Last Updated on January 23, 2016

It’s time to close this Infosec August with the list of the main cyber attacks occurred between the 16th and 31st  (Part I here).

Despite, in terms of mere numbers, this fortnight has shown a decreasing trend, the chronicles report several remarkable events.

In particular suffered the most important breach of this second half of August, causing the compromising of 93,000 customer records. In the same period Malwarebytes unmasked two more massive malvertising campaign, whose largest  one, caused by an old acquaintance like, was able to distribute malware via (in the other case, PlentyOfFish, a popular dating site, was equally abused to distribute malware). The chronicle also report another DDoS attack against GitHub.

The list of targeted attacks is similarly pretty interesting: it includes Operation Watermain (a campaign targeting South East Asian Nations), Blue Termite (against Japanese targets), a bogus domain in disguise of the Electronic Frontier Foundation made up with the sole purpose to serve malware, and, last but not least, yet another campaign against Iranian dissidents.

And let’s close with a quick overview of the hacktivism, whose most important event is the attack, carried on by the Anonymous collective, against the South African State Information Technology Agency.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

112/08/2015AnonymousState Information Technology Agency
In name of #OperationSA and #OpMonsanto, the Anonymous hack the South African government contractor State Information Technology Agency ( and leak its entire database.SQLi
Industry: Information TechnologyHZA
212/08/2015?University of Michigan’s Facebook pages:
Michigan Football
Michigan Basketball
Michigan Athletics
The University of Michigan’s most popular Facebook pages: Michigan Football, Michigan Basketball, and Michigan Athletics are hacked by an unknown user that posts malicious messages.Account HijackingEducationCCUS
313/08/2015?Web.comThe name, address, and credit card information of approximately 93,000 customers of, a popular US-based provider of Internet services to small businesses, is compromised due to a breach of one of the company's computer systems.Unknown
Industry: Internet ServicesCCUS
415/08/2015Kelvinsecurity AKA KelvinSecTeamSecretaría de Educación Pública
Kelvinsecurity AKA KelvinSecTeam hacks the website of the Mexican Public Education Registry (Secretaría de Educación Pública and dumps 106 records with hashed passwords.SQLi
515/08/2015Cyber of Emotion (@Cyber_Emotion)24 Saudi Government WebsitesA Saudi Hacker going with the handle of Cyber of Emotion (@Cyber_Emotion) claims to have hacked more than 24 Saudi government websites.Defacement
A group of Turkish hackers going with the online handles of RootDevilz, Jonturk75 and Bozkurt97 deface the official website of Unicef India ( and post a message against China, US, UN, EU and Israel.Defacement
Org: United NationsHIN
Totally Promotional
Totally Promotional, an internet seller of imprinted promotional products, notifies an undisclosed number of customers that attackers forced their way into its systems and gained access to some customer payment card data and other information. However it appears that the breach did not involve directly Totally Promotional, but rather Casad Company Inc., which runs the website
Industry: RetailCCUS
817/08/2015NetPirates AKA @TheNetShipThe Hope Institute
NetPirates AKA @TheNetShip hack The Hope Institute ( and dump about 6000 usernames and hashed passwords (they claim to have retrieved additional 5000 record).SQLi
Org: educationCCKR
The Pro-Russia collective CyberBerkut takes down several Ukrainian sitesDDoSOrg: NationalismHUA
(a rights and citizen journalism website)
Tianwang, a rights and citizen journalism website based in the southwestern Chinese province of Sichuan says its operations have been paralyzed by an external attack.Unknown
Org: Human RightsCCCN
1118/08/2015? (hacker affiliated with Anonymous?)Clayton Valley Charter High SchoolA hacker purportedly associated with the Anonymous collective claims to have hacked the Clayton Valley Charter High School and sends several internal documents via email.Account HijackingEducationHUS
1218/08/2015NetPirates AKA @TheNetShiphttp://www.gohens.netNetPirates AKA @TheNetship hack, an online forum, and dump 8,300+ usernames and hashed passwords.SQLi
Online ForumCCUS
1319/08/2015@DadSecurity Internet troll with the nickname @DadSecurity takes down and not happy with the result targets the portal co-founder Justine Roberts in a 'swatting' attack.DDoSOrg: Internet ServicesCCUK
1419/08/2015EroiiKZzhttp://forum.aiekillu.frA hacker dubbed EroiiKZz hacks and dumps about 32,000 records.SQLi
Online ForumCCFR
1519/08/2015Kelvinsecurity AKA KelvinSecTeamInstituto Venezolano de Investigaciones Científicas
Kelvinsecurity AKA KelvinSecTeam hacks the website of the Venezuelan Institute for Scientific Research (Instituto Venezolano de Investigaciones Científicas and dump 60 usernames and hashed passwords.SQLi
1619/08/2015Israeli NinjaNayaTel (Pvt) Ltd
A hacker dubbed Israeli Ninja hacks and dumps the entire database.SQLi
Industry: ISPCCPK
1720/08/2015?University of Rhode Island
The University of Rhode Island ( notifies former and current students of of an incident involving the inappropriate collection, and possible use, of information related to some URI email accounts by an external individual.Unknown
Malwarebytes detects a malvertising attack on popular dating site PlentyOfFish (POF) which draws over 3 million daily users. The ad network involved in the malvertising campaign is
1920/08/2015Clinkz48Karnataka State Higher Education Council
The website of the Karnataka State Higher Education Council ( is defaced by a group that calls itself Clinkz48.Defacement
2021/08/2015? (China?)>1FireEye unveils the details of Operation Watermain, a campaign targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues.Targeted AttackGovernmentCE>1
2121/08/2015Blue Termite>1Kaspersky Lab unveils the details of a new campaign, carried on by an advanced threat group called "Blue Termite", hacking high-end Japanese industries from within the country, using the leaked Adobe Flash vulnerabilities revealed in the Hacking Team data dump.Targeted Attack>1CE>1
2221/08/2015Mr.Xpr! Iran Hack Security TeamRoyal Saudi Air Force
Mr.Xpr!, an Iranian hacker from Iran Hack Security Team defaces the official website of Royal Saudi Air Force (
2323/08/2015JM511 hacks and dumps 49,967 customers’ details: billing addresses (street and city), email addresses, hashed passwords, telephone numbers, customers’ cities, and dates of birth. The attacker claims to have obtained a total of 162,000+ records.SQLi
Industry: E-Commerce
2423/08/2015JM511University of California at Los Angeles
JM511 dumps some data from the University of California at Los Angeles (UCLA) after allegedly warning the university twice. The attacker also warns other universities of possible vulnerabilities including: Western Governor’s University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University.SQLi
2523/08/2015?Philippine Bureau of Customs
In name of #OpCustoms, a group of hackers takes down the Philippine Bureau of Customs (
2625/08/2015?GithubCode repository Github is the victim of a massive DDoS Attack. The site is likely targeted because of software projects hosted on the site that have allowed Chinese Internet users to bypass the Great Firewall's packet filtering and inspection tools, DDoSIndustry: SoftwareCCUS
2725/08/2015AnonGrim AKA @An0nGrim AKA @An0nGrim hacks and dumps 4,771 records.SQLi
Industry: E-CommerceCCUK
2826/08/2015Moroccanwolf, a UK National Health Service (NHS) site on which the organisation posts patients' stories describing their experience with illness is defaced by Moroccanwolf, as an act of protest regarding western governments' lack of humanitarian actions in Syria.Defacement
2927/08/2015? (Russia?)EFF
Electronic Frontier Foundation
Google's security team identifies a new domain masquerading as an official EFF site as part of a targeted malware campaign linked to the Operation Pawn Storm. The domain is Attack
Single IndividualsCEUS
3027/08/2015?Iranian DissidentsResearchers at Citizen Lab release a report describing a phishing campaign conducted against Iranian dissidents.Targeted Attack
Single IndividualsCEIR
3127/08/2015?MSN.comMalwarebytes reveals that the same ad network,, which was recently abused in malicious advertising attacks against several top media sites, is caught serving malvertising on This is the work of the same threat actors that were behind the Yahoo! malvertising.MalvertisingIndustry: Internet ServicesCCUS
3227/08/2015? is hit by a new wave of DDoS attacks.DDoSOrg: Internet ServicesCCUK
3327/08/2015NetPirates AKA @TheNetShip AKA @TheNetShip hack and dump about 50K usernames and hashed passwords.SQLi
Internet ServicesCCKY
3427/08/2015?Utah Food BankUtah Food Bank notifies the donors of an access into its website by an unauthorized individual who could have gained access to personal data of more than 10,000 donors.Unknown
Org: Non-ProfitCCUS
3528/08/2015?Michigan Catholic ConferenceThe Michigan Catholic Conference notifies more than 10,000 employees, that their personal information has been compromised by an unknown hacker who could also have obtained their personal information.Unknown
Org: Non-ProfitCCUS
3631/08/2015?TransformPOSVillage Pizza & Pub, a local pizza chain headquartered in Elgin, Illinois, is the indirect victim of security breach perpetrated against TransformPOS, the company that provides its POS payment card processing system.Unknown
Industry: POS EquipmentCCUS

This Post Has 3 Comments

  1. Ryan

    Will this list be made available as a CSV? For those whose proxies block all things Google Docs? 🙁

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.