Last Updated on January 23, 2016
It’s time to publish the first Cyber Attack Timeline of September.
Unfortunately this fortnight has brought another massive breach against insurance providers: Excellus Blue Cross Blue Shield and Lifetime Health Care have been hit by a cyber attack initially occurred on December 2013, which has compromised the details of 10.5M users.
Other interesting events concern a new Cyber Attack against the Pentagon (in this case limited to the Food Court computer system), the revelations that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, and an intrusion, allegedly performed by Jihadists, into UK ministerial email accounts.
The chronicles also report the first cyber attack carried on via the implant of malicious router software images, and an anomalous occurrence of DDoS attacks, quite widespread, targeting, among the others, the UK’s National Crime Agency and the Kremlin’s official Website.
As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 01/09/2015 Lizard Squad UK's National Crime Agency
The Lizard Squad takes down the official website of UK's National Crime Agency (nationalcrimeagency.gov.uk). DDoS Law Enforcement CC UK http://arstechnica.com/security/2015/09/lizard-squad-launches-ddos-against-uk-law-enforcement-agency/ 2 01/09/2015 Rocket Kitten
(linked to Iran ?)
Several individuals authors of an anti-Iran security research paper Trend Micro and Clearsky Security publish a joint, detailed paper in which they document the actions of Rocket Kitten, an APT they believe to be linked to the Iranian government. Targeted Attack Several Individuals CE >1 http://news.softpedia.com/news/rocket-kitten-hacking-group-linked-to-iranian-government-by-security-researchers-490919.shtml 3 01/09/2015 ? Marion Bowman Marion Bowman, a top former FBI lawyer and U.S. counterintelligence official, reveals that hackers allegedly from China penetrated his home computer last spring. Targeted Attack Single Individual CE US http://www.newsweek.com/china-hackers-fbi-marion-bowman-367451 4 01/09/2015 ? Hawaii First Federal Credit Union Hawaii First Federal Credit Union notifies an undisclosed number of customers that an unauthorized individual may have gained access to an employee's email account, and could have accessed personal information. Account Hijacking Finance CC US http://www.scmagazine.com/hawaii-credit-union-notifies-customers-of-employee-email-breach/article/436785/ 5 02/09/2015 @n0w1337 Greater Manchester Police
The website of Greater Manchester Police in the UK (gmp.police.uk) is hit by two DDoS attacks. A Twitter account going by the handle @n0w1337 claims responsibility for the attack. DDoS Law Enforcement CC UK http://www.infosecurity-magazine.com/news/manchester-uks-website-knocked/ 6 02/09/2015 @n0w1337 Manchester Airport
In the same wave of attacks, the same attacker also claims responsibility for taking down the website of Manchester Airport (manchesterairport.co.uk). DDoS Airport CC UK http://home.bt.com/news/uk-news/greater-manchester-police-website-targeted-by-hacker-11364001567404 7 02/09/2015 ? (Author Unknown but charged) ReverbNation ReverbNation, an online platform that assists >3M musicians in building their careers, experienced a breach in 2014, and notifies an undisclosed number of users and asking them to change their passwords. Unknown Industry: Music CC US http://www.scmagazine.com/2014-breach-prompts-reverbnation-to-notify-customers/article/436757/ 8 02/09/2015 ? Several banks CSIS team reports a new variant of the Carbanak trojan using a new communications protocol Targeted Attack Finance CC >1 http://news.softpedia.com/news/carbanak-banking-trojan-returns-with-a-new-series-of-attacks-491015.shtml 9 02/09/2015 ? Wayne County Board of Education
Hackers claiming to be part of Islamic State deface the Wayne County Board of Education website (boe.wayn.k12.wv.us) Defacement Education H US http://www.statejournal.com/story/29943796/hacker-claiming-to-be-part-of-islamic-state-hacks-wayne-county-wv-board-of-education-website-redirects-visitors-to-site-promoting-terrorism 10 02/09/2015 ? Parking sign installed at Lille’s Boulevard Louis XVI A French hacker defaces an electronic parking sign with offensive content. Defacement Parking Sign CC FR https://www.hackread.com/hacked-electronic-signpost-france/ 11 03/09/2015 ? uk.match.com In an attack similar to the one that happened last month on PlentyOfFish, Malwarebytes reveals that the UK version of online dating site Match.com (uk.match.com) is caught serving malvertising. Malvertising Dating CC UK https://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-found-on-dating-site-matchdotcom/ 12 03/09/2015 @n0w1337 Essex Police
The same attacker who took down the Manchester Police earlier this month, also takes down the website of the Essex Police. DDoS Law Enforcement CC UK http://www.theregister.co.uk/2015/09/04/essex_police_ddos/ 13 03/09/2015 ConnectingFriend
http://www.askmebazaar.com Two hackers dubbed ConnectingFriend and KheXan rOot hack askmebazaar.com and dump 2,105 user records. SQLi Industry: E-Commerce CC IN http://pastebin.com/eEN0NVuM 14 04/09/2015 ? Mozilla's Bugzilla bug tracking system Mozilla reveals that an attacker was able to stole security-sensitive vulnerability information from the Mozilla's Bugzilla bug tracking system and probably used it to attack Firefox users. The attacker may have had access since September 2013. Account Hijacking Org: Software CC US http://arstechnica.com/security/2015/09/mozilla-data-stolen-from-hacked-bug-database-was-used-to-attack-firefox/ 15 04/09/2015 ? http://weendviolence.com/ California-based violence prevention education organization We End Violence discovers a potential intrusion into its Agent of Change application server that could have exposed personal information, and, so far, 79,000 California State University students have been impacted. Unknown Org: Education CC US http://www.scmagazine.com/we-end-violence-announces-breach-california-university-impacted/article/437776/ 16 04/09/2015 Smitt3nz http://malapelli.com
Rubber AKA @smitt3nz hacks 9 dating websites in a row and dumps a total of 7,764 usernames and clear text passwords. SQLi Dating CC >1 http://siph0n.in/exploits.php?id=4033 17 04/09/2015 F3PN 53 South African web sites A hacker called F3PN successfully hack 53 South African Web sites Defacement >1 CC ZA http://www.balancingact-africa.com/news/en/issue-no-156/web-and-mobile-data/hacker-targets-south/en 18 05/09/2015 ? The University of South Wales Facebook Page The University of South Wales (UNSW), one of Australia’s top universities has images of a porn star and other inappropriate content shared on its Facebook page. Account Hijacking Education CC AU https://au.news.yahoo.com/nsw/a/29443937/university-facebook-page-flooded-with-soft-porn-in-embarrassing-hack/ 19 05/09/2015 13chmod37 http://toko.proumedia.co.id A hacker called 13chmod37 hacks toko.proumedia.co.id and dumps 1,570 usernames and clear text passwords. SQLi Industry: E-Commerce CC ID http://pastebin.com/YPVyHdjB 20 08/09/2015 ? The Pentagon
(United States Department of Defense)
Hackers infiltrated the Pentagon food court's computer system, compromising the bank data of an unknown number of employees. Targeted Attack Government CE US http://www.washingtonexaminer.com/pentagon-food-court-computers-hacked-exposing-employees-bank-information/article/2571606 21 09/09/2015 DD4BC Several UK corporations and institutions According to an Akamai study, a number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC (114 attacks since April 2015). DDoS >1 CC UK http://arstechnica.com/business/2015/09/uk-banks-corporations-are-being-blackmailed-by-bitcoin-cyberextortionists/ 22 09/09/2015 Turla Governments, embassies, military groups, educational facilities, researchers and the pharmaceutical industry. Kaspersky reveals to have discovered a sophisticated hacking group, dubbed Turla, which has gone far beyond standard techniques used to disguise spying and cybercrime campaigns by exploiting weaknesses in global satellite systems. Targeted Attack >1 CC
>1 http://www.zdnet.com/article/tracking-turla-hackers-abuse-satellite-signals-high-in-the-sky/ 23 09/09/2015 H4nterAsez http://macare.in/ H4nterAsez hacks macare.in and dumps 2,000+ usernames and clear text passwords. SQLi Healthcare CC IN http://webcache.googleusercontent.com/search?q=cache:OQOtGarRny8J:pastebin.com/4A93qstA+&cd=1&hl=en&ct=clnk&gl=us 24 10/09/2015 ? Excellus BlueCross BlueShield Health insurance company Excellus declares that hackers broke into its servers and may have obtained the personal details of 10.5 million people. The information belongs to customers who lived in or sought treatment in the upstate New York area. The breach, initially occurred on December 23, 2013. exposed the personal information of 7 million Excellus Blue Cross Blue Shield (BCBS) customers and 3.5 million Lifetime Health Care customers. Targeted Attack Healthcare CC US http://www.theregister.co.uk/2015/09/10/excellus_breach/ 25 10/09/2015 North Korea South Korea FireEye researchers discovers a campaign led by attackers from North Korea, exploiting a zero day vulnerability (CVE-2015-6585) in Hangul, a word processor popular with the South Korea's government. The backdoor is called Hangman. Targeted Attack Government CE KR http://www.theregister.co.uk/2015/09/10/north_korea_exploits_zero_day_in_seouls_favourite_word_doc/ 26 10/09/2015 ? Oakland Family Services Oakland Family Services, reveals the details of a security breach that could have affected 16,000 clients in the area. An unknown person gained access to the email account of an employee in July, which resulted in the potential viewing of protected health information. Account Hijacking Org: Non-Profit CC US http://www.scmagazine.com/oakland-family-services-notifies-16k-clients-of-information-breach/article/438995/ 27 10/09/2015 Cyber-71 Dhaka University The Dhaka University website is defaced by hacker called Cyber-71. Defacement Education CC BD http://bdnews24.com/bangladesh/2015/09/11/dhaka-university-website-still-down-authorities-claim-hacker-marked 28 11/09/2015 ISIL UK ministerial emails The Telegraph reveals that Jihadists in Syria hack into UK ministerial email accounts in a sophisticated espionage operation uncovered by GCHQ Targeted Attack Government CE UK http://www.telegraph.co.uk/news/politics/11859005/Cabinet-ministers-email-hacked-by-Isil-spies.html 29 11/09/2015 ? U.S. Department of Energy Federal Records obtained by USA TODAY show that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014. Targeted Attack Government CE US http://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/ 30 11/09/2015 Mr.Black http://asankadr.az A hacker called Mr.Black hacks asankadr.az (a recruitment web site) and dumps 2,447 usernames and hashed passwords. SQLi Industry: Recruiting CC AZ http://webcache.googleusercontent.com/search?q=cache:iO4ApriCHQ4J:pastebin.com/Kaw9gV4R+&cd=1&hl=en&ct=clnk&gl=us 31 11/09/2015 ? Penrith High School A small group of students from Penrith High School have allegedly used a teacher's login credentials to access a Department of Education computer system that contains students' assessment marks. Account Hijacking Education CC US http://www.zdnet.com/article/western-sydney-students-access-department-computer-system/ 32 13/09/2015 ? Kremlin’s official website
The Kremlin’s official website falls under a massive DDoS Attack. The attack is carried out simultaneously with another attack that reportedly targeted the website of the Russian Electoral Commission. Both of the attacks are made on national Election Day. DDoS Government CC RU https://www.rt.com/politics/315338-hacker-attack-kremlin-website/ 33 13/09/2015 r3dm0v3 http://cromotransfer.com.br/ r3dm0v3 hacks cromotransfer.com.br and dumps 6,529 usernames and clear text passwords. SQLi Industry: E-Commerce CC BR http://pastebin.com/JSSe18nL 34 13/09/2015 Kyfx Kumoh National Institute of Technology A hacker called Kyfx hacks a subdomain of the Kumoh National Institute of Technology and dumps 1,448 usernames and clear text passwords. SQLi Education CC KR http://pastebin.com/6SCzVT98 35 14/09/2015 ? >1 Malwarebytes publishes the analysis of a recently detected malvertising attack that affected many ad networks and ran uninterrupted for almost three weeks. Malvertising >1 CC >1 https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/ 36 15/09/2015 ? Cisco Routers FireEye unveils the details of a campaign involving the stealthy modification of a router's firmware image that can be used to maintain persistence within a victim's network. The campaign is called SYNful Knock and has hit at least 79 devices in 19 countries. Malicious Router Images Implant >1 CE >1 http://arstechnica.com/security/2015/09/malicious-cisco-router-backdoor-found-on-79-more-devices-25-in-the-us/ 37 15/09/2015 ? Cryptome.org The creator of digital library and whistle-blowing site Cryptome.org, John Young, revokes his PGP key pairs after learning they were compromised. Unknown Org: Digital Library CE US http://www.theregister.co.uk/2015/09/16/cryptome_revokes_pgp_keys_after_mysterious_compromise/