraging a vulnerable MongoDB.MalwareEducationCCUS
1908/01/2017?esea.netOver 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, are leaked online after being hijacked by hackers in late December last year.UnknownOnline ForumCCUS
2009/01/2017?Netflix Users in the USFireEye Labs discovers a sophisticated phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States.Account HijackingSingle IndividualsCCUS
2109/01/2017?http://forumserver.twoplustwo.comThe operators of the world’s largest online poker discussion forum, TwoPlusTwo, confirm that the forum was hacked at some point late in 2016, with the personal data then being offered for sale.UnknownOnline ForumCCUS
2210/01/2017?The Los Angeles Valley College (LAVC)The Los Angeles Valley College (LAVC) is forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware.MalwareEducationCCUS
2310/01/2017AnonymousMultiple Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownGovernmentHTH
2411/01/2017Giulio Occhionero and Francesca Maria Occhioneroleading Italian politicians, businessmen and MasonsItalian siblings Giulio and Francesca Maria Occhionero are arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons using a variant of the malware family EyePyramidTargeted AttackSingle IndividualsCEIT
2511/01/2017?JabbimThe Jabbim Instant Messaging service is hacked and the database (8gb) is dumped in the dark web.UnknownOnline ServicesCCCZ
2611/01/2017The Dark Overlord?littlereddooreci.orgThe Dark Overlord hacks the computers of an Indiana-based cancer agency and asks for a large payment of 50 Bitcoin ($44,800) not to release the data. Initially the attack seemed to have been caused by ransomware.MalwareOrg: Non-ProfitCCUS
2711/01/2017?Kanawha County SchoolsKanawha County Schools tells that their internal documents have been restored after a ransomware attack.MalwareEducationCCUS
2812/01/2017?CellebriteMotherboard obtains 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products.UnknownIndustry: Data ExtractionCCIL
2912/01/2017?General MotorsReports come out claiming that GM employees’ names and social security numbers might have been exposed during a breach.UnknownIndustry: AutomotiveCCUS
3013/01/2017AnonymousMultiple Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownGovernmentHTH
3113/01/2017?Barts health trust, which runs five hospitals in east London: the Royal London, St Bartholomew’s, Whipps Cross, Mile End and NewhamThe largest NHS trust in England is hit by malware. Unlike early reports suggest, ransomware is ruled out as the cause of the outage.MalwareHealthcareCCGB
3213/01/2017AnonymousMultiple Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownGovernmentHTH
3313/01/2017?University of Maryland School of MedicineA doctor’s practice plan affiliated with the University of Maryland School of Medicine notifies patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. 1500 patients are affected.UnknownHealthcareCCUS
3414/01/2017Kapustkiygdc.gob.veIn a form of protest against President Nicolas Maduro, Kapustkiy hacks a website of a local government and dumps around 900 records on pastebin.LFI/SQLiGovernmentHVE
3514/01/2017?MrExcel.comMrExcel.com reveals that its forum has been compromised on the morning of December 6, 2016.vBulletin VulnerabilityOnline ServicesCCUS
3614/01/2017?Dracut Public SchoolsCurrent and former employees’ personal information, including SSN, is acquired by a hacker after an employee falls for what the district describes as a “sophisticated phishing scheme.”Account HijackingEducationCCUS
3715/01/2017?Several Indian BanksSeveral Indian Banks discover that their SWIFT systems have been compromised to create fake documents.UnknownFinanceCCIN

Leave a Reply

%d bloggers like this: