16-31 May 2015 Cyber Attacks Timeline

It’s finally time to publish the timeline of the main cyber attacks occurred in the second half of May.

A two-weeks period that will be remembered for an unprecedented trail of massive breaches, started with Pacnet (number of victims unknown), and continued throughout the month with CareFirst BlueCross BlueShield (1.1 million victims), Adultfriendfinder (4 million), the Saudi Ministry of Foreign Affairs (1 million), the Internal Revenue Systems (100,000), the music streaming portal Gaana.com (7.5 million) and, last but not least, the Japan’s universal public pension system (1.25 million), with a resulting damage report exceeding 10 million of compromised individuals.

These attacks have obviously overshadowed all the other “minor” events, with the partial exception of the DNS Hijacking attack against the Federal Reserve Bank of St. Louis (discovered on May 18, but happened on April 24).

As usual, keep the level of attention high, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1May 16Pr0digyjonimitchell.comA hacker dubbed Pr0digy hacks jonimitchell.com and dumps 9,000 usernames and clear text passwords.UnknownSingle IndividualCCUShttp://pastebin.com/ek1fXHPp
2May 17@CyberBlocChile’s National Municipal Information System (sinim.gov.cl)Anonymous AKA @CyberBloc hacks the official website of Chile’s National Municipal Information System (sinim.gov.cl), defacing it and leaking login details of officials. The attack is done in support of student protests against the government’s education policy.Defacement SQLiGovernmentHCIhttps://www.hackread.com/anonymous-hacks-chile-government/
3May 17?Unnamed Car ParkVehicles across an entire car park in Manchester have their locks jammed on as the apparent result of a hack.JammingCar ParkingCCUKhttp://www.theregister.co.uk/2015/05/20/car_park_vehicle_locks_hacked_en_masse/
4May 18?Single IndividualsThe Federal Reserve Bank of St. Louis notifies the individuals using its services that on April 24, 2015, unknown hackers manipulated the DNS to redirect some of the Bank’s web traffic to rogue webpages.DNS HijackingGovernmentCCUShttps://www.stlouisfed.org/news-releases/2015/05/18/password-reset-for-st-louis-fed-research-website-user-accounts
5May 18AnonGhostWayne Country Sheriff’s Department
In name of OpUSA, the online hacktivists AnonGhost deface the official website of Wayne Country Sheriff’s department (sheriff.co.wayne.in.us/) and leak its database containing login credentials of its employees.DefacementLaw EnforcementHUShttps://www.hackread.com/wayne-county-sheriffs-dept-website-defaced/
6May 18?MetroHealthMetroHealth notifies nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware, and the affected computers contained their personal information.MalwareHealthcareCCUShttp://www.scmagazine.com/three-metrohealth-computers-infected-with-malware-patients-notified/article/415322/
7May 18Middle East Cyber ArmyEnglish Language Academy of the Univerity of Auckland (ela.auckland.ac.nz)A hacker group calling itself the Middle East Cyber Army defaces the website of the English Language Academy of the Univerity of Auckland (ela.auckland.ac.nz).DefacementEducationHNZhttp://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11450531
8May 19AnonymousItalian Ministry of Defense (difesa.it)After the Expo, the Italian Anonymous target the Italian Ministry of Defense (difesa,it), and leak a list of 1,700 accounts.SQLiGovernmentHIThttp://www.lastampa.it/2015/05/19/italia/cronache/anonymous-colpisce-il-ministero-della-difesa-qlFNgswyvu20wnQiNYK1kL/pagina.html
9May 20?Pacnet (now part of Telstra Corporation Limited )Telstra notifies its customer of a data breach involving its Asian subsidiary Pacnet. Telstra is made aware of the breach on April 16, only after acquiring Pacnet.SQLiIndustry: TelcoCCHK SGhttp://www.telstra.com.au/aboutus/media/media-releases/pacnet-it-security-breach.xml
10May 20H1d3n RootPhiladelphia's City Council (phlcouncil.com)The website for Philadelphia's City Council (phlcouncil.com) is hacked by a pro-Muslim hacker calling himself H1d3n Root.DefacementGovernmentHUShttp://www.philly.com/philly/blogs/heardinthehall/City-Council-website-hacked.html
11May 21?CareFirst BlueCross BlueShieldCareFirst BlueCross BlueShield announces that data belonging to 1.1 million customers in the Washington D.C. area was stolen in a cyber attack on June 2014. Attackers accessed a database containing names, birth dates, email addresses and subscriber ID numbers.Targeted AttackHealthcareCCUShttp://www.forbes.com/sites/katevinton/2015/05/20/data-belonging-to-1-1-million-carefirst-customers-stolen-in-cyber-attack/
12May 21?adultfriendfier.comPersonal information relating to almost 4 million users of a worldwide online dating website adultfriendfier.com is leaked on the Dark Web by unknown hackers. Details of users’ sexual preferences, along with email addresses, usernames, dates of birth, postcodes and the unique internet addresses of users’ computers are compromised.UnknownAdult SiteCCUShttp://www.theguardian.com/lifeandstyle/2015/may/21/adult-friendfinder-dating-site-hackers-expose-users-millions
13May 21?University of London Computer CentreThe University of London Computer Centre falls victim of a DDoS attack that leaves Moodle, an open-source learning platform, out of action for several hours.DDoSEducationCCUKhttp://www.theregister.co.uk/2015/05/22/university_of_london_ddos_attack/
14May 21?eNomeNom, a domain registrar, informs its customers to have been hit by a group of attackers, who altered the domain name system (DNS) settings of four domains, redirecting traffic to different web resources than those intended by the owners.DNS HijackingIndustry: internet ServicesCC14http://news.softpedia.com/news/Domain-Registrar-eNom-Informs-of-DNS-Hijack-Attack-481867.shtml
14May 21?SafeandVaultStoreSafeandVaultStore, an online vendor of physical safes and vaults, notifies its customers to have been hit by cybercriminals who planted malicious code on its eCommerce website and captured details of orders placed by customers.MalwareIndustry: E-CommerceCCUShttp://news.softpedia.com/news/Safe-and-Vault-Store-Suffers-Cyber-Security-Breach-482622.shtml
16May 22?BitfinexBitfinex, a Bitcoin wallet, announces to have been hacked, and ask all customers to cease depositing cryptocurrency to old deposits addresses. The impact of the breach is relatively small (0.5%)UnknownBitcoin ExchangeCCUShttps://www.bitfinex.com/pages/announcements/?id=35
17May 22?Beacon Health SystemBeacon Health System notifies an undisclosed number of patients that their personal information may have been compromised by unauthorized individuals who gained access to employee email accounts.Account HijackingHealthcareCCUShttp://www.scmagazine.com/beacon-health-system-notifies-patients-of-possible-data-compromise/article/416853/
18May 22Yemen Cyber ArmySaudi Ministry of Foreign Affairs (services.mofa.gov.sa) Yemen Cyber Army defaces the Saudi Ministry of Foreign Affairs (services.mofa.gov.sa) and leaks plain-text login credentials of Saudi officials, conversations between embassies along with Embassies VSAT Communications. They also release, few days after, some records of Saudi VISA Database, threatening to release 1M more.UnknownGovernmentHSAhttps://www.hackread.com/saudi-ministry-of-foreign-affairs-hacked/
19May 22Moroccan Revolution TeamWestchester Health (westchesterhealth.com)A group of Pro-ISIS hackers called Moroccan Revolution Team defaces the website of Westchester Health (westchesterhealth.com).DefacementHealthcareHUShttp://pix11.com/2015/05/22/isis-hackers-take-over-local-healthcare-website-company-tries-to-assure-patients-their-info-is-safe/
20May 22@TorProdigyottawaliving.ca@TorProdigy hacks ottawaliving.ca and dumps 13,000 usernames and hashed passwords.SQLiOnline ServicesCCCAhttp://pastebin.com/0Tmy0hm1
21May 23AnonCodersRepublican Party of Kentucky (rpk.org)An international group of hackers operating under the name AnonCoders defaces the main website of the Republican Party of Kentucky (rpk.org) to raise awareness that Muslims are not terrorists.DefacementOrg: Political PartyHUShttp://news.softpedia.com/news/Hacktivists-Deface-Republican-Party-of-Kentucky-s-Website-482491.shtml
22May 23?property.com.naAn anonymous hacker hacks property.com.na and dumps 7,800 usernames and passwords.SQLiOnline ServicesCCNAhttp://siph0n.net/exploits.php?id=3859
23May 24?Breetec International nvThe metal company Breetec in Belgium suffers a 80,000 EUR worth loss (87,000 USD) after being hit by a malware targeting the Isabel payment system and spread via email. Other two Belgian companies have been allegedly hit by the same malware.MalwareIndustry: MetalCCBEhttp://cyberwarzone.com/hackers-steal-80000-euro-from-belgium-metal-company/
24May 24@rmsg0dminecraftforum.net@rmsg0d, a member of TeaMp0isoN, hacks minecraftpeforum.net (a Minecraft Pocket Edition Forum whose domain was recently expired) and dumps the forum’s database containing 16,125 records with, usernames, passwords, and numerous other fields relating to forum participation.SQLiOnline ForumCCUShttp://www.databreaches.net/minecraft-pocket-edition-forum-hacked-dumped/
25May 24AnonymousThailand Senate and Public Health MinistryThe Anonymous breach into the official website of Thailand Senate and Public Health Ministry, and leak login credentials against country’s alleged support for human trafficking.UnknownGovernmentHTHhttps://www.hackread.com/anonymous-breaches-thailand-senate-website/
26May 24Moroccan Islamic Union-MailEmbassy of Nepal in Washington (nepalembassyusa.org)The official website of embassy of Nepal in Washington (nepalembassyusa.org) is hacked by Moroccan Islamic Union-Mail, a group of Moroccan hackers who leave a message against the American invasion of Iraq and what happened afterwards.DefacementGovernmentHNPhttps://www.hackread.com/nepali-embassy-usa-website-hacked/
27May 24Dr.SHA6HUzbekistan Embassy in Kuwait (uzbekembassy.gov.kw)Dr.SHA6H , the anti-Bashar Al Assad hacker from Syria, hacks into the official website of Uzbekistan Embassy in Kuwait (uzbekembassy.gov.kw) and demands governments around the world to bring peace in Syria.DefacementGovernmentHUZhttps://www.hackread.com/anti-assad-hacker-hacks-uzbek-embassy/
28May 25?Hex-RaysHex-Rays, developers of IDA (Interactive Disassembler) sends an email notification to its customers about a recent attack that may have resulted in the compromise of some license keys along with the web forum and the quotation system.UnknownIndustry: SoftwareCCBEhttp://news.softpedia.com/news/Cyber-Attack-on-IDA-Server-Prompts-License-Key-Replacement-482331.shtml
29May 25Galvanize MobChris Jericho's Twitter accountChris Jericho's Twitter account is hacked by a group called the Galvanize Mob. The attackers post some offensive messages.Account HijackingSingle IndividualCCUShttp://www.wrestlinginc.com/wi/news/2015/0525/595627/chris-jericho-twitter-account-hacked/
30May 26?Internal Revenue System
Unknown hackers illegitimately access the Get Transcript service of the IRS (Internal Revenue System) and obtain the information on more than 100,000 US taxpayers from February to mid-May.UnknownGovernmentCCUShttp://bigstory.ap.org/article/34539a748b3745ffb92451472f814ffa/apnewsbreak-irs-says-thieves-stole-tax-info-100000
31May 26?brief.org.ukAn anonymous hacker hacks brief.org.uk and dumps 7,800 usernames and passwords.SQLiOrg: EducationCCUKhttp://siph0n.net/exploits.php?id=3863
32May 28Mak Mangaana.comGaana, one of the top music streaming sites in India with more than 7.5 million monthly users is hacked by a Pakistani hacker called Mak Man, and its user database is exposed.SQLiMusing StreamingCCINhttp://thenextweb.com/insider/2015/05/28/indian-music-streaming-service-gaana-hacked-millions-of-users-details-exposed/
33May 28?Japan’s universal public pension system The organization that manages Japan’s universal public pension system confirms that approximately 1.25 million personal records are compromised by hackers in a recent targeted attack.Targeted AttackGovernmentCCJPhttp://www.tripwire.com/state-of-security/latest-security-news/hackers-steal-over-a-million-japanese-citizens-personal-data-in-targeted-attack/
34May 28?copart.comCopart.com automobile auction website, notifies its users that its computer systems were breached by an unknown attacker, who gained access to sensitive information belonging to its members.UnknownIndustry: AutomotiveCCUShttp://news.softpedia.com/news/Copart-com-Breached-Driver-s-License-Numbers-Exposed-482625.shtml
35May 30OceanLotusChina's marine agencies, scientific research institutions and shipping companiesA report released by Chinese internet company Qihoo 360's SkyEye Labs accuses a state-sponsored foreign organization named OceanLotus, of stealing government information. According to the report, OceanLotus has launched "elaborately organized" online attacks on China's marine agencies, scientific research institutions and shipping companies since April 2012.Targeted Attack>1CECNhttp://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20150530000115&cid=1103&MainCatID=0
36May 30?Single IndividualHackers set their sights on a local businessman In Mahwah (NYC) and obtain enough of his personal information to persuade his bank to wire $240,000 overseas.Social EngineeringSingle IndividualCCUShttp://www.databreaches.net/nj-hackers-steal-240k-from-mahwah-businessmans-bank-account/
37May 30yPeRtRoNthaimassagemodel.comyPeRtRoN hacks an adult web site (thaimassagemodel.com) and dumps 4,614 records with usernames and hashed passwords.SQLiAdult SiteCCTHhttp://pastebin.com/25F7c8ir
H Hacktivism

CC Cyber Crime
CE Cyber Espionage
CW Cyber War

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: