1-15 October 2017 Cyber Attacks Timeline

It’s time to publish the first timeline of October covering the main cyber attacks occurred between October 1st and October 15th, 2017.

There have been multiple events in this fortnight, but probably the one that will be remembered for a long time is the alleged hack to the NSA, allegedly carried on via a backdoor in the popular Kaspersky AV software. The attack per se is quite remarkable, but if it’s true that it was discovered because of an intrusion of Israeli attackers inside the Kaspersky Network, this makes things much more intriguing.

Other important events recorded in this period include the breaches suffered by Forrester, a primary market research firm, the one suffered by Disqus (17.5 million accounts possibly compromised), and also the one suffered by We Heart It (“only” 8 million accounts).

And while yet another Bitcoin Exchanged (OKEx) has allegedly suffered a loss 3 million USD worth, malware implanted on SWIFT has been used to pilfer 60 million USD from a Taiwanese Bank (but the two attackers have been busted).

As usual scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
Country
101/10/2017?Etherparty.ioHackers disrupt the Etherparty ICO (Initial Coin Offering) after hijacking the platform's website, displaying their own Ethereum address, tricking 59 ICO participants into sending funds to the wrong wallets.UnknownCryptocurrency ExchangeCCUS
201/10/2017?OKExAfter victims reported losing a collective of over 600 Bitcoin, worth around 20 million Chinese yuan, at the time of the thefts, or around 3 million USD, OKEx, a Bitcoin exchange based in China, issues a statement, denying it was hacked earlier in August, and blaming recent thefts on careless users who didn't secure their accounts.Account HijackingCryptocurrency ExchangeCCCN
304/10/2017?4,000 NATO SoldiersThe Wall Street Journal reports that Russian hackers have so far accessed the phones of 4,000 NATO troops in EuropeUnknownMilitaryCEINT
405/10/2017Russia?National Security AgencyThe Wall Street Journal reveals that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. It appears that a backdoor in the Kaspersky Antivirus software played a role in the attack.Targeted Attack
505/10/2017?Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaResearchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaTargeted AttackIndustry: >1CEUS KR
605/10/2017?Movimento 5 StelleA new attack takes down Rousseau, the online voting platform used by the Italian Movimento 5 Stelle. Some internal screenshots are also posted online.DDoSOrg: Political PartyCCIT
705/10/2017?John Kelly's personal cellphoneWhite House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.Account HijackingSingle IndividualCEUS
806/10/2017?A bank based in Middle East, a trademark and intellectual property service companies based in Europe, an international sporting organization, and individuals with indirect ties to a country in North East Asia.Researchers from Palo Alto Networks reveal the details of Operation FreeMilk, a campaign targeting a bank based in the Middle East, a trademark and intellectual property service company based in Europe, an international sporting organization, and even lone individuals with indirect ties to a country in North East Asia.Targeted Attack>1CE>1
906/10/2017?DisqusDisqus confirms a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts.UnknownIndustry: Internet ServicesCCUS
1006/10/2017?Forrester ResearchForrester, one of the world's leading market research and investment advisory firms, admits that a security breach took place during the past week. An unidentified attacker (or attackers) has gained access to the infrastructure hosting its website stealing valid credentials.UnknownIndustry: Market ResearchCCUS
1106/10/2017KovCoreG groupPornHub usersProofpoint researchers detect a large-scale malvertising attack by the so-called KovCoreG group, targeting PornHub users.MalvertisingSingle IndividualsCC>1
1206/10/2017?Office 365 AccountsResearchers from Skyhigh Networks discover a new attack with a stealthy technique, dubbed KnockKnock, that targets Office 365 accounts.Account HijackingSingle IndividualsCC>1
1308/10/2017FIN7Multiple TargetsResearchers from security company Iceberg reveal the details of a new campaign carried on by the financial motivated threat actor FIN7 (AKA Carbanak) exploiting new evasion techniques.Targeted AttackFinanceCC>1
1409/10/2017?Taiwanese BankA hacking gang abuses the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. Two arrests are made in Sri Lanka related to the attack.MalwareFinanceCCTW
1509/10/2017OilRigUnnamed UAE Government OrganizationResearchers from Palo Alto Networks spot a new campaign launched by the notorious APT group OilRig against an organization within the government of the United Arab Emirates (UAE).Targeted AttackGovernmentCEUAE
1610/10/2017?South Korea-US Operational PlanKorean News Agency Yonhap News reveals that North Korean hackers are believed to have stolen Operational Plan 5015 a large amount of classified military documents (235 GB), including the latest South Korea-U.S. wartime operational plan, last year.Targeted AttackMilitaryCEUS KR
1710/10/2017North KoreaU.S. Electric Power CompaniesFireEye says in a new report to private clients that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails.Targeted AttackUtility: Electric PowerCCUS
1810/10/2017?Several targets in the financial sectorSecurity researchers at Kaspersky Lab reveal the details of a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista.MalwareFinanceCC>1
1910/10/2017IsraelKasperskyThe New York Times reveals that Israeli hackers broke into the Kaspersky network back in 2014 and advised the US about the NSA breach previously reported.Targeted AttackIndustry: SoftwareCERU
2010/10/2017?Musgrave GroupMusgrave Group, the owner of Ireland’s most popular supermarket is hit by a cyber attack, with criminals trying to get shoppers’ credit and debit card details.UnknownIndustry: WholesaleCCIE
2110/10/2017?Unnamed banks in several former Soviet Union states.Trustwave discovers a new campaign targeting banks om several former Soviet states. Trustwave investigation accounted for about $40 million in fraudulent withdrawals.UnknownFinanceCC>1
2210/10/2017?Single IndividualsGoogle removes a malicious extension from its Chrome Web Store that poses as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users.MalwareSingle IndividualsCC>1
2310/10/2017?Rivermend HealthRivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised.Account HijackingHealthcareCCUS
2410/10/2017?Netflix UsersPhishMe reveals the details of a phishing campaign aimed to compromise business accounts of Netflix users.Account HijackingSingCC>1
2511/10/2017Unknown attacker codenamed "Alf"Australian Signals Directorate (ASD)Australia's foreign intelligence collection agency, the Australian Signals Directorate (ASD), says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships. The breach occurred at an unnamed Department of Defence contractor. Stolen data includes details on the new F-35 Joint Strike Fighter jet, the Boeing P-8 Poseidon submarine-hunting airplane, Lockheed-Marting C-130 transport aircrafts, JDAM guided bombs, and data on "some naval ships."Account HijackingGovernmentCEAU
2611/10/2017?Sweden Transport Administration (Trafikverket)A DDoS attack targets the Sweden Transport Administration (Trafikverket)DDoSGovernmentCCSE
2711/10/2017?Multiple TargetsResearchers from Cisco Talos reveal a new wave of attacks carried on via an evolved version of DNSMessenger distributed by mean of a targeted spear phishing email mimicking fake SEC emails, and also leveraging compromised U.S. state government serversTargeted Attack>1CC>1
2811/10/2017?Single IndividualsResearchers at Akamai identify a botnet of over 14,000 IP addresses used in malware distribution operations.MalwareSingle IndividualsCC>1
2911/10/2017?Victory PhonesVictory Phones, a phone polling firm is hacked, exposing several database files, one of which totaled 223 gigabytes in size and amounted to about two billion lines. The data was stolen in January.UnknownIndustry: Phone servicesCCUS
3012/10/2017?Hyatt Hotels Corp.Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017PoS MalwareIndustry: Hotel and HospitalityCCUS
3112/10/2017?EquifaxEquifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.MalwareIndustry: Credit risk assessmentCCUS
3212/10/2017?Sweden Transport Agency (Transportstyrelsen) Public Transport Operator VästtrafikThe Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik are hit by a DDOS attack.DDoSGovernmentCCSE
3312/10/2017Bronze ButlerVarious Japanese OrganizationsSecureWorks reveals the details of several intrusions carried out by the Bronze Butler threat group at various Japanese organizations.Targeted Attack>1CEJP
3412/10/2017?Multiple WebsitesA study by AdGuard reveals a growing number of websites using cryptocurrency mining as a source of revenues.MalwareSingle IndividualsCC>1
3513/10/2017?We Heart ItWe Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.UnknownImage SharingCCUS
3613/10/2017?PolitifactPolitifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive.MalwareNewsCCUS
3715/10/2017?Pizza HutPizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.UnknownIndustry: RestaurantsCCUS
3815/10/2017?Namaste Health CareNamaste Health notifies about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13, when, when the file server was targeted by Ransomware.MalwareHealthcareCCUS

Leave a Reply

%d bloggers like this: