Last Updated on January 23, 2016
The timeline of September is finally completed, so I can publish the second part covering the main attacks occurred between September 16th and 30th.
A month quite complicated from an infosec perspective, characterized by several remarkable cyber criminal events, such as the upload of 40 malicious applications in the Apple App Store, the leak of a trove of data belonging to Patreon, the compromise of several projects of the Red Hat community, and a malvertising campaign targeting Forbes (actually not the only one this month).
But even the hacktivists have been quite active in this period: the actions executed by attackers affiliated with the Anonymous collective include the shut down of all the websites operated by the Embarcadero Media Group, another leak of a confidential document from the Canadian Government and the attack against two primary Italian banks.
Last but not least, this second half of September has also seen several noticeable advanced operations, such as Iron the Tiger campaign (targeting US governmental entities and defense contractors), or the the Gaza Cybergang.
As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 11/09/2015 ? Yapstone YapStone (VacationRentPayments) notifies some property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons between July 15, 2014 and August 5, 2015. Unknown Industry: online payment processing CC US http://www.databreaches.net/vacationrentpayment-notifies-customers-whose-account-application-information-was-hacked/ 2 16/09/2015 Iron Tiger US Government, US defense contractors and related companies in the US and abroad Trend Micro unveils the details of Operation Iron Tiger, a high-level operation observed stealing trillions of bytes of confidential data from the United States government, US defense contractors and related companies in the United States and abroad. Targeted Attack Government CE US http://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/ 3 16/09/2015 ?(China?) Russian military personnel and Russian telecoms Proofpoint reveals the details of a campaign targeting Russian military personnel and Russian telecoms employees via a variant of the PlugX RAT. Targeted Attack Military:
CE RU http://www.scmagazineuk.com/news-alert-apts-target-russian-military-personnel-and-telecoms-employees/article/439244/ 4 16/09/2015 w0rm
The w0rm hacking crew, operators of a forum of the same name, have attack a rival gang, Monopoly, and offer the database of their rivals for sale on their forum. Unknown Hacking Crew CC NA http://motherboard.vice.com/read/hackers-hack-other-hackers-offer-their-data-for-500?linkId=17102714 5 16/09/2015 NetPirates Malabar Institute of Medical Sciences
The NetPirates hack the Malabar Institute of Medical Sciences (mimsindia.com) and dump 6,709 usernames and clear text passwords. SQLi Healthcare CC IN http://siph0n.net/exploits.php?id=4054 6 17/09/2015 The Dukes United States
F-Secure reveals the details of The Dukes, a Russian speaking actor behind a seven years campaign of targeted attacks against the United States, Europe and Asia. Targeted Attack Government CE >1 https://grahamcluley.com/2015/09/russia-using-duke-family-malware-spy-countries-2008-says-secure/ 7 17/09/2015 ? Apple App Store Apple officials clean up the company's App Store after several security firms report that almost 40 iOS apps contain malicious code XcodeGhost
(malicious version of Apple Xcode IDE)
Industry: Software CC >1 http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/ 8 17/09/2015 ? Red Hat Projects:
Ceph community project (ceph.com)
Red Hat reveals to have suffered an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com) that resulted in signed code being accessed. Unknown Industry: Software CC US http://www.theregister.co.uk/2015/09/18/intrusion_at_cephcom_makes_for_red_faces_at_red_hat/ 9 17/09/2015 ? Commack School District Computer System Commack school district computer district is hacked by an unknown individual. Unknown Education CC US http://poststar.com/news/state-and-regional/li-high-school-computer-system-hacked/article_c042c1fc-99ba-52d8-8cc2-a8189bdc7619.html 10 17/09/2015 ? Forbes Forbes is notified of a malvertising campaign on its website running from 8 to 15 September. The company states to have removed the offending ads. Malvertising News CC US http://www.forbes.com/sites/thomasbrewster/2015/09/22/forbes-website-served-malware/?ss=Security 11 17/09/2015 ? Online Poker sites including PokerStars and Full Tilt Poker ESET unveils the details of Win32/Spy.Odlanor, a malware used by its malware operator to cheat in online poker by peeking at the cards of infected opponents. It specifically targets two of the largest online poker sites: PokerStars and Full Tilt Poker. Malware Online Gambling CC >1 http://www.welivesecurity.com/2015/09/17/the-trojan-games-odlanor-malware-cheats-at-poker/ 12 17/09/2015 Opheus Haxor http://www.j-ax.it Opheus Haxor hacks the forum section of j-ax.it (the website of one of the most Italian singers) and dumps 31,000 usernames. SQLi Industry: Entertainment CC IT http://siph0n.net/exploits.php?id=4057 13 18/09/2015 Anonymous Embarcadero Group
Palo Alto Weekly
Mountain View Voice
A group of hackers that calls itself “Hack for Trump” claims to have hacked the website of Fidelity Group and threaten it would make the stolen data public unless Fidelity pays $30,000. The hackers plan to use the funds "to help Donald Trump get elected to the White House". SQLi Finance CC KY http://www.compasscayman.com/caycompass/2015/09/18/Fidelity-Bank-hacked-and-blackmailed/ 17 18/09/2015 @W0x404 French Marketplaces in the Darknet An individual with the moniker of @W0x404 claims to have hacked several French-speaking marketplaces of questionable goods inside the Darknet. As proof of his actions, the attacker dumps several screenshots. Unknown Darknet marketplaces CC FR http://www.zataz.com/infiltration-dans-le-black-market-francais-suite/ 18 18/09/2015 ElliotAlderson http://asankadr.az/ ElliotAlderson hacks asankadr.az and dumps 5,926 usernames and hashed passwords. Unknown Industry: Recruiting CC AZ http://siph0n.net/exploits.php?id=4063 19 19/09/2015 AntiSec
8 Vietnamese government websites Two hacktivists affiliated to Anonymous, AntiSec and HagashTeam, deface 8 Vietnamese government websites against online censorship and human rights violations in the country. Defacement Government H VN https://www.hackread.com/anonymous-hacks-vietnam-government-against/ 20 21/09/2015 ?(China?) >1 Check Point Software unveils the details of a new malicious app uploaded in Google Play in disguise of a Brain Test app. The malware could have infected at least 200,000 Android phones, possibly as many as 1 million. Malicious App Single Individuals CC >1 http://www.forbes.com/sites/thomasbrewster/2015/09/21/chinese-hackers-beat-google-bouncer/?ss=Security 21 22/09/2015 ? http://www.padlocks4less.com/ Frank J. Martin Company notifies an undisclosed number of individuals who made purchases on the Padlocks4Less website that their personal information, including payment card data, may have been accessed without authorization. Unknown Industry: E-Commerce CC US http://www.scmagazine.com/padlocks4less-website-possibly-compromised-payment-cards-at-risk/article/441140/ 22 22/09/2015 Anonymous Philippines' National Telecom Commission
The website of the Philippines' National Telecom Commission (NTC), ntc.gov.ph, is defaced by the local branch of the Anonymous in a form of protest against the slow local Internet connection average speed. Defacement Government H PH http://news.softpedia.com/news/anonymous-defaces-philippines-telecom-commission-website-protesting-slow-internet-speeds-492336.shtml 23 22/09/2015 ? realtor.com Yet another high-profile website victim of a malvertising campaign. This time the target is realtor.com, a popular real estate website realtor.com, ranked third in its category with an estimated 28 million monthly visits. Malvertising Industry: Real Estate CC US https://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-attack-hits-realtor-com-visitors/ 24 23/09/2015 ?(China?) U.S. Government entity
European media company
A report from Palo Alto Networks confirms Chinese cyber attacks on a U.S. government entity and a European media company. The attacks, using a malware called '3102' were observed respectively on May 6, 2015 and May 11, 2015. Targeted Attack Government
http://www.forbes.com/sites/lisabrownlee/2015/09/25/new-report-of-malicious-chinese-cyber-attack-on-a-u-s-government-agency/?ss=Security 25 23/09/2015 Smitt3nz http://www.the-athenaeum.org Smitt3nz hacks the-athenaeum.org and dumps 1,671 users with hashed passwords. SQLi Online Services CC US http://siph0n.in/exploits.php?id=4072 26 24/09/2015 ? Adult portals Malwarebytes reveals the latest developments of the malvertising campaign plaguing primary domains such as Yahoo.com, MSN.com since August. Now the time the campaign is targeting several adult portals such as xHamster.com. The malicious advertising is served by TrafficHaus. Malvertising Adult Sites CC >1 https://blog.malwarebytes.org/malvertising-2/2015/09/ssl-malvertising-campaign-targets-top-adult-sites/ 27 24/09/2015 ? 4chan
Imgur, the photo-sharing website, is exploited in a distributed denial-of-service (DDoS) attack on the popular imageboards 4chan and 8chan. DDoS Imageboard CC US http://www.scmagazine.com/news/archive/10652/ 28 24/09/2015 NetPirates http://dresscloud.pl/ The NetPirates hack dresscloud.pl and dump 5,269 usernames and hashed passwords. SQLi Industry: E-Commerce CC PL http://siph0n.net/exploits.php?id=4076 29 25/09/2015 Anonymous Canadian Government As part of their vendetta against the Canadian government, hackers claiming to belong to the Anonymous collective leak another high-level confidential federal document. Unknown Government H CA http://news.nationalpost.com/news/canada/anonymous-leaks-another-high-level-federal-document-as-part-of-vendetta-against-government 30 25/09/2015 ? Hilton Hotel Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Unknown Industry: Hotel and Hospitality CC US http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-properties/ 31 25/09/2015 ? North Oldham High School North Oldham High School alerts 2,800 current and former students that a data breach earlier this month could have exposed their names, social security numbers and other personal information after a school computer falls victim of a drive-by attack. Malware Education CC US http://www.courier-journal.com/story/news/education/2015/09/25/n-oldham-high-data-breach-could-affect-2800/72812598/ 32 25/09/2015 ? APEGA APEGA, the body that regulates engineers and geologists in Alberta reports a "significant data breach" when all the names and email addresses of its 75,000 members are given to an unknown party as a result of a phishing event. Account Hijacking Org: Professional Category CC CA https://www.apega.ca/breach.html 33 25/09/2015 ? The Big Blue Bus The Big Blue Bus alerts customers of a potential data breach related to the NextBus program Unknown Bus Operator CC US http://smdp.com/data-breach-involves-big-blue-bus-customers/151000 34 26/09/2015 Team Pak Cyber Attacker Official website of Kerala Government:
A Pakistani hacker dubbed Pakistan Zindabad defaces two websites belonging to the Kerala Government. Defacement Government H IN http://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/ 35 26/09/2015 The Mallu Cyber Soldiers 46 Pakistan websites, which include Pakistan’s government website Pakistan.gov.pk, president.gov.pk and cabinet.gov.pk In retaliation for the defacement of the Website of Kerala Government, an anonymous group called ‘Mallu Cyber Soldiers’ defaces around 46 Pakistan websites, which include Pakistan’s government website Pakistan.gov.pk, president.gov.pk and cabinet.gov.pk. Defacement Government H PK http://www.inquisitr.com/2451705/indian-hackers-deface-over-40-pakistani-websites-hours-after-two-indian-government-portals-were-hacked/ 36 27/09/2015 Ghost Italy Banca Intesa
In name of #OpBankDump, Ghost Italy, a local cell of the Anonymous collective, hacks Banca Intesa and Unipol Banca, two of the most important Italian Banks, and leaks several databases, mainly related to external contractors. SQLi Finance H IT http://www.repubblica.it/tecnologia/2015/09/28/news/anonymous_opbankdump_unipol_intesa-123815381/?ref=HRER2-1 37 27/09/2015 ? University of Calgary
The employee records of a number of University of Calgary staff members are fraudulently accessed, and banking records altered, during an ‘isolated breach’. Unknown Education CC CA http://calgary.ctvnews.ca/police-investigate-security-breach-of-university-of-calgary-s-peoplesoft-system-1.2583492 38 27/09/2015 mr_xenon http://www.spelapoker.se/ A hacker with the moniker mr_xenon hacks spelapoker.se and dumps 18606 records. SQLi Online Gambling CC SE http://webcache.googleusercontent.com/search?q=cache:enNyZpPlZmsJ:pastebin.com/57J2kh8Y+&cd=1&hl=en&ct=clnk&gl=us 39 28/09/2015 Gaza Cybergang Government Entities in Egypt, United Arab Emirates and Yemen Kaspersky Lab unveils the details of the so-called "Gaza Cybergang", a group active since 2012 and targeting mainly governmental entities. Targeted Attack Government CE EG
https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/ 40 28/09/2015 ? Trump Hotel Collection The Trump Hotel Collection acknowledges a malware infection across the United States and Canada, potentially stealing customer credit card data for an entire year. The list of hotels includes two locations in New York and one in each of the following cities: Chicago, Honolulu, Las Vegas, Toronto and Miami. Malware Industry: Hotel and Hospitality CC US
http://money.cnn.com/2015/09/30/technology/trump-hotels-hack/ 41 28/09/2015 Exfocus Rutgers University A hacker known under the moniker Exfocus takes down the Rutgers University DDoS Education CC US http://news.softpedia.com/news/despite-new-equipment-rutgers-university-goes-down-after-ddos-attack-493155.shtml 42 29/09/2015 ? Kmart Australian discount homewares chain Kmart is under investigation, following a data breach that occurred in early September which saw the personal details of its online customers hacked. Unknown Industry: Retail CC AU http://www.oaic.gov.au/news-and-events/statements/privacy-statements/kmart-australia-data-breach/kmart-australia-data-breach 43 30/09/2015 ? Patreon Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announces to have suffered a security breach. The site says some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public. Unfortunately the attackers leak Gigabyte of data. SQLi Crowdfunding Platform CC US http://arstechnica.com/security/2015/10/patreon-some-user-names-e-mail-and-mailing-addresses-stolen/
44 30/09/2015 ? Several Thai Government websites Several Thai government websites are hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access. It appears to be a protest against the government's plan to limit access to sites deemed inappropriate, dubbed the "Great Firewall of Thailand". DDoS Government H TH http://www.bbc.com/news/world-asia-34409343 45 30/09/2015 0x0D1337 dutchwow.com 0x0D1337 hacks dutchwow.com (a private World of Warcraft server) and dumps 3,917 records containing usernames and hashed passwords. SQLi Online Services CC NL http://siph0n.net/exploits.php?id=4088 46 30/09/2015 KelvinSecTeam http://www.seniat.gov.ve/ KelvinSecTeam hacks seniat.gov.ve and dumps 1,651 users with clear text passwords. SQLi Government CC VE http://pastebin.com/C17sguxM