16-30 June 2017 Cyber Attacks Timeline

So, let’s close the Infosec June 2017 with the second timeline covering the main cyber attacks occurred between June 16th and June 30th (first timeline here).

No need to say that Ukraine has been the center of the Infosec world (and not only) for this fortnight, thanks to the destructive attack of NotPetya, whose effects will be visible for a long time in the financial results of the affected companies. Interestingly Ukraine has been hit by three destructive attacks in two weeks (the other two have been carried on via a malware strain known as PSCrypt) despite none of them achieved the same destructive effects of NotPetya.

This event has overshadowed a massive attack against the Internet radio service 8tracks whose number of affected accounts could be as high as 18 million.

Other interesting events include two attacks against two cryptocurrency wallets (ClassicEtherWallet and BitHumb), a scam against a state Supreme Court judge (more than $1 million flown away to China), the discovery of new malicious actors (FIN10, OceanLotus, BackTech), and a cyber espionage operation purportedly orchestrated by the Mexican government against Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists

Last but not least, these days have also revealed more details about the real extent of the alleged Russian cyber attack against the US election system. And if this is not enough, the Homeland Security and the FBI have sent out a general warning about hackers working for a foreign government (Russia?), which recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas.

But scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
114/06/2017Waverly Health CenterWaverly Health Center is hit by ransomware, causing the medical facility to shut down their IT systems.MalwareHealthcareCCUS
216/06/2017?The Buckle Inc.The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, discloses that its retail locations have been hit by malicious software designed to steal customer credit card data.PoS MalwareIndustry: RetailCCUS
316/06/2017?Lori SattlerLori Sattler, a state Supreme Court judge, is scammed out of more than $1 million after being fooled by an email she thought had been sent by her real estate lawyer, sending the money to an account to Commerce Bank of China.Account HijackingSingle IndividualCCUS
416/06/2017?Unnamed Italian OrganizationsResearchers from security firm Yoroi reveal the details of a False Flag Attack on Multi-Stage Delivery of Malware aimed to target Italian OrganizationsMalware>1CCIT
516/06/2017FIN10Canadian Mining, Casino IndustriesFireEye reveals the details of FIN10, a previously unknown threat actor that has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign active since 2013.Targeted Attack>1CCCA
616/06/2017Vigilanceadmin.state.mn.usA hacker calling himself Vigilance hacks a database belonging to the Minnesota state government, and steals about 1,400 email addresses and passwords.UnknownGovernmentHUS
718/06/2017MoRo4 School Districts in FloridaIt looks like two months before the U.S. Presidential Elections. MoRo, a group of hackers from Morocco allegedly tried to hack the US voting systems. In an attempt, they hacked four school districts from Florida.MalwareEducationHUS
819/06/2017?Argentina's Army WebsiteArgentina's army says that its website has been hacked and images purported to be of members of the Islamic State militant group were posted on it.DefacementMilitaryHAR
919/06/2017CyberTeamSkypeA hacking group called CyberTeam claims responsibility for a DDoS attack against Skype.DDoSIndustry: SoftwareCCUS
1019/06/2017Mexican GovernmentMexico’s most prominent human rights lawyers, journalists and anti-corruption activistsThe New York Time reveals that Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by Pegasus, an advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.MalwareSingle IndividualCEMX
1120/06/2017AdGholas>1ProofPoint reveals the details of a massive malvertising campaign carried on by the AdGholas group and aimed to distribute ransomware.Malvertising>1CC>1
1221/06/2017?UkraineOne week before NotPetya, a researcher dubbed MalwareHunter spots a ransomware campaign called PSCrypt targeting Ukraine.Malware>1CWUA
1322/06/2002Russia?Election Systems in 21 US StatesJeanette Manfra of the Department of Homeland Security (DHS), during her testimony before a Senate panel, reveals that Russian hackers targeted election systems in 21 US states during last year's campaign.Targeted AttackGovernmentCWUS
1422/06/2002Russia?US County DatabaseNew details emerge about the alleged hacks before the 2016 elections. Ken Menzel, general counsel of the State Board of Elections, reveals that nearly 90,000 records containing personal information were accessed by Russian hackers, with 90 percent of those records containing some kind of personal information.Targeted AttackGovernmentCWUS
1522/06/2002?MicrosoftBritish police announces to have arrested two suspects part of an international group that hacked into Microsoft's network.UnknownIndustry: SoftwareCCUS
1622/06/2002?Airway OxygenAirway Oxygen notifies that a ransomware attack in mid-April resulted in the compromise of data belonging to 550,000 customers and employees.MalwareIndustry: Home Medical EquipmentCCUS
1722/06/2002OceanLotusSingle Individuals in VietnamResearchers from Palo Alto Networks reveal that the alleged Vietnamese ATP group OceanLotus has evolved its Mac spyware trojan, creating one of the most advanced backdoors never seen on macOS.Targeted AttackSingle IndividualCEVN
1822/06/2002BlackTechTargets in East AsiaTrend Micro reveals the details of a cyberespionage group dubbed BlackTech operating against targets in East Asia focusing on Taiwan and occasionally Japan and Hong Kong with the goal of stealing technology.Targeted Attack>1CE>1
1922/06/2017?Cleveland Medical AssociatesCleveland Medical Associates reveals the details of a ransomware attack happened on April 21, 2017.MalwareHealthcareCCUS
2023/06/2017?UK ParliamentUp to 90 email accounts are compromised amid a brute-force cyber-attack on UK Parliament.Brute ForceGovernmentCCUK
2123/06/2017Russia?British cabinet ministers, ambassadors and senior police officersThe Times reports that passwords belonging to British cabinet ministers, ambassadors and senior police officers are traded online by Russian hackers.UnknownGovernmentCCUK
2223/06/2017?MicrosoftA massive trove of Microsoft's internal Windows 10 operating system builds and portions of its core source code (a total of 32TB) are leaked online.UnknownIndustry: SoftwareCCUS
2325/06/2017Team System DZOhio Gov. John Kasich’s WebsiteOhio Gov. John Kasich’s website is hacked, appearing to show pro-ISIS propaganda. Ohio first lady Karen Kasich’s website, along with the Ohio Department of Rehabilitation and Corrections website, are also hackedDefacementGovernmentHUS
2427/06/2017?UkraineA new ransomware outbreak appears in Ukraine and spreads rapidly all over the world. The malware is called NotPetya or Nyetya. The initial vector is a rogue update from a local accounting software called MeDoc.Malware>1CW>1
2527/06/2017?8tracksMotherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected account could be as high as 18 million.UnknownIndustry: Internet radioCCUS
2628/06/2017Hackers linked to Russia?At least a dozen U.S. power plantsHomeland Security and the FBI send out a general warning about hackers working for a foreign government, which recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas.Targeted AttackUtilities: EnergyCWUS
2728/06/2017?Ventura County Office Of EducationThe websites of numerous school districts in Ventura County go offline amid an attack able to redirect users to a group's webpage where pro-ISIS views were postedUnknownEducationCCUS
2828/06/2017?Wooster-Ashland Regional Council of GovernmentsThe Wooster-Ashland Regional Council of Governments computer network is hacked and more than 200,000 records in are compromised.UnknownLaw EnforcementCCUS
2929/06/2017?ClassicEtherWallet.comAn unknown attacker gains control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency, being able to phish credentials and redirect transactions. Based on reported cases, the hacker might have siphoned off nearly $300,000 worth of ETC funds from hacked accounts.DNS HijackingCryptocurrency ExchangeCCN/A
3029/06/2017?UkraineMalwareHunter spots a fourth ransomware campaign focused on Ukraine. The campaign follows the same patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya.Malware>1CWUA
3129/06/2017BithumbThe largest bitcoin and ether exchange in South Korea by volume, Bithumb, is hacked. The losses could be around ten million South Korean Won (approx USD 8,700).Account HijackingCryptocurrency ExchangeCCKR
3229/06/2017?Two Israeli HospitalsResearchers from Trend Micro discover a malware, dubbed WORM_RETADUP.A, targeting two Israeli hospitals with highly obfuscated information-stealing malware that abuses LNK shortcut files.MalwareHealthcareCEIL

Leave a Reply

%d bloggers like this: