Last Updated on January 23, 2016
It’s time to close this Infosec August with the list of the main cyber attacks occurred between the 16th and 31st (Part I here).
Despite, in terms of mere numbers, this fortnight has shown a decreasing trend, the chronicles report several remarkable events.
In particular Web.com suffered the most important breach of this second half of August, causing the compromising of 93,000 customer records. In the same period Malwarebytes unmasked two more massive malvertising campaign, whose largest one, caused by an old acquaintance like Adspirit.de, was able to distribute malware via MSN.com (in the other case, PlentyOfFish, a popular dating site, was equally abused to distribute malware). The chronicle also report another DDoS attack against GitHub.
The list of targeted attacks is similarly pretty interesting: it includes Operation Watermain (a campaign targeting South East Asian Nations), Blue Termite (against Japanese targets), a bogus domain in disguise of the Electronic Frontier Foundation made up with the sole purpose to serve malware, and, last but not least, yet another campaign against Iranian dissidents.
And let’s close with a quick overview of the hacktivism, whose most important event is the attack, carried on by the Anonymous collective, against the South African State Information Technology Agency.
As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target
ClassAttack
ClassCountry Link
1 12/08/2015 Anonymous State Information Technology Agency
http://sita.co.zaIn name of #OperationSA and #OpMonsanto, the Anonymous hack the South African government contractor State Information Technology Agency (sita.co.za) and leak its entire database. SQLi
Industry: Information Technology H ZA https://www.hackread.com/opmonsanto-anonymous-hacks-south-african-govt/
2 12/08/2015 ? University of Michigan’s Facebook pages:
Michigan Football
Michigan Basketball
Michigan AthleticsThe University of Michigan’s most popular Facebook pages: Michigan Football, Michigan Basketball, and Michigan Athletics are hacked by an unknown user that posts malicious messages. Account Hijacking Education CC US
http://socialmedia.umich.edu/blog/hacked/
3 13/08/2015 ? Web.com The name, address, and credit card information of approximately 93,000 customers of Web.com, a popular US-based provider of Internet services to small businesses, is compromised due to a breach of one of the company's computer systems. Unknown
Industry: Internet Services CC US
http://www.net-security.org/secworld.php?id=18783
4 15/08/2015 Kelvinsecurity AKA KelvinSecTeam Secretaría de Educación Pública
http://www.sepdf.gob.mx
Kelvinsecurity AKA KelvinSecTeam hacks the website of the Mexican Public Education Registry (Secretaría de Educación Pública sepdf.gob.mx) and dumps 106 records with hashed passwords. SQLi
Government CC MX http://siph0n.net/exploits.php?id=4001
5 15/08/2015 Cyber of Emotion (@Cyber_Emotion) 24 Saudi Government Websites A Saudi Hacker going with the handle of Cyber of Emotion (@Cyber_Emotion) claims to have hacked more than 24 Saudi government websites. Defacement
Government CC SA http://www.databreaches.net/hacker-hits-24-sites-to-alert-govt/
6 16/08/2015 RootDevilz
Jonturk75
Bozkurt97UNICEF India
http://unicef.in
A group of Turkish hackers going with the online handles of RootDevilz, Jonturk75 and Bozkurt97 deface the official website of Unicef India (unicef.in) and post a message against China, US, UN, EU and Israel. Defacement
Org: United Nations H IN https://www.hackread.com/unicef-india-website-turkish-hackers/
7 17/08/2015 ? http://www.totally promotional.com
Totally PromotionalTotally Promotional, an internet seller of imprinted promotional products, notifies an undisclosed number of customers that attackers forced their way into its systems and gained access to some customer payment card data and other information. However it appears that the breach did not involve directly Totally Promotional, but rather Casad Company Inc., which runs the website totallypromotional.com. Unknown
Industry: Retail CC US
http://www.scmagazine.com/totally-promotional-attack-compromises-payment-cards-other-data/article/434514/
http://www.asicentral.com/news/newsletters/promogram/august-2015/casad-company-inc-suffers-data-breach/
8 17/08/2015 NetPirates AKA @TheNetShip The Hope Institute
http://www.makehope.org/NetPirates AKA @TheNetShip hack The Hope Institute (makehope.org) and dump about 6000 usernames and hashed passwords (they claim to have retrieved additional 5000 record). SQLi
Org: education CC KR http://siph0n.in/exploits.php?id=3990
9 18/08/2015 CyberBerkut Unso.in.ua
Dontsov-nic.org.ua
Pse3zub.org
Ps-shop.com.ua
Bilozerska.info
Banderivec.ho.uaThe Pro-Russia collective CyberBerkut takes down several Ukrainian sites DDoS Org: Nationalism H UA http://cyber-berkut.org/en/
10 18/08/2015 ? Tianwang
(a rights and citizen journalism website)Tianwang, a rights and citizen journalism website based in the southwestern Chinese province of Sichuan says its operations have been paralyzed by an external attack. Unknown
Org: Human Rights CC CN http://www.rfa.org/english/news/china/rights-websites-hit-by-suspected-hacker-attack-great-firewall-blockade-08182015111603.html
11 18/08/2015 ? (hacker affiliated with Anonymous?) Clayton Valley Charter High School A hacker purportedly associated with the Anonymous collective claims to have hacked the Clayton Valley Charter High School and sends several internal documents via email. Account Hijacking Education H US
http://www.databreaches.net/ca-anonymous-responsible-for-clayton-valley-charter-high-computer-hack/
12 18/08/2015 NetPirates AKA @TheNetShip http://www.gohens.net NetPirates AKA @TheNetship hack gohens.net, an online forum, and dump 8,300+ usernames and hashed passwords. SQLi
Online Forum CC US
http://siph0n.net/exploits.php?id=3995
13 19/08/2015 @DadSecurity http://www.mumsnet.com/ An Internet troll with the nickname @DadSecurity takes down mumsnet.com and not happy with the result targets the portal co-founder Justine Roberts in a 'swatting' attack. DDoS Org: Internet Services CC UK
http://www.independent.co.uk/news/uk/home-news/mumsnet-hack-founder-justine-roberts-targeted-in-swatting-attack-and-parenting-website-pushed-temporarily-offline-10461558.html
14 19/08/2015 EroiiKZz http://forum.aiekillu.fr A hacker dubbed EroiiKZz hacks forum.aiekillu.fr and dumps about 32,000 records. SQLi
Online Forum CC FR http://siph0n.net/exploits.php?id=4006
15 19/08/2015 Kelvinsecurity AKA KelvinSecTeam Instituto Venezolano de Investigaciones Científicas
http://www.ivic.gob.veKelvinsecurity AKA KelvinSecTeam hacks the website of the Venezuelan Institute for Scientific Research (Instituto Venezolano de Investigaciones Científicas ivic.gob.ve) and dump 60 usernames and hashed passwords. SQLi
Government CC VE http://siph0n.net/exploits.php?id=3999
16 19/08/2015 Israeli Ninja NayaTel (Pvt) Ltd
http://nayatel.comA hacker dubbed Israeli Ninja hacks nayatel.com and dumps the entire database. SQLi
Industry: ISP CC PK http://siph0n.net/exploits.php?id=4002
17 20/08/2015 ? University of Rhode Island
URI.eduThe University of Rhode Island (URI.edu) notifies former and current students of of an incident involving the inappropriate collection, and possible use, of information related to some URI email accounts by an external individual. Unknown
Education CC US
http://web.uri.edu/publicsafety/data-security-issue/
18 20/08/2015 ? PlentyOfFish
http://www.pof.comMalwarebytes detects a malvertising attack on popular dating site PlentyOfFish (POF) which draws over 3 million daily users. The ad network involved in the malvertising campaign is ad.360yield.com. Malvertising
Dating CC US
https://blog.malwarebytes.org/malvertising-2/2015/08/malvertising-hits-online-dating-site-plentyoffish/
19 20/08/2015 Clinkz48 Karnataka State Higher Education Council
http://kshec.ac.inThe website of the Karnataka State Higher Education Council (kshec.ac.in) is defaced by a group that calls itself Clinkz48. Defacement
Education CC IN http://timesofindia.indiatimes.com/city/bengaluru/Website-of-Karnataka-Higher-Education-Council-hacked/articleshow/48598086.cms?
20 21/08/2015 ? (China?) >1 FireEye unveils the details of Operation Watermain, a campaign targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues. Targeted Attack Government CE >1 http://www.zdnet.com/article/cyberattack-campaign-targets-india-sea-nations/
21 21/08/2015 Blue Termite >1 Kaspersky Lab unveils the details of a new campaign, carried on by an advanced threat group called "Blue Termite", hacking high-end Japanese industries from within the country, using the leaked Adobe Flash vulnerabilities revealed in the Hacking Team data dump. Targeted Attack >1 CE >1 http://www.theregister.co.uk/2015/08/21/forget_euro_bullet_proofing_japan_hacker_flaks_set_up_ccs_home/
22 21/08/2015 Mr.Xpr! Iran Hack Security Team Royal Saudi Air Force
http://rsaf.gov.saMr.Xpr!, an Iranian hacker from Iran Hack Security Team defaces the official website of Royal Saudi Air Force (http://rsaf.gov.sa). Defacement
Military CC SA https://www.hackread.com/saudi-airforce-hacked-iranian-hackers/
23 23/08/2015 JM511 https://www.autozonepro.com/ JM511 hacks AutoZonePro.com and dumps 49,967 customers’ details: billing addresses (street and city), email addresses, hashed passwords, telephone numbers, customers’ cities, and dates of birth. The attacker claims to have obtained a total of 162,000+ records. SQLi
Industry: E-Commerce
CC UK
http://www.databreaches.net/50000-autozone-customers-data-hacked-exposed/
24 23/08/2015 JM511 University of California at Los Angeles
http://www.ucla.eduJM511 dumps some data from the University of California at Los Angeles (UCLA) after allegedly warning the university twice. The attacker also warns other universities of possible vulnerabilities including: Western Governor’s University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University. SQLi
Education CC US
http://www.databreaches.net/more-american-universities-hacked-by-jm511/
25 23/08/2015 ? Philippine Bureau of Customs
http://customs.gov.phIn name of #OpCustoms, a group of hackers takes down the Philippine Bureau of Customs (customs.gov.ph) DDoS GOVernment H PH http://philippineitnewsandservices.blogspot.co.uk/2015/08/philippines-bureau-of-customs-dozed-by.html
26 25/08/2015 ? Github Code repository Github is the victim of a massive DDoS Attack. The site is likely targeted because of software projects hosted on the site that have allowed Chinese Internet users to bypass the Great Firewall's packet filtering and inspection tools, DDoS Industry: Software CC US
https://threatpost.com/github-mitigates-ddos-attack/114403
27 25/08/2015 AnonGrim AKA @An0nGrim http://www.autobits.co.uk AnonGrim AKA @An0nGrim hacks autobits.co.uk and dumps 4,771 records. SQLi
Industry: E-Commerce CC UK
http://t.co/9Aoro2tQ04
28 26/08/2015 Moroccanwolf http://www.secamblive.nhs.uk www.secamblive.nhs.uk, a UK National Health Service (NHS) site on which the organisation posts patients' stories describing their experience with illness is defaced by Moroccanwolf, as an act of protest regarding western governments' lack of humanitarian actions in Syria. Defacement
Healthcare H UK
http://www.theregister.co.uk/2015/08/26/nhs_site_defaced_with_screed_protesting_syrian_conflict/
29 27/08/2015 ? (Russia?) EFF
Electronic Frontier FoundationGoogle's security team identifies a new domain masquerading as an official EFF site as part of a targeted malware campaign linked to the Operation Pawn Storm. The domain is electronicfrontierfoundation.org. Targeted Attack
Single Individuals CE US
https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff
30 27/08/2015 ? Iranian Dissidents Researchers at Citizen Lab release a report describing a phishing campaign conducted against Iranian dissidents. Targeted Attack
Single Individuals CE IR http://www.scmagazine.com/citizen-lab-report-describes-phishing-campaign-against-iranian-dissidents/article/435241/
31 27/08/2015 ? MSN.com Malwarebytes reveals that the same ad network, AdSpirit.de, which was recently abused in malicious advertising attacks against several top media sites, is caught serving malvertising on MSN.com. This is the work of the same threat actors that were behind the Yahoo! malvertising. Malvertising Industry: Internet Services CC US
https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/
32 27/08/2015 ? http://www.mumsnet.com/ Mumsnet is hit by a new wave of DDoS attacks. DDoS Org: Internet Services CC UK
http://www.scmagazineuk.com/mumsnet-hit-again-this-time-by-stronger-series-of-attacks/article/435099/
33 27/08/2015 NetPirates AKA @TheNetShip http://www.ecaytrade.com/ NetPirates AKA @TheNetShip hack ecaytrade.com and dump about 50K usernames and hashed passwords. SQLi
Internet Services CC KY http://t.co/otfvqVjTmD
34 27/08/2015 ? Utah Food Bank Utah Food Bank notifies the donors of an access into its website by an unauthorized individual who could have gained access to personal data of more than 10,000 donors. Unknown
Org: Non-Profit CC US
http://www.databreaches.net/utah-food-bank-security-breach-exposed-thousands-of-donors-info-since-october-2013/
35 28/08/2015 ? Michigan Catholic Conference The Michigan Catholic Conference notifies more than 10,000 employees, that their personal information has been compromised by an unknown hacker who could also have obtained their personal information. Unknown
Org: Non-Profit CC US
http://www.databreaches.net/michigans-catholic-workers-are-latest-cyber-victims/
36 31/08/2015 ? TransformPOS Village Pizza & Pub, a local pizza chain headquartered in Elgin, Illinois, is the indirect victim of security breach perpetrated against TransformPOS, the company that provides its POS payment card processing system. Unknown
Industry: POS Equipment CC US
http://www.databreaches.net/il-village-pizza-pub-notifies-customers-of-data-security-breach-at-transformpos/
Pingback: August 2015 Cyber Attacks Statistics | HACKMAGEDDON
Pingback: Veille Cyber N42 – 15 septembre 2015 |
Will this list be made available as a CSV? For those whose proxies block all things Google Docs? 🙁