Last Updated on January 3, 2016
Here we are again! This time with the list of the main cyber attacks occurred in the second fortnight of November (part I here).
Landesk, Pearson VUE, Starwood Hotel, and Invest Bank are the most noticeable targets for this fortnight (along with three unnamed Greek banks blackmailed by the DDoS gang Armada Collective).
However, this timeline is clearly characterized by hacktivism thanks to the multiple actions executed by members of the Anonymous collective (even if driven by different motivations). The Anonymous kicked off their campaign against ISIS-related social account profiles (in name of OpISIS), and also hit other primary targets such as: Japan’s Health, Labor and Welfare Ministry, several Iceland Government Websites (OpWHales), the website of United Nations Climate Change and the website of Taiwan Police (OpSingleGateway).
But the timeline also offers several cases of state-sponsored attacks, such as a new version of the Turla and Dark Seoul campaigns, a new threat actor dubbed Strontium targeting government bodies, diplomatic, and military institutions in NATO countries and some parts of Eastern Europe, and a new undetectable RAT dubbed GlassRAT focused on Chinese nationals in commercial organizations.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
ID Date Author Target Description Attack Target
Country Link 1 11/11/2015 Armenian A.S.A.L.A. group Mortgage Fund sub-domain of the Azerbaijan Central Bank
Another episode of the cyber war between Armenians and Azerbaijani hackers: Armenian hackers calling themselves the Armenian A.S.A.L.A. group hack the Mortgage Fund sub-domain (amf.cbar.az) of the Azerbaijan Central Bank and leak some customer data. SQLi? Finance H AZ https://www.hackread.com/armenian-group-hacks-azerbaijan-central-bank/ 2 16/11/2015 Turla Several targets belonging to Business and Government FireEye identifies a new campaign suspected to be tied to a Russian state-sponsored group previously analyzed by Kaspersky and known under the name of Turla. This time the group has breached and infected over 100 websites that have a business and government audience. Targeted Attack >1 CE >1 http://news.softpedia.com/news/tracking-scripts-used-by-state-sponsored-group-to-spy-on-government-officials-496245.shtml 3 17/11/2015 Anonymous ISIS Twitter Accounts In name of #OpParis, the activist group Anonymous claims to have taken down 5,500 pro-ISIS Twitter accounts. Unknown Org: Terrorism H N/A http://www.scmagazine.com/anonymous-shutters-55k-pro-isis-twitter-accounts/article/454869/ 4 17/11/2015 Ghost Sec (affiliated to Anonymous) ISIS Main Forum Members of the hacking collective Anonymous claim to have shut down Isdarat, a main ISIS forum on the Dark Web. Unknown Org: Terrorism H N/A http://www.vocativ.com/news/251771/anonymous-hits-main-isis-forum/
5 17/11/2015 ? Several Domains Malwarebytes identifies one of the largest malvertising campaigns in recent months going through 10 different ad domains receiving massive volumes of Internet traffic. The campaign is used to distribute the Angler and Neutrino EKs. Malvertising >1 CC >1 https://blog.malwarebytes.org/malvertising-2/2015/11/the-casino-malvertising-campaign/ 6 17/11/2015 ? Several Individuals Unknown hackers create a PayPal phishing site, making a clone site, using an SSL certificate of the World Bank Domain. Phishing >1 CC >1 https://www.hackread.com/world-bank-ssl-certificate-host-paypal-phishing-scam/ 7 17/11/2015 ? http://www.trampolining-online.co.uk/ An unknown hacker hacks trampolining-online.co.uk and dumps 16,353 usernames and hashed passwords. Unknown Industry: E-Commerce CC UK https://siph0n.in/exploits.php?id=4209 8 17/11/2015 ? http://www.friendshipkey.com/ An unknown hacker hacks friendshipkey.com and dumps 16,353 usernames and hashed passwords. Unknown Dating CC PK https://siph0n.in/exploits.php?id=4208 9 18/11/2015 ? Landesk Landesk alerts employees that a data breach may have exposed their personal information. According to some internal sources, the attackers first broke into Landesk network in June 2014. Targeted Attack Industry: Software CC US http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/ 10 18/11/2015 Hacker Buba Invest Bank A hacker called Hacker Buba hacks into Invest Bank and holds it to ransom, demanding $3M, and leaking confidential data of clients on Twitter every few hours. Unknown Finance CC UAE http://gulfnews.com/xpress/dubai/courts-crime/hacker-holds-uae-bank-to-ransom-demands-3m-1.1626394 11 18/11/2015 Dark Seoul Transportation and logistics sector in Europe Researchers from Palo Alto identify a new campaign that shows similarities with the Infamous Dark Seoul campaign discovered in March 2013. Targeted Attack Industry: Transportation CE >1 http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/ 12 19/11/2015 Strontium Computer systems belonging to government bodies, diplomatic, and military institutions in NATO countries and