Last Updated on January 23, 2016
It’s time to publish the first timeline of August.
Despite the Summer holidays, it has been a really busy period with several high profile operations, such as the cyber attack against the Pentagon, allegedly originated from Russia, and the ones that hit Sabre Corporation and American Airlines, allegedly executed by the same Chinese group that hit Anthem Inc. and the U.S. Government’s Personnel Office.
But even cyber criminals were quite active: yet another retailer has been severely hit, and I am obviously referring to Carphone Warehouse whose 2.4 million customers might have had their personal details illegitimately accessed after a cyber attack.
Other interesting events include a large scale attack against Yahoo! own Ad network aimed to distribute malware and a $46 million worth cyber heist against Ubiquity Networks.
As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 01/08/2015 ? RBS Banking Group The RBS banking group reveals it suffered a cyber attack on its online services that left customers struggling to log on for nearly an
DDoS Finance CC UK http://www.theguardian.com/business/2015/jul/31/rbs-and-natwest-customers-complain-of-online-problems 2 01/08/2015 ? OCEA
(Orange County Employees Association)
The Orange County Employees Association notifies an undisclosed number of people that their personal information, and that of their dependents, may have been accessed by hackers during one or more attacks, which appears to have occurred as early as June 5, and detected on July 23. Unknown Org: Non-Profit CC US http://www.databreaches.net/orange-county-employees-association-victim-of-hack/ 3 01/08/2015 ? Red Granite Pictures Red Granite Pictures, claims in a new lawsuit that it has been the subject of a malicious hack that has allowed the attackers to intimidate employees and disrupt its business via a mass emails campaign. Unknown Industry: Entertainment CC US http://www.hollywoodreporter.com/thr-esq/wolf-wall-street-backer-says-812115 4 01/08/2015 ? Siouxland Pain Clinic Siouxland Pain Clinic‘s computer system is hacked, putting at risk patient privacy. 13,000 users are potentially affected and an investigation suggests a possible Chinese origin for the attack. Unknown Healthcare CC US http://www.databreaches.net/siouxland-pain-clinic-says-patient-information-likely-exposed-by-hacker/ 5 01/08/2015 MuhmadEmad Sheriff’s Office at Etowah County and Hardin Center
MuhmadEmad, an anti-ISIS Kurdish hacker, defaces the Sheriff’s office at Etowah County and Hardin Center (etowahcountysheriff.com and culturalarts.com) posting a message against Islamic State. The sites are hosted on Network Solutions that publishes a statement about the attack. Defacement Law Enforcement H US https://www.hackread.com/anti-isis-kurdish-hacker-sheriff-site/
6 01/08/2015 ? Bodmin College's website
A disgruntled former student is thought to be responsible for hacking Bodmin College's website and defacing it with a series of obscenities Defacement Education CC UK http://www.cornishguardian.co.uk/Bodmin-College-website-hacked-obscenities-WARNING/story-27514759-detail/story.html 7 02/08/2015 Anonymous Several Taiwan government websites In name of OpTaiwan, the online hacktivist Anonymous shuts down several Taiwan government websites. DDoS Government H TW https://www.hackread.com/anonymous-brings-down-taiwan-govt-websites/ 8 02/08/2015 ? Dubizzle Several Dubizzle customers receive a warning email message instructing them to immediately change their passwords, after the online classifieds website discovers a security breach. Unknown Industry: Classified Marketplace CC UAE http://www.emirates247.com/business/technology/dubizzle-strengthens-online-security-following-breach-2015-08-06-1.599356 9 03/08/2015 ? Yahoo! Malwarebytes uncovers a large scale attack abusing Yahoo!’s own ad network (6.9 Billion visits per month). Malvertising Industry: Internet Services CC US https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/ 10 03/08/2015 Telecomix Canada Donald Trump Corporate Website
Telecomix Canada hacks Donald Trump's corporate website (trump.com) sending a public thank you message to outgoing Daily Show host Jon Stewart. Defacement Single Individual H US http://www.cbc.ca/news/trending/hacktivists-hijack-donald-trumps-website-with-message-for-jon-stewart-1.3178066 11 04/08/2015 ? Valve's Dota 2 Online Tournament The International annual tournament for Valve's Dota 2, featuring dozens of players and millions in prize money, is put on hold when a DDoS attack takes down the game's servers. DDoS Industry: Video Games CC US http://www.theverge.com/2015/8/4/9097597/the-international-dota-2-ddos-attack-valve 12 04/08/2015 ? Hover Website domain name registrar Hover emails users warning of possible "unauthorised access" to one of its systems, telling them that they will not be able to log into the service until they reset their passwords. Unknown Industry: Internet Services CC CA https://grahamcluley.com/2015/08/security-alert-hover-leads-password-reset/ 13 04/08/2015 ? Andy Weir Andy Weir, the creator of The Martian has its Twitter and E-mail accounts hacked. Account Hijacking Single Individual CC US http://arstechnica.com/security/2015/08/the-martian-author-says-comcast-let-hacker-take-over-his-e-mail/ 14 04/08/2015 Terracotta >1 Researchers from RSA Security have discover a VPN provider in China that use hacked Windows servers around the world as VPN nodes on a network that is used as cover by some APT groups. The provider is codenamed: Terracotta. >1 >1 CC >1 https://threatpost.com/researchers-uncover-terracotta-chinese-vpn-service-used-by-apt-crews-for-cover/114110#sthash.vHpLzuCC.dpuf 15 05/08/2015 Emissary Panda
Threat Group 3390
>1 Dell SecureWorks researchers unveil a report on a newly detected hacking group that has targeted companies around the world while stealing massive amounts of industrial data. The majority of the targets of the hacking group were in the automotive, electronic, aerospace, energy, and pharmaceutical industries. Targeted Attack via Watering Hole >1 CE >1 http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/ 16 05/08/2015 ? Two Undisclosed UAE Banks Several credit cards are being replaced across the UAE by some banks following a possible security beach involving online hackers. Unknown Finance CC UAE http://www.emirates247.com/business/technology/fraud-alert-uae-banks-replace-credit-cards-after-security-scare-2015-08-05-1.599203 17 05/08/2015 Dr.MwNs Sri Lankan Prime Minister Office website
The Sri Lankan prime minister Ranil Wickremesinghe has his office website hacked by a Pro-Syria hacktivist dubbed Dr.MwNs. Defacement Government H LK https://www.hackread.com/sri-lankan-prime-ministers-office-website-hacked/ 18 06/08/2015 Unknown Russian Hacker E*Trade
Australian Investment Exchange
The Australian Securities & Investment Commission (ASIC) reveals that an unnamed Russian hacker used compromised retail accounts held by E*Trade, Commsec and the Australian Investment Exchange to illegally manipulate more than a dozen penny stocks to the tune of $77,429 AUD (nearly $57,000 USD). Account Hijacking Finance CC AU http://www.scmagazine.com/aussies-finger-russian-in-stock-hack/article/430752/ 19 06/08/2015 Russia ? United States Department of Defense U.S. officials tell NBC News that Russia launched a "sophisticated cyberattack" against the Pentagon's Joint Staff unclassified email system, which has been shut down and taken offline for nearly two weeks. According to the officials, the "sophisticated cyber intrusion" occurred sometime around July 25 and affected some 4,000 military and civilian personnel who work for the Joint Chiefs of Staff. Targeted Attack Government CE US http://www.cnbc.com/2015/08/06/russia-hacks-pentagon-computers-nbc-citing-sources.html 20 06/08/2015 ? ICANN ICANN, the organisation which oversees the internet’s domain name system, reveals to have fallen victim to a hacker attack during which the details (emails and hashed passwords) of users who had created profiles on the organisation’s public website were exposed. Unknown Org: Non-Profit CC US http://www.tripwire.com/state-of-security/security-data-protection/security-breach-icann/ 21 06/08/2015 Ecuador Domestic Intelligence ? Some Ecuadorean Opposition Activists The Associated Press shows evidence that some Ecuadorean opposition activists were hacked by Ecuador's domestic intelligence agency, with software tailor-made by Hacking Team. Account Hijacking Single Individuals CE EC https://www.yahoo.com/tech/s/apnewsbreak-email-leak-suggests-ecuador-spied-opposition-191403707--finance.html 22 06/08/2015 "Brenda" Miranda Lambert A woman, identifying herself only as "Brenda", claims to have broken into Miranda Lambert's email account, accessing more than 35,000 emails. Account Hijacking Single Individual CC US http://www.intouchweekly.com/posts/exclusive-miranda-lambert-s-private-e-mail-account-hacked-hacker-confesses-to-breaking-into-35-000-plus-personal-e-mails-66194 23 06/08/2015 l1kw1d http://itembay.ca/ l1kw1d hacks itembay.ca, an online game virtual currency provider and dumps 4,330 usernames with clear text passwords. SQLi Online Services CC CA http://siph0n.net/exploits.php?id=3974 24 07/08/2015 ? Ubiquity Networks Networking firm Ubiquiti Networks Inc. discloses a cyber theft of $46.7 million perpetrated spoofing communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. Account Hijacking Industry: Computer Networking CC US http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/ 25 07/08/2015 ? (China?) Sabre Corporation Sabre Corp., which processes reservations for hundreds of airlines and thousands of hotels, confirm that its systems were breached recently. The company was probably hacked as part of the same wave of attacks that targeted insurer Anthem Inc. and the U.S. government’s personnel office. Targeted Attack Industry: Travel Technology CE US http://www.bloomberg.com/news/articles/2015-08-07/american-airlines-sabre-said-to-be-hit-in-hacks-backed-by-china 26 07/08/2015 ? (China?) American Airlines Group Inc. American Airlines Group Inc., the world’s biggest carrier, announces that an investigation is ongoing to verify whether the same attackers who targeted Sabre had entered its computers. Targeted Attack Industry: Airlines CE US http://www.bloomberg.com/news/articles/2015-08-07/american-airlines-sabre-said-to-be-hit-in-hacks-backed-by-china 27 08/08/2015 ? Carphone Warehouse Affiliates
The personal details of up to 2.4 million customers may have been accessed after a division of Carphone Warehouse was hit by a cyber attack. It also appears that a smokescreen DDoS attack was utilised to hide the attack. Unknown Industry: Retail CC UK http://www.rte.ie/news/2015/0808/720023-carphone-warehouse/
28 08/08/2015 @JM511 http://jobsatteam.com TEAM (The Employment Agents Movement), the largest network of independent recruiters in the UK, is hit by a Saudi Arabian hacker that goes by the online handle JM511. The attacker dumps 1296 records. SQLi Industry: Recruiting CC UK http://www.net-security.org/secworld_main.php 29 08/08/2015 ? Undisclosed Brazilian Bus Station Hackers infiltrate the travel information video screens at a Brazilian bus station in the southern city of Curitiba, and replace arrival and departure times with hard-core porn. Unknown Bus Station CC BR http://www.dailystar.com.lb/News/World/2015/Aug-08/310320-hackers-broadcast-porn-on-tv-screens-at-brazil-bus-depot.ashx 30 08/08/2015 MexicanH Team Mexican Ministry of Communications and Transportation
A group of Mexican hacktivists affiliated with the Anonymous collective defaces the website of Mexican Ministry of Communications and Transportation (mexicoconectado.gob.mx) in retaliation for the murder of the Mexican photojournalist Rubén Espinosa. Defacement Government H MX https://www.hackread.com/anonymous-mexico-ruben-espinosa/ 31 09/08/2015 Phénoméne Dz Accademia della Crusca
A pro-ISIS hacker hacker dubbed Phénoméne Dz defaces the website of The Accademia della Crusca (www.accademiadellacrusca.it), the most important research institution on Italian language. Defacement Org: Research H IT http://www.lastampa.it/2015/08/09/italia/cronache/hacker-dellisis-allattacco-dellaccademia-delle-crusca-questa-guerra-appena-iniziata-sNlipLpz3qtzyh0YfCR7zK/pagina.html 32 10/08/2015 Dancing Panda
Top Obama Administration Officials China's cyber spies have accessed the private emails of "many" top Obama administration officials, according to a senior U.S. intelligence official and a top secret document obtained by NBC News, and have been doing so since at least April 2010. Targeted Attack Government CE US http://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046 33 10/08/2015 ? OneBookShelf OneBookShelf, the operator of websites that sell games and comics as PDFs and print-on-demand publications, notifies customers that it suffered a hacker attack that obtained some credit card information. Unknown Industry: Digital Marketplace CC US http://icv2.com/articles/news/view/32291/credit-card-breach-onebookshelf 34 10/08/2015 ? Chelsea Clark
(27 year-old Toronto Woman)
Police are investigating the case of a webcam hacking after a Toronto woman is sent intimate photos of herself and her boyfriend watching Netflix. Unknown Single Individual CC CA http://globalnews.ca/news/2156291/toronto-womans-webcam-hacked-while-watching-netflix/ 35 10/08/2015 Deletesec Avionews
DeleteSec hacks avionews.com and dump 2,419 records with usernames and hashed passwords. SQLi News CC IT https://ghostbin.com/paste/dy8pm 36 11/08/2015 32 defendants Newswire services
(Business Wire, PR Newswire, Marketwired)
The US Securities and Exchange Commission announce civil fraud charges against 32 defendants for taking part in a scheme to profit from stolen nonpublic information about corporate earnings announcements. Those charged include two Ukrainian men who allegedly hacked into newswire services (Business Wire, PR Newswire, Marketwired) to obtain the information and 30 other defendants in and outside the US who allegedly traded on it, generating more than $100 million in illegal profits. Unknown News CC US http://www.net-security.org/secworld.php?id=18753 37 12/08/2015 ? >1 Cisco Systems officials warn customers of a series of attacks that completely hijack critical networking gear by swapping out the valid ROMMON firmware image with one that's been maliciously altered. Firmware Swap >1 CC >`1 http://arstechnica.com/security/2015/08/attackers-are-hijacking-critical-networking-gear-from-cisco-company-warns/ 38 13/08/2015 ? AdSpirit.de
Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites are exposed to a new malvertising campaign, targeting initially AdSpirit.de and then moving to another advertiser (AOL). Malvertising Industry: Internet Services CC DE
https://blog.malwarebytes.org/malvertising-2/2015/08/ssl-malvertising-campaign-continues/ 39 13/08/2015 Mr.H4rD3n Embassy of Azerbaijan in Russia
A hacker going with the handle of Mr.H4rD3n defaces the official website of Embassy of Azerbaijan in Russia (azembassy.ru). Defacement Government H AZ https://www.hackread.com/azerbaijan-embassy-russia-hacked-syria/ 40 14/08/2015 China? University of Virginia The University of Virginia announces to have been hit by a cyber attack allegedly originating from China. Targeted Attack Education CE US http://news.virginia.edu/content/uva-responds-cyber-attack-portions-it-systems-0 41 14/08/2015 ? Fred's Inc. Fred's Inc. confirms that an unauthorized person gained access to two servers that process payment card data placing a malicious software capable of copying the payment card data. PoS Malware Industry: Retail CC US http://www.scmagazine.com/breach-affects-payment-cards-used-at-hundreds-of-freds-super-dollar-stores-in-14-states/article/432783/ 42 14/08/2015 ? City of Henderson Web Site
A computer hacker broke into a city of Henderson Web server and had access to data for nine days before being detected. However the city declared that no personal or sensitive information was compromised, Unknown Government CC US http://www.reviewjournal.com/politics/government/hacker-breaks-henderson-computer-server 43 15/08/2015 @TheNetShip http://ecastTV.co.nz Avionews, Deletesec SQLi Industry: Internet TV CC NZ http://pastebin.com/3T6mwNqc