1-15 June 2017 Cyber Attacks Timeline

Here’s the first timeline of June containing the main cyber attacks occurred in the first half of the month.

It looks like the real effect of the cyber attacks against the US electoral system, purportedly orchestrated by Russian actors, is now revealing its real extent (39 states and more than 100 officers could have been affected). And this is probably the most important event of the first half of June.

But the level of activity on the Cyber Espionage and Cyber Warfare fronts continues to be quite sustained: these fifteen days have revealed operations carried on by the infamous APT28 (against Montenegro after its decision to join the NATO), a North Korean group called Hidden Cobra, a new actor dubbed Platinum APT abusing the Intel Chip Management Feature, and Turla, using a novel way to hide the Command and Control (Instagram plus Britney Spears, an explosive combination).

Ransomware is still on the spot: the list of the victims includes the University College London and, most importantly, Nayana, a South Korean Web Hosting service, which has paid a $1 million ransom to have the data stored on their 153 servers back.

Other remarkable events include the discovery of a Chinese ransomware dubbed Wannalocker, affecting Android users, and mimicking WannaCry, and the discovery of a global malware dubbed Fireball affecting, according to Check Point, 250 million endpoints worldwide (but Microsoft has reduced this number to only 40 million).

But scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/06/2017?Stanford University SubdomainFor almost four months, one of Stanford's subdomains (Paul F. Glenn Center for the Biology of Aging at Stanford University) has been compromised and used for hosting web shells, mailers, and other types of web malware.WebShellEducationCCUS
201/06/2017?Windows UsersResearchers from Check Point reveal the details of Fireball, a high volume Chinese threat operation which has infected over 250 million computers worldwide (despite Microsoft later claims the number of infected machine is "only" 40 million.MalwareSingle IndividualCC>1
301/06/2017?Good Choice (hotel reservation app)Hackers suspected of breaching a popular South Korean mobile app and stealing the personal data of more than 990,000 are arrested by local police in Korea.UnknownIndustry: Hotel BookingCCKR
402/06/2017?Google SearchA malvertising campaign exploits ads in Google Search results for Target, redirecting the users to a tech support scam. Apparently a similar campaign has also been carried on for searches related to Walmart.MalvertisingSingle IndividualCCUS
503/06/2017?Hotels.comHotels.com sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29).UnknownIndustry: Hotel BookingCCUS
604/06/2017The Dark OverlordSteve Harvey's FunderdomeThe Dark Overlord, which recently leaked ten episodes of Netflix's "Orange is the New Black" makes a resurgence, releasing on the Pirate Bay a selection of eight episodes from ABC's upcoming network television show "Steve Harvey's Funderdome".UnknownIndustry: EntertainmentCCUS
705/06/2017Russia?USA new report reveals that Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to 122 local election officials just days before last November’s presidential election.Targeted AttackGovernmentCWUS
805/06/2017?BTC-E.comBTC-E.com, the popular Bitcoin and Litecoin exchange platform is the target of a DDoS Attack.DDoSCryptocurrency ExchangeCCRU
905/06/2017?Wind TreItaly’s data protection authority, Garante Privacy, has ordered Wind Tre to write to customers to notify them of a data breach following a cyber attack that occurred on 20 March.UnknownIndustry: TelcoCCIT
1006/06/2017APT28MontenegroSecurity firm FireEye reveals the details of a wave of attacks targeting Montenegro using spear-phishing, after its decision to join the NATO.Targeted AttackGovernmentCWME
1106/06/2017Turla>1Security firm ESET reveals the details of a recently discovered backdoor Trojan using comments posted to Britney Spears's official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers.Targeted Attack>1CE>1
1207/06/2017?Southern Oregon UniversitySouthern Oregon University announces that it is the latest organization to fall victim to a business email compromise (BEC) attack after fraudsters tricked the educational establishment into transferring money into a bank account under their control. The university fell for the scam in late April when it wired $1.9 million into a bank account. They believed they were paying Andersen Construction, a contractor responsible for constructing a pavilion and student recreation center.Account Hijacking (Business Email Compromise)EducationCCUS
1307/06/2017Chris HutchesonGordon RamsayThe father-in-law of celebrity chef Gordon Ramsay is jailed for six months after pleading guilty to attempting to hack into his computer to steal financial information and 'dirty' secrets on the star for the hacking plot to crack into Ramsay's private emails following a family falling-out.Account HijackingSingle IndividualCCUK
1407/06/2017Platinum APT>1Microsoft reveals the details of Platinum APT, the first example of a threat actor abusing Intel Chip Management Feature.Targeted Attack>1CE>1
1508/06/2017?Al Jazeera Media NetworkThe websites and digital platforms of Al Jazeera Media Network are undergoing "systematic and continual hacking attempts". Internal sources reveal that the network is facing a DDoS attack.DDoSIndustry: MediaCCQA
1608/06/2017?Android UsersResearchers from security firm Kaspersky Lab reveal that more than 50,000 Android devices have downloaded a strain of Android malware, known as "DvMap", which contains rare abilities to allow hackers and cybercriminals to gain "root" access to a smartphone or tablet and inject malicious code directly into system libraries.MalwareSingle IndividualCC>1
1708/06/2017?CD Projekt RedCD Projekt Red, the Polish studio maker behind the popular The Witcher 3 RPG, suffers a data breach and the attacker is holding the company for ransom, threatening to release stolen files if the game maker doesn't pay an undisclosed sum of money.UnknownIndustry: Video GamesCCPL
1809/06/2017?Linux ServersResearchers from Kaspersky Lab reveal that an unknown threat actor is using a vulnerability in Samba installations to take over Linux machines and use them as pawns in a vast cryptocurrency mining operation. The malware is dubbed SambaCry.Malware>1CC>1
1909/06/2017?Android UsersResearchers from security company Qihoo 360 discover an Android ransomware developed in China dubbed WannaLocker, which copies WannaCry using similar graphics to trick users into paying the ransom.MalwareSingle IndividualCCCN
2009/06/2017FIN7Restaurants across the USMorphisec Lab reveals the details of a sophisticated fileless attack carried on by the FIN7 group and targeting restaurants across the US, allowing attackers to seize system control and install a backdoor to steal financial information at will.MalwareIndustry: RestaurantCCUS
2109/06/2017?Select RestaurantOhio-based Select Restaurant chain reports it suffered a point-of-sale breach during which customer payment card information was compromised. The breach took place between October 36, 2016 and February 3, 2017 at 12 of the company's restaurants, which are located across the United States,PoS MalwareIndustry: RestaurantCCUS
2212/06/2017?Google News (via compromising of Palate Press and the Boyne City Gazette)Legitimate news sites listed on Google News replace articles with spam ads for drugs and dating sites. The incident occurred after two online wine magazine (Palate Press and the Boyne City Gazette) were hacked.Spam InjectionIndustry: Internet FamiliesCCUS
2313/06/2017Russia?U.S. Electoral SystemNew investigations reveal that Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported (39 states).Targeted AttackGovernmentCWUS
2414/06/2017Hidden Cobra>1The US-CERT identifies the North Korean government as being behind Hidden Cobra, a threat actor using DeltaCharlie, a DDoS botnet infrastructure that has been used to target media, financial, aerospace, and critical infrastructure organizations in the US and elsewhere.Targeted Attack>1CWUS
2514/06/2017?Android UsersSecurity firm Trend Micro reveals that over 800 Android apps on Google Play have been found infected with Xavier, a "silent" data stealing and leaking malware. The malicious adware has been around since 2016 and functions under the radar, making it difficult to detect its activities.MalwareSingle IndividualCC>1
2614/06/2017?CashCrateMotherboard reveals that hackers made off with 6 million user accounts for CashCrate, a site where users can be paid to complete online surveys.UnknownOnline ServicesCCUS
2714/06/2017?ATMs in IndiaATMs in India are under attack via Rufus, a Chinese malware targeting cash machines running outdated Windows XP.MalwareFinanceCCIN
2814/06/2017?NayanaA South Korean Web-hosting service provider, Nayana, agrees to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites via the Erebus ransomware.MalwareIndustry: TelcoCCKR
2915/06/2017?University College LondonUniversity College London is hit by a “major” ransomware attack which brings down its shared drives and student management system. The attack also leads to a number of hospital trusts suspending their email servers as a precautionary measure, in an attempt to prevent the repetition WannaCry epidemic.MalwareEducationCCUK
3015/06/2017?Ulster UniversityThe Ulster University is also hit by Ransomware.MalwareEducationCCUK
3115/06/2017?BitfinexBitfinex, the world’s largest US dollar-based Bitcoin exchange, is still suffering from the effects of a DDoS attack on its systems earlier this week, rendering IOTA deposits unavailable for users.DDoSCryptocurrency ExchangeCCHK
3215/06/2017Attackers from NigeriaMultiple Industrial FirmsKaspersky Lab reveal the details of a massive BEC campaign targeting over 500 companies, mostly in the industrial and transportation sector, from 50 countries.Account Hijacking (Business Email Compromise)Industry: >1CC>1

Leave a Reply

%d bloggers like this: