Last Updated on January 23, 2016

It’s time to publish the first Cyber Attack Timeline of September.

Unfortunately this fortnight has brought another massive breach against insurance providers: Excellus Blue Cross Blue Shield and Lifetime Health Care have been hit by a cyber attack initially occurred on December 2013, which has compromised the details of 10.5M users.

Other interesting events concern a new Cyber Attack against the Pentagon (in this case limited to the Food Court computer system), the revelations that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, and an intrusion, allegedly performed by Jihadists, into UK ministerial email accounts.

The chronicles also report the first cyber attack carried on via the implant of malicious router software images, and an anomalous occurrence of DDoS attacks, quite widespread, targeting, among the others, the UK’s National Crime Agency and the Kremlin’s official Website.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

101/09/2015Lizard Squad
UK's National Crime Agency
The Lizard Squad takes down the official website of UK's National Crime Agency ( EnforcementCCUK
201/09/2015Rocket Kitten
(linked to Iran ?)
Several individuals authors of an anti-Iran security research paperTrend Micro and Clearsky Security publish a joint, detailed paper in which they document the actions of Rocket Kitten, an APT they believe to be linked to the Iranian government.Targeted AttackSeveral IndividualsCE>1
301/09/2015?Marion BowmanMarion Bowman, a top former FBI lawyer and U.S. counterintelligence official, reveals that hackers allegedly from China penetrated his home computer last spring.Targeted AttackSingle IndividualCEUS
401/09/2015?Hawaii First Federal Credit UnionHawaii First Federal Credit Union notifies an undisclosed number of customers that an unauthorized individual may have gained access to an employee's email account, and could have accessed personal information.Account HijackingFinanceCCUS
502/09/2015@n0w1337Greater Manchester Police
The website of Greater Manchester Police in the UK ( is hit by two DDoS attacks. A Twitter account going by the handle @n0w1337 claims responsibility for the attack.DDoSLaw EnforcementCCUK
602/09/2015@n0w1337Manchester Airport
In the same wave of attacks, the same attacker also claims responsibility for taking down the website of Manchester Airport (
702/09/2015? (Author Unknown but charged)ReverbNationReverbNation, an online platform that assists >3M musicians in building their careers, experienced a breach in 2014, and notifies an undisclosed number of users and asking them to change their passwords.UnknownIndustry: MusicCCUS
802/09/2015?Several banksCSIS team reports a new variant of the Carbanak trojan using a new communications protocolTargeted AttackFinanceCC>1
902/09/2015?Wayne County Board of Education
Hackers claiming to be part of Islamic State deface the Wayne County Board of Education website (
1002/09/2015?Parking sign installed at Lille’s Boulevard Louis XVIA French hacker defaces an electronic parking sign with offensive content.DefacementParking SignCCFR
1103/09/2015?uk.match.comIn an attack similar to the one that happened last month on PlentyOfFish, Malwarebytes reveals that the UK version of online dating site ( is caught serving malvertising.
1203/09/2015@n0w1337Essex Police
The same attacker who took down the Manchester Police earlier this month, also takes down the website of the Essex Police.DDoSLaw EnforcementCCUK
KheXan rOot
http://www.askmebazaar.comTwo hackers dubbed ConnectingFriend and KheXan rOot hack and dump 2,105 user records.SQLiIndustry: E-CommerceCCIN
1404/09/2015?Mozilla's Bugzilla bug tracking systemMozilla reveals that an attacker was able to stole security-sensitive vulnerability information from the Mozilla's Bugzilla bug tracking system and probably used it to attack Firefox users. The attacker may have had access since September 2013.Account HijackingOrg: SoftwareCCUS
1504/09/2015? violence prevention education organization We End Violence discovers a potential intrusion into its Agent of Change application server that could have exposed personal information, and, so far, 79,000 California State University students have been impacted.UnknownOrg: EducationCCUS
Rubber AKA @smitt3nz hacks 9 dating websites in a row and dumps a total of 7,764 usernames and clear text passwords.SQLiDatingCC>1
53 South African web sitesA hacker called F3PN successfully hack 53 South African Web sitesDefacement>1CCZA
1805/09/2015?The University of South Wales Facebook PageThe University of South Wales (UNSW), one of Australia’s top universities has images of a porn star and other inappropriate content shared on its Facebook page.Account HijackingEducationCCAU
1905/09/201513chmod37 hacker called 13chmod37 hacks and dumps 1,570 usernames and clear text passwords.SQLiIndustry: E-CommerceCCID
2008/09/2015?The Pentagon
(United States Department of Defense)
Hackers infiltrated the Pentagon food court's computer system, compromising the bank data of an unknown number of employees.Targeted AttackGovernmentCEUS
2109/09/2015DD4BCSeveral UK corporations and institutionsAccording to an Akamai study, a number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC (114 attacks since April 2015).DDoS>1CCUK
2209/09/2015TurlaGovernments, embassies, military groups, educational facilities, researchers and the pharmaceutical industry.Kaspersky reveals to have discovered a sophisticated hacking group, dubbed Turla, which has gone far beyond standard techniques used to disguise spying and cybercrime campaigns by exploiting weaknesses in global satellite systems.Targeted Attack>1CC
2309/09/2015H4nterAsez hacks and dumps 2,000+ usernames and clear text passwords.SQLiHealthcareCCIN
2410/09/2015?Excellus BlueCross BlueShieldHealth insurance company Excellus declares that hackers broke into its servers and may have obtained the personal details of 10.5 million people. The information belongs to customers who lived in or sought treatment in the upstate New York area. The breach, initially occurred on December 23, 2013. exposed the personal information of 7 million Excellus Blue Cross Blue Shield (BCBS) customers and 3.5 million Lifetime Health Care customers.Targeted AttackHealthcareCCUS
2510/09/2015North KoreaSouth KoreaFireEye researchers discovers a campaign led by attackers from North Korea, exploiting a zero day vulnerability (CVE-2015-6585) in Hangul, a word processor popular with the South Korea's government. The backdoor is called Hangman.Targeted AttackGovernmentCEKR
2610/09/2015?Oakland Family ServicesOakland Family Services, reveals the details of a security breach that could have affected 16,000 clients in the area. An unknown person gained access to the email account of an employee in July, which resulted in the potential viewing of protected health information.Account HijackingOrg: Non-ProfitCCUS
2710/09/2015Cyber-71Dhaka UniversityThe Dhaka University website is defaced by hacker called Cyber-71.DefacementEducationCCBD
2811/09/2015ISILUK ministerial emailsThe Telegraph reveals that Jihadists in Syria hack into UK ministerial email accounts in a sophisticated espionage operation uncovered by GCHQTargeted AttackGovernmentCEUK
2911/09/2015?U.S. Department of EnergyFederal Records obtained by USA TODAY show that attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014.Targeted AttackGovernmentCEUS
3011/09/2015Mr.Blackhttp://asankadr.azA hacker called Mr.Black hacks (a recruitment web site) and dumps 2,447 usernames and hashed passwords.SQLiIndustry: RecruitingCCAZ
3111/09/2015?Penrith High SchoolA small group of students from Penrith High School have allegedly used a teacher's login credentials to access a Department of Education computer system that contains students' assessment marks.Account HijackingEducationCCUS
3213/09/2015?Kremlin’s official website
The Kremlin’s official website falls under a massive DDoS Attack. The attack is carried out simultaneously with another attack that reportedly targeted the website of the Russian Electoral Commission. Both of the attacks are made on national Election Day.DDoSGovernmentCCRU
3313/09/2015r3dm0v3 hacks and dumps 6,529 usernames and clear text passwords.SQLiIndustry: E-CommerceCCBR
3413/09/2015KyfxKumoh National Institute of TechnologyA hacker called Kyfx hacks a subdomain of the Kumoh National Institute of Technology and dumps 1,448 usernames and clear text passwords.SQLiEducationCCKR
3514/09/2015?>1Malwarebytes publishes the analysis of a recently detected malvertising attack that affected many ad networks and ran uninterrupted for almost three weeks.Malvertising>1CC>1
3615/09/2015?Cisco RoutersFireEye unveils the details of a campaign involving the stealthy modification of a router's firmware image that can be used to maintain persistence within a victim's network. The campaign is called SYNful Knock and has hit at least 79 devices in 19 countries.Malicious Router Images Implant>1CE>1
3715/09/2015?Cryptome.orgThe creator of digital library and whistle-blowing site, John Young, revokes his PGP key pairs after learning they were compromised.UnknownOrg: Digital LibraryCEUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.