1-15 September 2017 Cyber Attacks Timeline

It’s time to publish the first timeline of this autumn, covering the main cyber attacks occurred between September 1st and 15th.

There have been two events characterizing this fortnight: the cyber attack targeting Equifax, and the discovery of DragonFly 2.0, a nation-sponsored operation compromising multiple US and European energy companies. Other noticeable events include the breach targeting Taringa, the South American version of Instagram, potentially compromising nearly 28 million users; and the one against Canoe.ca, a Canadian news portal targeting potentially one million users.

As usual scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/09/2017?TrueStresserA dissatisfied customer breaches the server of TrueStresser, a DDoS-for-hire service, pilfering its database, and leaking some of the content online.UnknownOnline ServicesCCUS
201/09/2017?Google Chrome UsersSecurity Expert Brad Duncan spot a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware.MalwareSingle individualsCC>1
301/09/2017?Alaska Department of Health and Social Services (dhss.alaska.gov)The Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services.MalwareGovernmentCCUS
401/09/2017The Dark OverlordHand Rehabilitation SpecialistsHand Rehabilitation Specialists notifies patients of a possible hack by The Dark Overlord occurred back in July.UnknownHealthcareCCUS
501/09/2017?Single Individuals in CambodiaResearchers from Palo Alto observe activity involving the Remote Access Trojan KHRAT used by threat actors to target the citizens of Cambodia.Targeted AttackGovernmentCEKH
601/09/2017?The Young Illustrator Award site administered by Meridian Secondary SchoolThe Young Illustrator Award site administered by Meridian Secondary School is taken down after being hacked.UnknownEducationCCSG
702/09/2017?Victoria PoliceA pirate broadcaster posing as a police officer interfere in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers.Radio Frequency HijackingLaw EnforcementCCAU
802/09/2017?Canoe.caThe free news and entertainment portal Canoe.ca, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, wishes to inform users that some of its databases containing records from the period of 1996 to 2008 have been breached.UnknownNewsCCCA
904/09/2017?TaringaLeakBase, a breach notification service, obtains a copy of the hacked database of Taringa, a social network popular in Latin America, containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords.UnknownSocial NetworkCCAR
1004/09/2017?VerritVerrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton.DDoSNewsCCUS
1104/09/2017?cpjobs.comOnline jobs platform cpjobs.com reports an unauthorised third-party attack on the website, compromising the security of user data. Impacted pages are shut down and all users’ passwords are deactivated.UnknownOnline ServicesCCHK
1204/09/2017[email protected] [email protected] [email protected]Unprotected MongoDB instancesSecurity researchers Dylan Katz and Victor Gevers reveal a new wave of attacks aimed to wipe unprotected MongoDB instances and asking for a ransom to have the data back. This wave, carried on by three different groups, targets 26,000 database instances.MongoDB Vulnerability>1CC>1
1304/09/2017Russia?Julia Kloeckner WebsiteJulia Kloeckner, a top leader of German Chancellor Angela Merkel’s conservative party says her website has been hit by thousands of cyber attacks -- many from Russian IP addresses -- ahead of the television election debate between Merkel and her Social Democratic rival Martin Schulz.UnknownOrg: Political PartyCWDE
1405/09/2017China?Multiple Political GroupsResearchers from LookOut discover a new cyberespionage tool, dubbed xRAT, suspected to have been developed and used by Chinese hackers, and used to target political groups.Targeted AttackOrg: Political PartyCE>1
1505/09/2017?West Australian TAFEAn attacker infiltrates the systems of a West Australian TAFE on August 28 and September 5 and accesses the sensitive personal details of staff and more than 13,000 students.UnknownEducationCCAU
1605/09/2017?Community Memorial Health SystemThe Community Memorial Health System sends out a notice regarding a data security breach involving patient information after a phishing attack happened on June 23.Account HijackingHealthcareCCUS
1706/09/2017DragonFly 2.0Multiple US and European energy companiesSymantec reveals that nation-sponsored hackers have penetrated the operational networks that multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of peopleTargeted AttackUtility: EnergyCE>1
1807/09/2017?EquifaxEquifax, reveals to have been hit by a data breach could potentially affect 143 million consumers in the United States. The breach has been discovered on July 29th.Apache Struts Vulnerability (CVE-2017-5638)Industry: Credit Risk AssessmentCCUS
1907/09/2017?AXA InsuranceAXA Insurance sends out an email to some customers informing that the personal data of 5,400 customers in Singapore has been stolen due to a cyber attack.UnknownIndustry: Financial ServicesCCSG
2007/09/2017?Tettegouche State ParkThe popular Tettegouche State Park says its computer systems have been infected with malware, authorities on 25 August and warns visitors to check their credit cards.PoS MalwareIndustry: EntertainmentCCUS
2107/09/2017The Dark OverlordAdult Internal Medicine of North ScottsdaleAdult Internal Medicine of North Scottsdale notifies an incident affecting 11,798 patients.UnknownHealthcareCCUS
2208/09/2017?Schuyler County Sheriff’s DepartmentSchuyler County Sheriff’s Department is disrupted by a hacking attack.Brute ForceLaw EnforcementCEUS
2308/09/2017?Children’s Hospital ColoradoChildren’s Hospital Colorado notifies 3,400 families after employee’s email account was improperly accessed on July 11, 2017.Account HijackingHealthcareCCUS
2409/09/2017?Brazilian UsersSecurity researchers spot a malware group using Facebook's CDN servers to store malicious files used to infect users with banking trojans.MalwareSingle individualsCCBR
2510/09/2017?Road Sign in ModestoAn electronic road sign in the city of Modesto, California is hacked and defaced with a message against President Donald TrumpUnknownRoad SignCCUS
2611/09/2017North KoreaSouth KoreaA new report from security firm FireEye reveals that hackers from Kim Jong Un’s regime are increasing their attacks on cryptocurrency exchanges in South Korea and related sites.>1Cryptocurrency ExchangeCC>1
2711/09/2017?Android UsersResearchers at Kaspersky Lab detect a new Android malware dubbed Xafecopy aiming at stealing personal and financial information of unsuspecting users around the world.MalwareSingle individualsCC>1
2812/09/2017?LinkedIn UsersResearchers from Malwarebytes warn of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.Account HijackingSingle individualsCC>1
2912/09/2017?Wordpress WebsitesWordfence reveals that the popular Wordpress plugin Display Widgets, installed on approximately 200,000 installations, is infected with a backdoor and advises users to uninstall it.Malware>1CC>1
3012/09/2017?4,000 Elasticsearch serversResearchers from MacKeeper find over 4,000 Elasticsearch servers hosting PoS malware strains AlinaPoS and JackPoS.PoS MalwareElasticsearch serversCC>1
3113/09/2017?Netgear WNR2000 RoutersA Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that turns infected devices into SOCKS proxies and carry out credential stuffing attacks. According to Forkbombus Labs, the US cyber-security firm that uncovered this new threat, the hacker is using CVE-2016-10176, a vulnerability targeting Netgear WNR2000 routers.MalwareSingle individualsCC>1
3213/09/2017?Android UsersSecurity researchers from Trend Micro discover more apps carrying the malicious BankBot Android banking malware.MalwareSingle individualsCC>1
3313/09/2017?Russian-Speaking UsersSecurity Firm FireEye reveals that the 0-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malwareTargeted AttackSingle individualsCCRU
3414/09/2017OurMineVevoVevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. is hacked by OurMine. Roughly 3.12TB worth of internal files are posted onlineAccount HijackingIndustry: EntertainmentCCUS
3514/09/2017?Android UsersResearchers from Check Point find at least 50 apps in the official Google Play market, infected with a malware dubbed ExpensiveWall, that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times.MalwareSingle individualsCC>1
3614/09/2017?Single IndividualsResearchers from ESET discover a malvertising campaign delivering JavaScript code (a variant of MineCrunch AKA Web Miner) able to mine multiple cryptocurrencies inside the browser.MalvertisingSingle individualsCC>1
3714/09/2017?Users in South KoreaResearchers from Trend Micro spot a new campaign leveraging the Hangul Word Processor (HWP) to target users in South Korea.Targeted AttackSingle individualsCEKR
3815/09/2017?Unidentified public organisation in SingaporeAccording to a report released by the Cyber Security Agency of Singapore (CSA), an unidentified public organisation in Singapore faced a foreign "state-sponsored" cyberattack late last year.Targeted AttackGovernmentCESG
3915/09/2017TurlaSwiss Defence MinistrySwitzerland’s defence ministry reveals to have detected a Cyber Attack carried on by the infamous Turla APT.Targeted AttackGovernmentCECH
4015/09/2017?Augusta Medical CenterNearly five months after it happened, Augusta Medical Center announces that some patients may have had their personal information compromised by an attack on faculty email accounts.Account HijackingHealthcareCCUS
4115/09/3017?Morehead Memorial HospitalMorehead Memorial says that a data breach due to a phishing attack has potentially exposed patient and employee information.Account HijackingHealthcareCCUS

Leave a Reply

%d bloggers like this: