1-15 February 2017 Cyber Attacks Timeline

It’s time to publish the first timeline of February covering the main cyber attacks between February 1st and February 15th.

Let’s start with the mega breaches, and in particular the 3.2 million credit cards siphoned from Hitachi Payment Systems and the 3.3 million records stolen from FunPlus.

But it’s probably the cyber espionage the sector that reported the most significant events. The list of the targets include: the Norwegian Labour Party (APT29), the Italian Foreign Ministry, the Taiwanese Ministry of Foreign Affairs and many others (by the way the list includes also two possible operations by two old acquaintances like APT28 and Turla).

After one month of rest, hacktivists are also back, having defaced 45 Committee, a PAC supporting Donald Trump.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/02/2017?Point of Sale infrastructure in Brazil and other countriesArbor Networks researchers reveal the details of the Flokibot malware family targeting Point of Sale infrastructure in Brazil and other countries.PoS MalwareFinanceCCBR
202/02/2017Chinese state-sponsored hackersMilitary and aerospace interests in Russia and BelarusProofpoint reveals the details of an ongoing cyber-espionage campaign targeting military and aerospace interests in Russia and Belarus via ZeroT and the PlugX RAT.Targeted AttackIndustry: Aerospace MilitaryCERU BY
302/02/2017?City of TroyThe City of Troy computer system is the victim of a ransomware attack.MalwareGovernmentCCUS
403/02/2017APT29Norwegian Labour PartyNorway’s security service says nine email accounts — including those belonging to the Labour party, the foreign ministry and defense ministry — have been targeted by hackers belonging APT29.Targeted AttackGovernmentCENO
503/02/2017?Tiverton Town CouncilJohn Vanderwolfe, a town clerk wipes council documents dating back to 2015 after mistakenly opening an email containing a ransomware malware.MalwareGovernmentCCGB
603/02/2017AnonymousFreedom Hosting IIThe Anonymous take down Freedom Hosting II, the largest repository of dark web sites. The hackers are able to steal 75GB worth of files and 2.6 GB of databasesUnknownIndustry: Web HostingHN/A
703/02/2017?Manatee County School DistrictThe Manatee County School District is the victim of a phishing scam that compromises the information from almost 8,000 employees.Account HijackingEducationCCUS
804/02/2017BerkutPoliceOneMotherboard reveals that a hacker going with the handle of Berkut is selling a database allegedly containing over 700,000 user accounts from PoliceOne, a popular law enforcement forum.UnknownInternet ForumCCUS
904/02/2017?David BeckhamDavid Beckham's emails are held hostage by hackers, and published after his representatives refuse to pay a ransom of €1 million (£860,000). The ‘Beckileaks' came as part of a breach on sports and entertainment agency, Doyen Global (18.6 million emails apparently accessed in 2015 and 2016).UnknownIndustry: EntertainmentCCGB
1004/02/2017Stackoverflowin150,000 online printersA grey-hat hacker going by the name of Stackoverflowin says to have hacked over 150,000 printers that have been left accessible online and starts to send random printing jobs.Online Printers VulnerabilityIndustry: ElectronicsCC>1
1105/02/2017?Email accounts of Irish solicitorsThe Sunday Independent reveals that cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers.Account HijackingLawCCIE
1206/02/2017?45 CommitteeThe website of 45 Committee, a PAC supporting President Donald Trump, is defaced.DefacementOrg: PoliticsHUS
1306/02/2017?Verity Health SystemVerity Health System has now issued a statement about a breach reported to HHS on January 11 as affecting 10,164 patients.UnknownHealthcareCCUS
1406/02/2017Charming KittenMac UsersTwo security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers.MalwareSingle IndividualsCC>1
1506/02/2017?Logic SupplyUS-based industrial computer supplier Logic Supply resets user passwords following an unauthorized access through the firm's website, which may have exposed customer/company names, usernames and passwords, and order information.UnknownIndustry: Computer HardwareCCUS
1607/02/2017Turla?Multiple foreign embassies and ministriesAccording to Forcepoint, an unknown actor whose targets and tactics resemble those of Turla, a Russian APT, has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware.Malicious Code InjectionGovernmentCE>1
1707/02/2017Fallaga Hacker TeamSix NHS WebsitesThe Independent reveals that, over the past six weeks, six NHS websites were defaced showing gruesome images of the conflict in Syria with the hashtags: #Op_Russia and #save_aleppo.DefacementHealthcareHGB
1807/02/2017Aslan Neferler Tim (ANT), or Lion Soldiers TeamAustria's ParliamentAustria's parliament says that a Turkish hackers' group dubbed Aslan Neferler Tim (ANT), or Lion Soldiers Team has claimed responsibility for a cyber attack that brought down its website for 20 minutes during the weekend.DDoSGovernmentHAT
1907/02/2017?National Treasury Management AgencyThe National Treasury Management Agency temporarily suspends access to its website for several hours today after a suspected defacement attack.DefacementGovernmentHIE
2007/02/2017?Darcy Vescio's Twitter account (@darcyvee)AFL Women's league player Darcy Vescio Twitter account is hacked.Account HijackingSingle IndividualsCCAU
2107/02/2017?Canadian TireCanadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website.UnknownIndustry: RetailCCCA
2208/02/2017?Several Organizations WorldwideKaspersky Lab reveals the details of a fileless malware targeting several organizations worldwide.Malware>1CC>1
2308/02/2017?Sports DirectSports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened on September 2016.CMS Vulnerability (DNN)Industry: RetailCCGB
2408/02/2017?FileSilo.co.ukUK magazine publisher Future's FileSilo website (FileSilo.co.uk) is raided by hackers, who make off with, among other information, unencrypted user account passwords.UnknownOnline MagazineCCGB
2508/02/2017zerodark70UPI.comzerodark70 sells a database supposedly containing 83,000 compromised accounts from UPI.com, the website of the 110-year-old American news agency United Press International.UnknownIndustry: JournalismCCUS
2608/02/2017?Alton Steel, Inc.A security breach at Alton Steel, Inc. has left its employees open to identity theft, and more than one employee has already this year had fraudulent tax returns filed in their name.Account HijackingIndustry: Steel ManufacturingCCUS
2709/02/2017?Arby'sThe fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.PoS MalwareIndustry: RestaurantCCUS
2809/02/2017?Hitachi Payment ServicesHitachi Payments Services confirms that its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected.MalwareIndustry: Payment ServicesCCIN
2909/02/2017?LoblawsLoblaw warns PC Plus rewards collectors to reset their passwords after points were stolen from some members’ accounts.Account HijackingIndustry: RetailCCCA
3009/02/2017?Taiwanese Ministry of Foreign Affairs' Bureau of Consular Affairs (BOCA)15,000 data files of Taiwanese nationals could have been hacked due to an intrusion in the email system.UnknownGovernmentCETW
3110/02/2017Russian Hackers?Italian Foreign MinistryRussia is suspected by Italian officials of being behind a sustained hacking attack against the Italian foreign ministry last year that compromised email communications and lasted for many months before it was detectedTargeted AttackGovernmentCEIT
3210/02/2017?Mazagon Dock Shipbuilders LimitedMazagon Dock Shipbuilders Limited is the victim of a targeted attack.Targeted AttackIndustry: ShipbuildingCEIN
3311/02/2017?Mexican researchers and public health activists supporting the Mexican soda taxThe New York Times reveals that Mexican researchers and public health activists supporting the Mexican soda tax were reportedly targeted by hackers using Israeli-based cyberweapons manufacturer, NSO Group's, spyware dubbed Pegasus.Targeted AttackOrg: HealthCEMX
3412/02/2017>1Great BritainIn his first key interview, Ciaran Martin, head of GCHQ’s new National Cyber Security Centre (NCSC), warns that Britain is being hit by 60 significant cyber-attacks a month, including attempts by Russian state-sponsored hackers to steal defence and foreign policy secrets from government departments.>1GovernmentCWGB
3513/02/2017Lazarus APTSeveral Banks WorldwideSymantec reveals the details of a new malware campaign targeting 100 banks and other financial institutions in 31 countries.MalwareFinanceCC>1
3614/02/2017Russian Hackers?Emmanuel MacronFrench front-runner Emmanuel Macron calls for the European Union to stand firm against Russia as his French election campaign is targeted by computer hackers. The Kremlin denies any allegations.UnknownSingle IndividualsCWFR
3714/02/2017?Activists and journalists in Qatar and NepalAmnesty International reveals the details of Operation Kingphish: a Campaign of Cyber Attacks against activists and journalists in Qatar and Nepal.Targeted AttackSingle IndividualsCEQA NP
3814/02/2017?FunPlusAn unknown hacker steals user account information (3.3 million records) and alleged product source code from FunPlus, the company that makes highly popular free-to-play mobile game Family Farm Seaside.UnknownIndustry: Video GamesCCCN
3914/02/2017APT28Macbook UsersBitdefender Lab reveals the details of Xagent, a malware designed for victims running Mac OS X to steal passwords, grab screenshots and steal iPhone backupsMalwareSingle IndividualsCE>1
4014/02/2017?Citizens Memorial HospitalCitizens Memorial Hospital employee data are compromised by a W-2 phishing scam.Account HijackingHealthcareCCUS
4114/02/2017?San Antonio SymphonyComputer hackers break into the computer network for the San Antonio Symphony, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees.UnknownSymphony orchestraCCUS
4215/02/2017RussiaUkraineUkraine accuses Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country.Targeted AttackGovernmentCWUA
4315/02/2017RasputinOver 60 global organisations, including US government agencies and international universities.Recorded Future reveals the details of a massive campaign carried on by a Russian hacker called Rasputin, and targeting multiple organizations worldwide, including the Cornell University, New York University, University of Washington, University of Oxford, University of Cambridge, US National Oceanic and Atmospheric Administration and US Department of Housing and Urban Development.SQLi>1CC>1
4415/02/2017?PharmaNetThe personal information of approximately 7,500 British Columbians may have been compromised through the provincial government's PharmaNet system, when an "unknown/unauthorized person obtained and used a physician's login to access PharmaNet."Account HijackingGovernmentCCCA

Leave a Reply

%d bloggers like this: