Great news! With this article, I have decided to change the timeline, moving from a static infographic-style format, to a tabular format, which allows to sort, filter and search for specific items inside the timeline.
Of course there is a price for everything: inserting and fitting the images (attackers’ avatars and targets’ logos) inside the table cells is time expensive, and as a consequence I have decided to remove them. The graphical look-and-feel will loose something, however I believe that the table usability is worth the price. I hope you will like it, and please let me know if you have comments/hints, etc. Also I left an Easter Egg after the table!
After this needed introduction, let’s have a look to the threat landscape of the second half of June.
From this standpoint, The Canadian cyberspace has suffered the worst consequences. The approval of the controversial bill C-51 has unchained a tide of attacks by the Anonymous collective against websites related to the Central Government and law enforcement agencies.
Other interesting events of include a DDoS attack against LOT Polish Airlines, which has forced 1,400 passengers of the carrier to remain grounded at the Warsaw Airport, a completely unprecedented attack of a baseball franchise (St. Louis Cardinals) against a competitor (Houston Astros), and the return of the infamous TeamGhostShell.
Enjoy the new timeline and, as usual, remember keep the level of attention very high. in the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow@paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 Jun 12 ? Algonquin College A server hack at Algonquin College in Ottawa leaves the personal information of more than 1,000 former students vulnerable but no data was taken, according to the college. Unknown Education CC CA http://www.cbc.ca/news/canada/ottawa/algonquin-college-server-hacked-but-no-data-taken-college-says-1.3111379 2 Jun 12 ? Infosys Ltd The salary accounts of more than 23 employees of software major, Infosys, in several cities across the country are, hacked and money siphoned off. Unknown Industry: Software CC IN http://www.thehindu.com/news/national/andhra-pradesh/infosys-salary-accounts-hacked/article7307591.ece 3 Jun 15 ? Japan Environmental Storage & Safety Corp. The internal computer network of the state-run Japan Environmental Storage & Safety Corp., which manages temporary storage sites for decontaminated waste from the Fukushima nuclear disaster, is infected by a computer virus. Malware Industry: waste treatment CC JP http://www.japantimes.co.jp/news/2015/06/17/national/fukushima-radioactive-waste-storage-operators-intranet-infected-by-virus/#.VZNpUefSjLB 4 Jun 16 ? >1 Researchers from Palo Alto Networks reveal the details of a campaign dubbed “Operation Lotus Blossom” carried out via more than 50 attacks, executed via CVE-2012-0158, against government and military organizations across Southeast Asia over the last three years. Targeted Attack Government
CE >1 http://researchcenter.paloaltonetworks.com/2015/06/operation-lotus-blossom/ 5 Jun 16 St. Louis Cardinals Houston Astros The St. Louis Cardinals baseball franchise is investigated by the FBI for allegedly hacking into the network of the Houston Astros in order "to steal closely guarded information about player personnel”. Unknown Single Individual CC US http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html 6 Jun 16 ? Bonnier Publications Attackers believed to have originated in China hack into the email of Bonnier Publications CEO Dave Freygang and steal $1.5 million with a fraudulent electronic transfer. Account Hijacking Industry: Media CC SE http://nypost.com/2015/06/16/magazine-publisher-swindled-out-of-1-5-million-in-cyber-fraud/ 7 Jun 16 ? EFnet Efnet, a major IRC network, is compromised, putting at risk, potentially, 35,000 users. Account Hijacking Forum CC CA http://forum.efnet.org/viewtopic.php?t=8428 8 Jun 16 Phénoméne Dz University of Baltimore affiliated website (bniajfi.org) Federal officials investigate after a University of Baltimore affiliated website (bniajfi.org) is defaced with a pro-ISIS message. Defacement Education H US http://www.wbaltv.com/news/University-of-Baltimore-affiliated-website-hacked/33611654 9 Jun 17 Anonymous Canadian Governments Web Sites More than a dozen Canadian government departments are taken down by a DDoS attack. The Anonymous collective claims responsibility for the attack, against the controversial C-51 bill. DDoS Government H CA http://www.zdnet.com/article/canada-government-websites-offline-amid-ongoing-cyberattack/ 10 Jun 17 ? digitalcostitution.com digitalconstitution.com, the Microsoft's website dedicated to fighting the US government on matters of policy and surveillance is hacked to display spam links to casino-related pages. Malicious Content Injection Industry: Software CC US http://www.zdnet.com/article/microsofts-site-devoted-to-fighting-the-us-government-just-got-hacked/ 11 Jun 17 ? German Bundestag According to a report by G DATA, the German Bundestag is the target of a cyber attack carried on via a variant of the online banking trojan Swatbanker. Targeted Attack Government CE DE https://www.gdatasoftware.com/newsroom/news/article/second-round-of-cyber-attacks-on-the-german-federal-parliament-bundestag 12 Jun 17 ? LC Industries, Inc. LC Industries, Inc., which operates the Tactical Assault Gear website (tacticalassaultgearstore.com), notifies 3,754 customers that malware discovered on the website has been used to gain access to personal information. Malware Industry: E-Commerce CC US http://www.scmagazine.com/malware-on-tactical-assault-gear-website-targets-customer-information/article/423302/ 13 Jun 17 ? Sussan Fashion retailer Sussan takes down its own website for six days following “a security incident”. Unknown Industry: Clothing CC AU http://www.smartcompany.com.au/finance/47401-sussan-s-website-goes-down-after-security-breach.html# 14 Jun 18 ? Akorn, Inc. Akorn Inc., a niche pharmaceutical company has a customer database with more than 50,000 records compromised by a hacker who offers to sell the data on the dark web. SQLi Industry: Pharmaceuticals CC US http://www.csoonline.com/article/2938032/data-breach/akorn-inc-has-customer-database-stolen-records-offered-to-highest-bidder.html 15 Jun 19 ? Harvard University Harvard discovers an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks. A subsequent investigation reveals that eight schools and administrative organizations have been affected altogether. Unknown Education CC US http://www.net-security.org/secworld.php?id=18586 16 Jun 19 Iranian Hackers >1 The Saudi documents leaked by WikiLeaks suggest that Iranian hackers could have infiltrated the system of a dozen countries, included the United States. Targeted Attack Government CW >1 http://www.washingtonpost.com/world/middle_east/theft-of-saudi-documents-suggests-an-iranian-hack-experts-say/2015/06/25/dd2f57e2-19c2-11e5-bed8-1093ee58dad0_story.html 17 Jun 14 @THTHerakles Hyundai Motor Company @THTHerakles claims to have hacked the Brazilian branch of the motor corporation and dumps 350 records including userid, name, telephone number, email address, and other details SQLi Industry: Automotive CC BR http://www.databreaches.net/hyundai-customer-information-leak/ 18 Jun 19 ? COA Network, Inc. COA Network, Inc. detects a pattern of irregular activity affecting its computer systems, and consequently reveals that all customer information could be potentially compromised. Brute Force Industry: Software CC US http://www.scmagazine.com/coa-network-breached-all-customer-data-treated-as-potentially-compromised/article/422637/ 19 Jun 19 ? Dungarees Dungarees notifies an undisclosed number of customers that its website (dungarees.net) was attacked, and credit and debit card information may have been compromised. Malware Industry: E-Commerce CC US http://www.scmagazine.com/dungarees-website-attacked-payment-cards-potentially-compromised/article/422373/ 20 Jun 19 ? Single Individuals 700 images of women from "Brisbane and surrounding areas" are uploaded to an online forum, with a link to a New Zealand-based file-sharing service. Unknown Single Individuals CC AU https://nakedsecurity.sophos.com/2015/06/25/hundreds-of-australian-nude-images-posted-without-womens-consent/ 21 Jun 20 @ro0ted Montreal Police Union (fppm.qc.ca) In name of #OpC51, @ro0ted, a hacker affiliated with the Anonymous collective defaces the official website of Montreal Police Union (fppm.qc.ca Fraternité des policiers et policières de Montréal) against the approval of anti-terror law C-51 that weakens Internet privacy. Defacement Org: Police Union H CA https://www.hackread.com/anonymous-hacks-candian-govt-against-bill-c51/ 22 Jun 21 ? LOT Polish Airlines Around 1,400 passengers of LOT (the flag carrier of Poland) are stranded at Warsaw's Chopin airport after the flight plan system go down for around five hours after suffering a DDoS attack. Few days later some doubts emerge about the real nature of the attack. DDoS Industry: Airline CC PL http://www.reuters.com/article/2015/06/22/us-poland-lot-cybercrime-idUSKBN0P21DC20150622 23 Jun 21 Kuroi’SH Google Vanuatu A hacker going with the handle of Kuroi’SH defaces the Google Vanuatu domain (google.vu) in support for the freedom of Western Sahara. DNS Hjiacking Industry: Interent Services H VU https://www.hackread.com/google-vanuatu-domain-hacked/ 24 Jun 22 ? Scrypt.cc Cloud mining hash power online marketplace Scrypt.CC is hacked and a large, undisclosed amount of Bitcoin and hashing power is stolen. Unknown Bitcoin Cloud Mining CC US http://www.newsbtc.com/2015/06/22/scrypt-cc-hacked-large-amount-of-bitcoin-stolen/ 25 Jun 22 ? Katie Hopkins The Twitter account of Katie Hopkins is hacked and posts several offensive tweets. Account Hijacking Single Individual CC UK https://grahamcluley.com/2015/06/katie-hopkins-twitter-hacked/ 26 Jun 22 ? Waseda University Waseda University admits that it took about half a year before it discovered that personal data on roughly 3,300 officials and students were leaked from an infected machine. Malware Education CC JP http://mainichi.jp/english/english/newsselect/news/20150623p2g00m0dm002000c.html 27 Jun 23 APT3 >1 FireEye discovers a new phishing campaign carried on by the APT3 threat actor against organizations in several industries via CVE-2015-3113. Targeted Attack >1 CE >1 https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html 28 Jun 23 @ro0ted Intelligent Transportation Systems (itscanada.ca) In name of #OpC51, @ro0ted dumps the Intelligent Transportation Systems (ITS) website (itscanada.ca) and dumps the details of several officers. Unknown Org: Transportation H CA http://motherboard.vice.com/read/anonymous-claims-it-leaked-passwords-and-credit-card-info-of-canadian-officials 29 Jun 24 @ro0ted Police Association of Ontario, Canada (pao.ca) In name of #OpC51, @ro0ted hacks the Police Association of Ontario, Canada (pao.ca) and leak personal details of its 1,300 employees and registered users. SQLi Law Enforcement H CA https://www.hackread.com/anonymous-hacks-police-ontario-police-bill-c51/ 30 Jun 24 ? 47 US government agencies Recorded Future, a CIA-backed startup, discovers login credentials and passwords for 47 US government agencies littered across the Internet, leaving federal agencies potentially at risk of cyberattack. Unknown Government CC US https://www.recordedfuture.com/government-credentials-report/ 31 Jun 24 ? Hershey Park Hershey Park hires a security firm to investigate reports from multiple financial institutions about a possible credit card breach, Unknown Industry: Hospitality CC US http://krebsonsecurity.com/2015/06/hershey-park-investigates-card-fraud-pattern/ 32 Jun 24 @str0ke_ Wounds International (woundsinternational.com) A hacker dubbed str0ke AKA @str0ke_ claims to have hacked Wounds International (woundsinternational.com) and dumps 12,999 unique emails and passwords, plus 4 administrator credentials. SQLi Online Services CC UK http://pastebin.com/pDKVcU2Z 33 Jun 24 ? Clarksville Town Court Personal information of thousands of individuals in Clarksville, Ind., might be compromised after Clarksville Town Court servers were hacked sometime earlier this week. Unknown Government CC US http://www.courier-journal.com/story/news/local/2015/06/24/clarksville-indiana-town-court-case-files-hacked/29237627/ 34 Jun 25 @Kyfxsec SPOTIFYMUSIC.SE A hacker called @Kyfxsec claims to have hacked SPOTIFYMUSIC.SE (a Spotify users forum) and dumps 4,432 usernames and passwords. SQLi Online Forum CC SE http://pastebin.com/JtCxfY98 35 Jun 27 ASOR Hack Team verdadegospel.com A team of hackers going with the handle of ‘ASOR Hack Team’ defaces a famous Protestant Brazilian online news portal (verdadegospel.com) against its anti-LGBT/same-sex marriage stance. Defacement News H BR https://www.hackread.com/gospel-news-portal-hacked-with-lgbt-flag/ 36 Jun 27 AnonOpsIndia incometaxindiaefiling.gov.in AnonOpsIndia claims to have hacked incometaxindiaefiling.gov.in and dumps 2000+ details SQLi Government H IN http://anonopsindia.tumblr.com/post/122613376221/pan-database-hacked-no-data-was-tampered-but 37 Jun 28 AnonOpsIndia Unspecified coal site AnonOpsIndia claims to have hacked an unspecified governmental site related to coal allocation and dumps several screenshots to prove the action, Unknown Government H IN http://anonopsindia.tumblr.com/post/122677406546/two-days-two-security-breaches-goi-stop 38 Jun 29 TeamGhostShell >1 After almost exactly 2 years and 6 months, the TeamGhostShell is back and dumps 444 databases from different targets. >1 >1 H >1 http://www.cyberwarnews.info/2015/07/01/teamghostshell-returns-with-leak-the-entire-summer/ 39 Jun 29 Anonghost United Nations The hacktivist group AnonGhost defaces the official website of United Nations designated for the Kingdom of Jordan, leaving a message in support of free Palestine (un.org.jo). Defacement Org: United Nations H JO https://www.hackread.com/anonghost-hacks-united-nations-jordan-website/ 40 Jun 29 EXCiDiUM NC State University A hacker called EXCiDiUM claims to have hacked the NC State University and dumps 1,338 usernames with clear text passwords. Unknown Education CC US http://pastebin.com/bU2EVAgy 41 Jun 30 France? Iran Security researchers at ESET publish the analysis of an apparently state-sponsored cyber-espionage tool used to target computers in Iran. The malware is named "Dino" by its developers and is described as a "full featured espionage platform." Suspects are directed to France. Targeted Attack >1 CE IR http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/ 42 Jun 30 Aerith Canadian Security Intelligence Service (csis.gc.ca) The Canadian Security Intelligence Service website (csis.gc.ca) is down for the third time in the last 24 hours. A rogue hacker using the name "Aerith" claims responsibility for the outages. DDoS Law Enforcement H CA http://www.ctvnews.ca/canada/csis-website-under-repeated-cyberattacks-1.2447166
CC Cyber Crime
CE Cyber Espionage
CW Cyber War