1-15 August 2017 Cyber Attacks Timeline

Eventually I have been able to catch up and now I am proud to publish the first timeline of August covering the main cyber attacks occurred between 1-15 August.

At least for once, the timeline does not report any mega-breach (that’s something!) however a new trend is emerging and is the ability, for the criminals to compromise browser add-ons (there have been multiple cases reported in this period).

Another interesting emerging trend is the compromise of software updates of legitimate applications: this time it has been the turn of NetSarang and npm (the node.js management package)

Threat actors do not take vacations though: APT28, for instance, is always on the spot (this time the group has been using the infamous Eternal Blue vulnerability to target people of interest as they connect to hotel guest wi-fi networks). Other interesting events include: a brute force attacks against the Scottish Parliament, a campaign against Russian-speaking enterprises, the discovery that North Korean organizations are still targeted by an unknown organization using the Konni malware, and a new wave of attacks by the Lazarus Group against individuals involved with US Defense contractors.

Last but not least, some crooks found the time to hijack Ariana Grande Instagram account.

As usual scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/08/2017?University of California Los AngelesUCLA reports a cyberattack against a Summer Sessions & International Education Office server that contains personal information provided by students. The attack happened on May 18 and affects potentially up to 32,000 students.UnknownEducationCCUS
201/08/2017?Chinese Telecom FirmThe Kaspersky Lab Q2 2017 DDoS Intelligence Report reveals the details of a DDoS attack launched against a Chinese Telecom Firm, lasting for 11 days.DDoSIndustry: TelcoCCCN
301/08/2017?Single IndividualsMalware researcher Jakub Kroustek from Avast discovers an anti-Israel and pro-Palestinian data wiper dubbed IsraBye.MalwareSingle IndividualsCCIL
401/08/2017?Big Screen in Cardiff's Queen StreetA big screen in Cardiff’s main shopping street, Queen Street, is reportedly hacked with images of swastikas and messages about ‘Shariah’ appearing.UnknownBillboardCCUK
501/08/2017?Users of Node.jsA two-week-old campaign to steal developers' credentials using malicious code distributed through npm, the Node.js package management registry, is halted with the removal of 39 malicious npm packages.Malware via TyposquattingSingle IndividualsCC>1
601/08/2017?Kaleida HealthKaleida Health notifies 2,789 patients about a phishing incident happened on May 24.Account HijackingHealthcareCCUS
702/08/2017?Chrome Web Store Account for Web DeveloperThe Chrome Web Store Account for Web Developer, a popular extension, is compromised via a phishing trick, and pushes adware to millions.Account HijackingSingle IndividualsCCUS
803/08/2017Ne0-H4ck3rPakistan.gov.pkAn Indian hacker going by the online handle of Ne0-H4ck3r defaces the official government portal of Pakistan (Pakistan.gov.pk), leaving a deface page along with a message and a patriotic Indian song.DefacementGovernmentCWPK
904/08/2017?Ariana Grande Instagram accountAriana Grande is the latest celebrity that gets hacked. This time her Instagram account is hacked.Account HijackingSingle IndividualsCCUS
1006/08/2017?Surgical Dermatology GroupSurgical Dermatology Group notifies patients after its cloud hosting and server management provider TekLinks discovers a security breach dating back to March 23, 2017.UnknownHealthcareCCUS
1107/08/2017?Ukrposhta (Ukraine National Postal Service)The website for Ukraine's national postal service Ukrposhta was recently taken down by DDoS attacks for two days in a row, Interfax reports.DDoSGovernmentCCUA
1207/08/2017?Steve Weichert Twitter AccountSteve Weichert, a politician running for District 17’s State Senate Seat in the 2018 election reveals that his Twitter account has been hacked. The alleged attackers post pornographic content.Account HijackingSingle IndividualsCCUS
1307/08/2017The Binary GuardiansAbout 40 Venezuelan websites including those of the government, the Supreme Court and the legislature.A hacking collective called The Binary Guardians defaces roughly 40 Venezuelan websites including those of the government, the Supreme Court and the legislature.DefacementGovernmentHVE
1407/08/2017?Russian Speaking EnterprisesTrend Micro reveals the details of a malicious email campaign against Russian-speaking enterprises, employing a combination of exploits and Windows components to deliver a new backdoor leveraging CVE-2017-0199.Targeted AttackIndustry: >1CERU
1507/08/2017Turkish hackersSeveral Armenian WebsitesTurkish hackers continue to target Armenian websites. The list of the targets involved in the latest spree of attacks includes the official website of the Development Foundation of Armenia and the official website of the Civil Service Council of Armenia.UnknownGovernmentCWAM
1608/08/2017?Several North Korean OrganizationsResearchers from Cylance reveal that North Korean organisations are being increasingly targeted by an unknown hacker group, using the Konni malware, a remote access trojan (RAT). In 2017 alone, three separate campaigns targeting North Korean organisations have been spotted.Malware (Konni)>1CWKP
1708/08/2017?Three major banks in HungaryThe National Bank of Hungary reveals that hackers have been targeting three major banks in Hungary with a slew of phishing attempts.Account HijackingFinanceCCHU
1809/08/2017?Corporations in Brazil and Saudi ArabiaResearchers at Kaspersky Lab reveal that a new run of Mamba infections have been spotted again in Brazil and Saudi Arabia.Malware>1CCBR SA
1909/08/2017?Kenya Electoral Commission IT SystemKenya opposition presidential candidate Raila Odinga claims the electoral commission's IT system has been hacked to manipulate the election results.Account HijackingGovernmentCCKE
2011/08/2017APT28Hotel Wi-Fi UsersResearchers from FireEye reveal that APT28 AKA Fancy Bear have been using the infamous Eternal Blue vulnerability in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks.Targeted Attack>1CE>1
2111/08/2017?Single IndividualsSophosLabs warn of a fresh spike of attacks due to new variants of the well known Emotet malware.MalwareSingle IndividualsCC>1
2212/08/2017AnonymousOfficial website of CharlottesvilleThe Anonymous claim responsibility for carrying out a DDoS attack on the official website of Charlottesville city Virginia. The attack is conducted under the banner of #OpDomesticTerrorismDDoSGovernmentHUS
2312/08/2017Unknown Iraqi developerAndroid usersResearchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store containing a form of advanced spyware they believe was created by an Iraqi developer. The malware author modified a version of the official Telegram app.MalwareSingle IndividualsCC>1
2413/08/2017?Blizzard EntertainmentThe web servers of Blizzard Entertainment suffer a series of massive distributed denial-of-service (DDoS) attacksDDoSIndustry: Video GamesCCUS
2514/08/201731337FireEyeA group of hackers called 31337 leaks a second dump of data allegedly stolen from security company FireEye.Account HijackingIndustry: Information SecurityCCUS
2614/08/2017The Lazarus GroupIndividuals involved with US Defense ContractorsResearchers from Palo Alto Networks reveal the details of a new operation carried on by the North Korea-linked Lazarus Group against individuals involved with US Defense Contractors.Targeted AttackIndustry: US Defense ContractorCEUS
2714/08/2017?7 Chrome ExtensionsResearchers from ProofPoint reveal that seven additional Chrome Extensions have been compromised after their author’s Google Account credentials were stolen via a phishing scheme.Account HijackingSingle IndividualsCC>1
2815/08/2017? (Chinese Attackers)NetSarangResearchers at Kaspersky Lab find a well-hidden backdoor in NetSarang's server management software. It is assumed someone (allegedly from China) managed to hack into NetSarang's operations and silently insert the backdoor ShadowPad.MalwareIndustry: SoftwareCEKR
2915/08/2017?Scottish ParliamentOfficials reveal that the Scottish Parliament has been targeted by a "brute force" cyber attack. The attack, from "external sources", was similar to that which affected Westminster in June.Brute ForceGovernmentCEUK
3015//08/2017Unnamed Nigerian criminal4,000 organizations worldwideResearchers from Check Point reveal the details of an operation targeting 4,000 organizations worldwide, carried on by an unnamed Nigerian criminal under the motto "Get Rich or Try Dying".Malware>1CC>1

Leave a Reply

%d bloggers like this: