16-28 February 2017 Cyber Attacks Timeline

It’s time to publish the second timeline of February (Part I here).

A new timeline, a new megabreach. This fortnight, the unwelcome prize for the most massive breach goes to Coachella, the music festival whose web site has been allegedly hacked with the consequent sell of nearly one million accounts in the dark web. In the same time, a massive trove of 150 million logins has popped up in the dark web in the wake of the cloudbleed vulnerability, and, last but not least, not to mention Yahoo! that has sent out another round of notifications to some users whose account has been compromised by forged cookies.

But Yahoo! has not been the only entity targeted by a state-sponsored actor… This fortnight has reported multiple other operations motivated by cyberespionage; the victims include: the Singapore Ministry of Defence, a campaign against Japanese companies and individuals (dubbed Snake Wine), another campaign against the Ukrainian Government (Gamaredon), and a malware campaign against South Korea, allegedly orchestrated by their Northern neighbors.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
110/02/2017?Texas Department of TransportationThe Texas Department of Transportation says some personal information of employees was compromised last week due to a “security incident.”UnknownGovernmentCCUS
214/02/2017?Unnamed Oklahoma AgencyThe Office of Management and Enterprise Services confirms that an unnamed agency has been targeted by ransomware.MalwareGovernmentCCUS
315/02/2017?Yahoo!Yahoo sends out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo's mail service that allowed an attacker—most likely a "state actor," according to Yahoo—to use a forged "cookie" created by software stolen from within Yahoo's internal systems to gain access to user accounts without a password.Forged CookieIndustry: Internet ServicesCEUS
415/02/2017?Multiple Targets in Saudi ArabiaSecurity researchers reveal the details of a cyber espionage operation dubbed Magic Hound linked to Iran and the recent Shamoon 2 attacks.Malware>1CCSA
516/02/2017?Israeli Defense ForceTwo separate papers from Kaspersky and Lookout reveal the details of ViperRAT, an active APT targeting the Israeli Defense Force.Targeted AttackMilitaryCEIL
616/02/2017?Islamic State SupportersIslamic State supporters are targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit.Targeted AttackSingle IndividualsCEN/A
717/02/2017?ZcoinA simple one-digit typo within the source code of a cryptocurrency called Zcoin has allowed a hacker to make a profit of over $400,000 worth of cryptocurrency.Coding ErrorCryptocurrencyCCN/A
817/02/2017?Bingham CountyHackers demand $25K-$30K after ransomware attack takes down Bingham County serversMalwareGovernmentCCUS
917/02/2017?Lexington Medical CenterLexington Medical Center notifies employees of breach affecting its database.UnknownHealthcareCCUS
1018/02/2017?Family Service RochesterFamily Services Rochester notifies individuals that portions of its computer systems that contained personal information has been compromised by ransomware.MalwareOrg: Family CounselorCCUS
1119/02/2017Pro_Mast3rsecure2donaldjtrump.comA hacked dubbed Pro_Mast3r defaces a server associated with President Donald Trump's presidential campaign donations.DefacementOrg: Political PartyCCUS
1219/02/2017Kuroi’SHAsiana AirlinesKuroi’SH defaces the official website of Asiana Airlines, one of the major airlines in South Korea.DefacementIndustry: AirlineHKR
1320/02/2017?Airsoft GI Forum (airsoftgiforum.com)A hacker claims to have hacked the official web forum of a gun retailer Airsoft GI (airsoftgiforum.com) and uploaded its data on Dropbox.SQLiIndustry: RetailCCUS
1421/02/2017?Several industries, including critical infrastructure and news media.Researchers at CyberX discover a cyber espionage campaign called Bugdrop, that siphoned more than 600 gigabytes from about 70 targets in several industries, including critical infrastructure and news media.Targeted AttackIndustry: >1CE>1
1521/02/2017?BitfinexTop Bitcoin trading platform Bitfinex is hit by a "severe DDoS attack."DDoSCryptocurrencyCCN/A
1622/02/2017BerkutCoachella Music FestivalNearly one million Coachella accounts are reportedly currently up for sale on the dark web.UnknownOrg: Music FestivalCCUS
1722/02/2017?Montenegrin government and several state institutionsThe websites of the Montenegrin government and several state institutions, as well as some pro-government media, are targeted with multiple cyberattacks started since February, 15th.UnknownGovernmentCWME
1822/02/2017RTMRemote Banking Systems (RBS).Experts at software firm ESET reveal the details of the activity of a cybercrime group tracked as RTM using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The Remote Banking Systems are business software used to make bulk financial transfers.MalwareFinanceCC>1
1922/02/2017?South Washington County School DistrictThe South Washington County school district tightens security after a high school student hacks into the district’s server and takes names, Social Security numbers and some addresses.UnknownEducationCCUS
2023/02/2017North Korea?South Korea?Talos reveals the details of a malware campaign against South Korean users, active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document (HWP), a popular alternative to Microsoft Office for South Korean users developed by Hancom.Targeted AttackGovernmentCEKR
2123/02/2017?AppleA mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, after malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.MalwareIndustry: HW and SWCCUS
2224/02/2017?Multiple TargetsThe carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber obtained by exploiting the recently discovered Cloudbleed.Cloudbleed>1CC>1
2324/02/2017?1,500 organizations from 100 countriesKaspersky Lab exposes the details of a new wave of attacks carried on via the Adwind Remote Access Tool targeting 1,500 organizations from 100 countries.Malware (Adwind)>1CC>1
2425/02/2017?Roberts HawaiiThe tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016Malicious CodeIndustry: TourismCCUS
2525/02/2017National Hackers Agency (NHA)605 Websites hosted by DomainMonsterA hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster.Defacement>1CCGB
2627/02/2017?Luxembourg Government's serversThe Luxembourg government's servers are hit in a massive DDoS attack that lasts over 24 hours. The attack is believed to have affected over a hundred websites hosted by the government's servers.DDoSGovernmentCCLU
2727/02/2017GamaredonUkrainian government, military and law enforcement officials.According to the experts from Palo Alto Networks, a Russian state-actor dubbed Gamaredon is using a custom-developed malware in cyber espionage campaigns against the Ukrainian government, military and law enforcement officials.Targeted AttackGovernmentCEUA
2827/02/2017CrimeAgency126 vBulletin ForumA hacker going by the online handle of “CrimeAgency” claims to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum.vBulletin VulnerabilityInternet ForumCC>1
2927/02/2017?Japanese Companies and IndividualsCylance discovers Snake Wine another prolonged campaign that appears to exclusively target Japanese companies and individuals.Targeted Attack>1CEJP
3027/02/2017?Amalgamated SugarNearly 3,000 workers at Amalgamated Sugar receive notifications of an intruder accessing the company's network and their personal information being disclosed.UnknownIndustry: Sugar Beet RefiningCCUS
3128/02/2017?Singapore's Ministry of Defence (Mindef)Singapore's Ministry of Defence (Mindef) confirms that the personal details more than 850 national servicemen and employees were stolen in a "targeted and well-planned" cyberattack earlier this month.Targeted AttackGovernmentCESG
3228/02/2017?AptosShoppers of 40 online stores have had their bank card numbers and addresses stolen by a malware infection at backend provider Aptos occurred late last yearMalwareIndustry: Retail ServicesCCUS

Leave a Reply

%d bloggers like this: