16-31 January 2017 Cyber Attacks Timeline

It’s time to publish the second timeline of January covering the main cyber attacks occurred between January 16th-31th (first part here).

There are immediately two noteworthy aspects to notice: the number of attacks has been sensibly higher than the first fortnight, and also there are no events related to hacktivism, I do not remember if this ever happened before.

Unfortunately video games companies compensated this void as the lists of the victims include Supercell (1.1 million), CD Projekt Red (1.8 million), and an unconfirmed breach to the Xbox 360 and PSP (2.5 million).

Moreover, as the Spring is coming, the season of the W-2 scams is coming too, with the first victims that start to appear in the news.

Instead, the season of Cyber Espionage is never over, APT28 is always on the spot and this fortnight a new attack was discovered against the Polish Ministry of Foreign Affairs (curiously it looks like even the Italian Ministry of Foreign Affairs has been hit by APT28). Other entities victims of similar attacks (of unknown attribution) have been the Czech Ministry of Foreign Affairs (another coincidence) and the Swedish Armed Forces).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
113/01/2017Indonesian HackersLegitimate WebsitesResearchers from Sucuri discover two connected advertising fraud campaigns that compromise legitimate web sites and abuse Google AdSense.Clickjacking via Malicious JavascriptSingle IndividualsCC>1
215/01/2017?IHOP (International House of Pancakes)IHOP Twitter account (@IHOP) is hacked and posts a political tweet against Hillary Clinton.Account HijackingIndustry: RestaurantCCUS
316/01/2017?Sentara HealthcareA cyber security breach at a third party vendor for Sentara Healthcare compromises the records of over 5,000 patients.UnknownHealthcareCCUS
416/01/2017?Channel OneRussian state television Channel One blames hackers for the leak online of the final episode of the BBC drama Sherlock a day before its actual planning.UnknownIndustry: MediaCCRU
516/01/2017?Laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal.The Korea Times reveals the details of an attempt made by oversea attackers to hack into a laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal.Targeted AttackLaw EnforcementCEKR
617/01/2017?SupercellSupercell Forum is hacked and 1.1 million accounts are leaked. The breach allegedly took place in September 2016.UnknownIndustry: Video GamesCCFI
717/01/2017?20,000 individuals in the NetherlandsPolice in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences.Malware/Account HijackingSingle IndividualsCCNL
817/01/2017?Racingpulse.inA popular horse racing website (Racingpulse.in) is hacked with Ransomware.MalwareOrg: Horse RacingCCIN
917/01/2017?Advanced Flexible Composites Inc.The computer system of Advanced Flexible Composites Inc. is hacked preventing the firm from processing quote requests or orders and from receiving emails.MalwareIndustry: ManufacturingCCUS
1018/01/2017?College students across the United StatesThe FBI’s Internet Crime Complaint Center publishes an alert against a scam tricking college students into depositing fraudulent checks into their bank accounts.Account HijackingEducationCCUS
1118/01/2017?Several biomedical research facilitiesMalwarebytes reveals the details of a newly discovered Mac malware, which has likely been targeting biomedical research facilities for at least two years without detection.MalwareIndustry: Biomedical ResearchCCUS
1218/01/2017?POPEYESCCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016.PoS MalwareIndustry: RestaurantCCUS
1320/01/2017?WCHQ 100.9 FMCrescent Hill Radio WCHQ 100.9 FM, a popular, non-profit radio station in Louisville, Kentucky is hacked to play an anti-Trump song for almost 15 minutes by interrupting regular programming.UnknownRadio StationCCUS
1420/01/2017?St Louis Public LibrarySt Louis Public Library is hit by a ransomware attack. Attackers demand $35,000 worth in Bitcoin.MalwareOrg: LibraryCCUS
1520/01/2017?Bowlmor AMFBowlmor AMF, the world’s largest bowling center operator, says that it had a possible data breach at 21 of its more than 300 domestic locations in 12 states between Feb. 4 and March 19.PoS MalwareIndustry: EntertainmentCCUS
1620/01/2017?Ohio State Veterinary Medical CenterA malware infection is to blame for a security breach that could put the personal information of up to 4,611 clients of the Ohio State Veterinary Medical Center.MalwareEducationCCUS
1721/01/2017?BBC Northampton Twitter account (@BBCNorthampton)The BBC Northampton Twitter account (@BBCNorthampton) is hacked and reports the false news that Donald Trump had been shot.Account HijackingIndustry: MediaCCGB
1821/01/2017Sc0rp10nGh0s7www.nari-icmr.res.inSc0rp10nGh0s7 from the Shad0w Security crew breaks into the servers of the National Aids Research Institute NARI (India) and claims to have accessed a more than 1 GB archive containing the results for dozens Hiv test.SQLi?Org: HealthCCIN
1921/01/2017?Sundance Film FestivalThe box office and other systems at the Sundance Film Festival are shut down by hackers.DDoSIndustry: EntertainmentCCUS
2022/01/2017Chipher0007AlphaBayAbout 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace are accessed and released to the public.Undisclosed VulnerabilitiesDark Web MarketplaceCCN/A
2122/01/2017OurMineNew York Times Video Twitter Account (@nytvideo)OurMine hacks the Twitter account of New York Time Video (@nytvideo) and posts fake news.Account HijackingIndustry: MediaCCUS
2223/01/2017?Lloyds BankThe Financial Time reveals that Lloyds Bank has been targeted by a large scale DDoS attack over the past two weeks. Two crooks claims responsibility for the attack.DDoSFinanceCCGB
2323/01/2017?Several targets in Saudi ArabiaSaudi Arabia warns organizations in the Kingdom to be on the alert for cyber attacks carried on via a new variant of the Shamoon virus. Targets include a chemical firm (Sadara Chemical Co) and the Ministry of Labor and Social Development.Malware>1CWSA
2423/01/2017?XP Investimentos SAHackers who stole data from 29,000 clients of XP Investimentos SA allegedly tried to get the Brazilian independent securities firm to pay 22.5 million reais ($7.1 million) to keep the security breach secret.Industry: SecuritiesUnknownCCBR
2524/01/2017?Grey Eagle Resort and CasinoGrey Eagle Resort and Casino and the attackers threaten to dump hundreds of gigabytes of data. The Casino confirms the breach.UnknownIndustry: Hotel and HospitalityCCUS
2624/01/2017?[email protected] [email protected]Websites of the Democratic Party in the Wisconsin area are hacked by alleged Russian Hackers.Undisclosed VulnerabilitiesOrg: Political PartyCCUS
2725/01/2017APT28 AKA Fancy BearUnnamed TV Station in the UKSecureWorks reveals that APT28 was able to infiltrate an unnamed TV station in the UK and stay undetected for 12 months starting from July 2015.Targeted AttackIndustry: MediaCEGB
2825/01/2017?Cockrell Hill PolicePolice in Cockrell Hill, Texas admits in a press release to have lost years worth of evidence after the department's server was infected with ransomware.MalwareLaw EnforcementCCUS
2925/01/2017?Argyle school districtArgyle school district warns its workers that their W-2 tax forms were lost in a phishing attack.Account HijackingEducationCCUS
3025/01/2017?Several Chinese Internet GiantsA dark web vendor going by the handle “DoubleFlag” sells 1 billion accounts stolen from several Chinese Internet giants, including NetEase Inc and its subsidiaries 126.com, 163.com and Yeah.net. Tencent Holdings Limited owned QQ.com, TOM Group’s Tom.com 163.net, Sina Corporation’s Sina.com/Sina.com.cn, Sohu, Inc.’s Sohu.com and Letter Network Information Technology Co., Ltd owned eYou.com.UnknownIndustry: Internet ServicesCCCN
3125/01/2017?U.S. CellularDoubleFlag now claims to sell a database containing 126 million customer records from U.S. Cellular. The company denies the hack.UnknownIndustry: TelcoCCUS
3225/01/2017?Campbell County HealthSocial Security numbers and W-2 information for about 1,400 employees who worked over the past year at Campbell County Health are mistakenly released to someone impersonating a hospital executive.Account HijackingHealthcareCCUS
3325/01/2017Four TeenagersSeveral E-Commerce websitesFour teenagers are arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh [$134,985.29 USD] exploiting a vulnerability in the payment gateway (PayU).Payment gateway vulnerabilityIndustry: E-CommerceCCIN
3425/01/2017?Tipton County SchoolsTipton County Schools are hit by a phishing scam aimed to steal employees' personal W-2 forms.Account HijackingEducationCCUS
3525/01/2017?Swedish Armed ForcesDaily newspaper Dagens Nyheter reports that Sweden's armed forces were recently exposed to an extensive cyber attack that prompted them to shut down an the Caxcis IT system, used in military exercisesUnknownMilitaryCESE
3626/01/2017?Hong Kong Securities BrokersHong Kong's securities regulator says that brokers in the city has suffered major DDoS cyber attacks and warn of possible further incidents across the industry.DDoSIndustry: Securities BrokersCCHK
3726/01/2017?Odessa School DistrictThe Odessa School District is hit by a phishing scam aimed to steal employees' personal W-2 forms.Account HijackingEducationCCUS
3826/01/2017?High FidelityHigh Fidelity users receive an e-mail from Philip Rosedale, CEO and founder of the new social VR world, announcing the compromise of a staff email account in late December and Early January.Account HijackingVirtual RealityCCUS
3927/01/2017?D.C. PoliceRansomware infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts,MalwareLaw EnforcementCCUS
4027/01/2017?NATOTalos reveals the details of Matryoshka Doll, a spear phishing campaign targeting NATO officials during the Christmas and New Year HolidayTargeted AttackMilitaryCEINT
4127/01/2017?Australian Nuclear Science and Technology Organisation (ANSTO)The Australian Nuclear Science and Technology Organisation (ANSTO) investigate a computer security breach at the Australian Synchrotron that saw hackers steal scientists' usernames and passwords.Undisclosed VulnerabilitiesGovernmentCCAU
4227/01/2017?SunrunSolar panel maker Sunrun is hit with a spearphishing attack, impersonating the CEO Lynn Jurich, that gets away with the company employee W-2 information.Account HijackingIndustry: Solar PanelCCUS
4328/01/2017?Romantik Seehotel JaegerwirtOne of Europe's top hotels, Romantik Seehotel Jaegerwirt, admits they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid.MalwareIndustry: Hotel and HospitalityCCAT
4428/01/2017OurMineMultiple Twitter accounts associated with the World Wrestling Entertainment GroupOurMine hacks multiple Twitter accounts associated with the World Wrestling Entertainment group, including that of WWE Universe, WWE NXT, WWE Network, Summer Slam as well as wrestlers John Cena and Triple H. WWE Tumblr page is also compromised.Account HijackingIndustry: EntertainmentCCUS
4528/01/2017?Dr.Web EmsisoftIn the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities.DDoSIndustry: SoftwareCCRU AT
4630/01/2017APT28 AKA Fancy BearPolish Foreign MinistryThe Polish daily newspaper Rzeczpospolita reveals that the hack against the Polish Foreign Ministry occurred in December was probably orchestrated by APT28.Targeted AttackGovernmentCEPL
4731/01/2017?Czech Foreign MinistryCzech Foreign Minister Lubomir Zaoralek says that hackers breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party.Targeted AttackGovernmentCECZ
4831/01/2017Gaza CybergangSeveral Governments in the Middle East AreaResearchers at Palo Alto Networks reveal the details of a new cyber espionage campaign carried on by the Gaza Cybergang.Targeted AttackGovernmentCE>1
4931/01/2017?CD Projekt RedCD Projekt Red, the Poland-based developer behind the popular 'Witcher' game and comic series, is hit with a forum hack that compromised over 1.8 million user credentials. The hack allegedly took place in March last year.UnknownIndustry: Video GamesCCPL
5031/01/2017?Linking CountyLicking County servers are targeted by a ransomware infection.MalwareGovernmentCCUS
5131/01/2017?Xbox 360 and Playstation Portable ISO ForumsAn unidentified hacker reportedly breaches the XBOX 360 and PlayStation Portable ISO forums compromising 2.5 million gamer accounts. The breach is unconfirmed.UnknownIndustry: Video GamesCCUS JP
5231/01/2017?Sunny 107.9 WFBS-LPFMAnother station is hijacked to play the "F*** Donald Trump" song.Barix box hijackingRadio StationCCUS

Leave a Reply

%d bloggers like this: