Last Updated on January 23, 2016

The timeline of September is finally completed, so I can publish the second part covering the main attacks occurred between September 16th and  30th.

A month quite complicated from an infosec perspective, characterized by several remarkable cyber criminal events, such as the upload of 40 malicious applications in the Apple App Store, the leak of a trove of data belonging to Patreon, the compromise of several projects of the Red Hat community, and a malvertising campaign targeting Forbes (actually not the only one this month).

But even the hacktivists have been quite active in this period: the actions executed by attackers affiliated with the Anonymous collective include the shut down of all the websites operated by the Embarcadero Media Group, another leak of a confidential document from the Canadian Government and the attack against two primary Italian banks.

Last but not least, this second half of September has also seen several noticeable advanced operations, such as Iron the Tiger campaign (targeting US governmental entities and defense contractors), or the the Gaza Cybergang.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

111/09/2015?YapstoneYapStone (VacationRentPayments) notifies some property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons between July 15, 2014 and August 5, 2015.UnknownIndustry: online payment processingCCUS
216/09/2015Iron TigerUS Government, US defense contractors and related companies in the US and abroadTrend Micro unveils the details of Operation Iron Tiger, a high-level operation observed stealing trillions of bytes of confidential data from the United States government, US defense contractors and related companies in the United States and abroad.Targeted AttackGovernmentCEUS
316/09/2015?(China?)Russian military personnel and Russian telecomsProofpoint reveals the details of a campaign targeting Russian military personnel and Russian telecoms employees via a variant of the PlugX RAT.Targeted AttackMilitary:
Industry: Telecom
(hacking crew)
(hacking crew)
The w0rm hacking crew, operators of a forum of the same name, have attack a rival gang, Monopoly, and offer the database of their rivals for sale on their forum.UnknownHacking CrewCCNA
516/09/2015NetPiratesMalabar Institute of Medical Sciences
The NetPirates hack the Malabar Institute of Medical Sciences ( and dump 6,709 usernames and clear text passwords.SQLiHealthcareCCIN
617/09/2015The DukesUnited States
F-Secure reveals the details of The Dukes, a Russian speaking actor behind a seven years campaign of targeted attacks against the United States, Europe and Asia.Targeted AttackGovernmentCE>1
717/09/2015?Apple App StoreApple officials clean up the company's App Store after several security firms report that almost 40 iOS apps contain malicious codeXcodeGhost
(malicious version of Apple Xcode IDE)
Industry: SoftwareCC>1
817/09/2015?Red Hat Projects:
Ceph community project (
Inktank (
Red Hat reveals to have suffered an intrusion on the sites of both the Ceph community project ( and Inktank ( that resulted in signed code being accessed.UnknownIndustry: SoftwareCCUS
917/09/2015?Commack School District Computer SystemCommack school district computer district is hacked by an unknown individual.UnknownEducationCCUS
1017/09/2015?ForbesForbes is notified of a malvertising campaign on its website running from 8 to 15 September. The company states to have removed the offending ads.MalvertisingNewsCCUS
1117/09/2015?Online Poker sites including PokerStars and Full Tilt PokerESET unveils the details of Win32/Spy.Odlanor, a malware used by its malware operator to cheat in online poker by peeking at the cards of infected opponents. It specifically targets two of the largest online poker sites: PokerStars and Full Tilt Poker.MalwareOnline GamblingCC>1
1217/09/2015Opheus Haxorhttp://www.j-ax.itOpheus Haxor hacks the forum section of (the website of one of the most Italian singers) and dumps 31,000 usernames. SQLiIndustry: EntertainmentCCIT
1318/09/2015AnonymousEmbarcadero Group
Palo Alto Weekly
Mountain View Voice
Pleasanton Weekly
The Almanac
An individual or group claiming to be the hacktivist collective Anonymous shuts down all websites operated by Embarcadero Media Group, which runs several community newspapers in the Bay Area. The media group’s newspapers include: Palo Alto Weekly, Mountain View Voice, Pleasanton Weekly and The Almanac.DefacementNewsHUS
1418/09/2015?A large number of Wordpress sitesSucuri reveals a massive Wordpress campaign redirecting the visitors of the infected sites to a Nuclear Exploit Kit landing page.Malicious JavaScript Injection>1CC>1
1518/09/2015HoruxKettering General HospitalKettering General Hospital reveals that its email system is compromised by a Russian hacking group, that used it to send spam.Account HijackingHealthcareCCUK
1618/09/2015Hack for TrumpFidelity Group
A group of hackers that calls itself “Hack for Trump” claims to have hacked the website of Fidelity Group and threaten it would make the stolen data public unless Fidelity pays $30,000. The hackers plan to use the funds "to help Donald Trump get elected to the White House".SQLiFinanceCCKY
1718/09/2015@W0x404French Marketplaces in the DarknetAn individual with the moniker of @W0x404 claims to have hacked several French-speaking marketplaces of questionable goods inside the Darknet. As proof of his actions, the attacker dumps several screenshots.UnknownDarknet marketplacesCCFR
1818/09/2015ElliotAlderson hacks and dumps 5,926 usernames and hashed passwords.UnknownIndustry: RecruitingCCAZ
8 Vietnamese government websitesTwo hacktivists affiliated to Anonymous, AntiSec and HagashTeam, deface 8 Vietnamese government websites against online censorship and human rights violations in the country.DefacementGovernmentHVN
2021/09/2015?(China?)>1Check Point Software unveils the details of a new malicious app uploaded in Google Play in disguise of a Brain Test app. The malware could have infected at least 200,000 Android phones, possibly as many as 1 million.Malicious AppSingle IndividualsCC>1
2122/09/2015? J. Martin Company notifies an undisclosed number of individuals who made purchases on the Padlocks4Less website that their personal information, including payment card data, may have been accessed without authorization.UnknownIndustry: E-CommerceCCUS
2222/09/2015AnonymousPhilippines' National Telecom Commission
The website of the Philippines' National Telecom Commission (NTC),, is defaced by the local branch of the Anonymous in a form of protest against the slow local Internet connection average speed.DefacementGovernmentHPH
2322/09/2015?realtor.comYet another high-profile website victim of a malvertising campaign. This time the target is, a popular real estate website, ranked third in its category with an estimated 28 million monthly visits.MalvertisingIndustry: Real EstateCCUS
2423/09/2015?(China?)U.S. Government entity
European media company
A report from Palo Alto Networks confirms Chinese cyber attacks on a U.S. government entity and a European media company. The attacks, using a malware called '3102' were observed respectively on May 6, 2015 and May 11, 2015.Targeted AttackGovernment
Industry: Media
2523/09/2015Smitt3nzhttp://www.the-athenaeum.orgSmitt3nz hacks and dumps 1,671 users with hashed passwords.SQLiOnline ServicesCCUS
2624/09/2015?Adult portalsMalwarebytes reveals the latest developments of the malvertising campaign plaguing primary domains such as, since August. Now the time the campaign is targeting several adult portals such as The malicious advertising is served by TrafficHaus.MalvertisingAdult SitesCC>1
Imgur, the photo-sharing website, is exploited in a distributed denial-of-service (DDoS) attack on the popular imageboards 4chan and 8chan. DDoSImageboardCCUS
2824/09/2015NetPirates NetPirates hack and dump 5,269 usernames and hashed passwords.SQLiIndustry: E-CommerceCCPL
2925/09/2015AnonymousCanadian GovernmentAs part of their vendetta against the Canadian government, hackers claiming to belong to the Anonymous collective leak another high-level confidential federal document.UnknownGovernmentHCA
3025/09/2015?Hilton HotelMultiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States.UnknownIndustry: Hotel and HospitalityCCUS
3125/09/2015?North Oldham High SchoolNorth Oldham High School alerts 2,800 current and former students that a data breach earlier this month could have exposed their names, social security numbers and other personal information after a school computer falls victim of a drive-by attack.MalwareEducationCCUS
3225/09/2015?APEGAAPEGA, the body that regulates engineers and geologists in Alberta reports a "significant data breach" when all the names and email addresses of its 75,000 members are given to an unknown party as a result of a phishing event.Account HijackingOrg: Professional CategoryCCCA
3325/09/2015?The Big Blue BusThe Big Blue Bus alerts customers of a potential data breach related to the NextBus programUnknownBus OperatorCCUS
3426/09/2015Team Pak Cyber AttackerOfficial website of Kerala Government:
A Pakistani hacker dubbed Pakistan Zindabad defaces two websites belonging to the Kerala Government.DefacementGovernmentHIN
3526/09/2015The Mallu Cyber Soldiers46 Pakistan websites, which include Pakistan’s government website, and retaliation for the defacement of the Website of Kerala Government, an anonymous group called ‘Mallu Cyber Soldiers’ defaces around 46 Pakistan websites, which include Pakistan’s government website, and
3627/09/2015Ghost ItalyBanca Intesa
Unipol Banca
In name of #OpBankDump, Ghost Italy, a local cell of the Anonymous collective, hacks Banca Intesa and Unipol Banca, two of the most important Italian Banks, and leaks several databases, mainly related to external contractors.SQLiFinanceHIT
3727/09/2015?University of Calgary
The employee records of a number of University of Calgary staff members are fraudulently accessed, and banking records altered, during an ‘isolated breach’.UnknownEducationCCCA
3827/09/2015mr_xenon hacker with the moniker mr_xenon hacks and dumps 18606 records.SQLiOnline GamblingCCSE
3928/09/2015Gaza CybergangGovernment Entities in Egypt, United Arab Emirates and YemenKaspersky Lab unveils the details of the so-called "Gaza Cybergang", a group active since 2012 and targeting mainly governmental entities.Targeted AttackGovernmentCEEG
4028/09/2015?Trump Hotel CollectionThe Trump Hotel Collection acknowledges a malware infection across the United States and Canada, potentially stealing customer credit card data for an entire year. The list of hotels includes two locations in New York and one in each of the following cities: Chicago, Honolulu, Las Vegas, Toronto and Miami. MalwareIndustry: Hotel and HospitalityCCUS
4128/09/2015ExfocusRutgers UniversityA hacker known under the moniker Exfocus takes down the Rutgers UniversityDDoSEducationCCUS
4229/09/2015?KmartAustralian discount homewares chain Kmart is under investigation, following a data breach that occurred in early September which saw the personal details of its online customers hacked.UnknownIndustry: RetailCCAU
4330/09/2015?PatreonPatreon, the website that allows people to maintain regular donations to a website, an artist, or project, announces to have suffered a security breach. The site says some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public. Unfortunately the attackers leak Gigabyte of data.SQLiCrowdfunding PlatformCCUS
4430/09/2015?Several Thai Government websitesSeveral Thai government websites are hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access. It appears to be a protest against the government's plan to limit access to sites deemed inappropriate, dubbed the "Great Firewall of Thailand".DDoSGovernmentHTH
4530/09/20150x0D1337dutchwow.com0x0D1337 hacks (a private World of Warcraft server) and dumps 3,917 records containing usernames and hashed passwords.SQLiOnline ServicesCCNL
4630/09/2015KelvinSecTeam hacks and dumps 1,651 users with clear text passwords.SQLiGovernmentCCVE

This Post Has One Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.