into some parts of Eastern Europe. Microsoft unveils the details of Strontium (also known as APT28, Sednit, Sofacy and Fancy Bear), a threat actor that is thought to identify potential targets from mailing lists, public forums and social media sites, and then use spear phishing techniques to steal login credentials. Targeted Attack >1 CE >1 http://www.tripwire.com/state-of-security/security-data-protection/strontium-microsoft-warns-of-hacking-gang-targeting-government-and-nato-workers/ 13 20/11/2015 ? Starwood Hotels & Resorts Starwood Hotels & Resorts Worldwide Inc says that payment systems at 54 of its hotels in North America had been infected with a malware designed to collect payment card data. PoS Malware Industry: Hotel and Resort CC US http://www.reuters.com/article/2015/11/20/us-starwood-hotels-hacking-idUSKCN0T91XO20151120#sRYDJwSG4gBkmgci.97 14 20/11/2015 Anonymous Japan's Health, Labor and Welfare Ministry
The website of Japan's Health, Labor and Welfare Ministry is taken down by a DDoS attack. The Anonymous collective claims responsibility. DDoS Government H JP http://www.globalpost.com/article/6691762/2015/11/21/japan-probes-possible-cyber-attack-anonymous-health-ministry-website 15 21/11/2015 NetPirates, @LulzNetPirates, dhiqar.net http://www.dhiqar.net/ NetPirates hack dhiqar.net, an ISIS related website and dump 14,059 records with usernames and hashed passwords. SQLi Org: Political Party H IQ https://siph0n.in/exploits.php?id=4235 16 22/11/2015 ? Linux Australia
Linux Australia allegedly suffers a second leak of data from its servers, according to a message sent to its main mailing list by president Joshua Hesketh. Unknown Org: Software CC AU http://www.itwire.com/business-it-news/open-source/70431-linux-australia-suffers-another-data-leak 17 22/11/2015 Team System DZ http://veterans.co.richland.wi.us/
A collective of Pro-ISIS hackers dubbed Team System DZ defaces three domains of the Richland County office. Defacement Government H US https://www.hackread.com/isis-hacks-richland-county-veterans-services-site/ 18 23/11/2015 ? Five Unnamed Banks Group-IB reveals that over the last 5 years criminals in Russia found a way to steal 252 million Rubles ($3.8 million) from five unnamed banks, using a novel technique called a “reverse ATM attack”. Reverse ATM Attack Finance CC RU http://www.forbes.com/sites/thomasbrewster/2015/11/23/visa-mastercard-atm-fraud-hackers-steal-millions-dollars/ 19 23/11/2015 ? Pearson VUE Technology certification management provider Pearson VUE is the victim of a computer security breach after malware compromises its Credential Manager System. Malware Industry: Media CC UK http://www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/ 20 23/11/2015 ? Several Wodrpress sites including blogs.independent.co.uk Malwarebytes identifies a campaign affecting dozens of WordPress sites compromised with the same malicious code redirecting to the Angler exploit kit. The campaign is a new version of the one previously known as EITest. Wordpress Vulnerability >1 CC >1 https://blog.malwarebytes.org/hacking-2/2015/11/catching-up-with-the-eitest-compromise-a-year-later/ 21 23/11/2015 ? Chinese nationals in commercial organizations. RSA unveils the details of a new undetectable RAT dubbed GlassRAT. The tool, active since three years, it is used as part of a very targeted campaign, focused on Chinese nationals in commercial organizations. Targeted Attack >1 CE CN http://www.infosecurity-magazine.com/news/glassrat-zerodetection-trojan/ 22 23/11/2015 ? Gigi Hadid Gigi Hadid admits to be blackmailed by a group of hackers who claim they're ready to leak private content from her iPhone unless she pays up. Account Hijacking Single Individual CC US http://www.tmz.com/2015/11/23/gigi-hadid-iphone-hackers/ 23 23/11/2015 RyanDa1338 http://www.hortinews.co.ke/ RyanDa1338 hacks hortinews.co.ke and dumps 42,065 usernames and hashed passwords. Unknown News CC KE https://siph0n.in/exploits.php?id=4234 24 24/11/2015 ? U.S. Air Force The U.S. Air Force investigates how classified data about a competition for a next-generation U.S. bomber was found into a report published by Forbes magazine. Unknown Military CE US http://www.reuters.com/article/2015/11/25/usa-airforce-bomber-idUSL1N13G01220151125#2jOmxoHjGQ3smBxZ.97 25 24/11/2015 Turk Hack Team Russian Central Bank
Turkish hackers from Turk Hack Team take down the official website of Russian Central Bank (cbr.ru) amid tension near Syrian-Turkey border. DDoS Finance H RU https://www.hackread.com/turkish-hackers-target-russian-central-bank-site/ 26 26/11/2015 ? Several additional Wordpress sites including the website of popular magazine Reader’s Digest (rd.com) Malwarebytes detects a different version of the campaign previously known as "EITest" is detected. The victims include the website of popular magazine Reader’s Digest (rd.com). Wordpress Vulnerability >1 CC >1 https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-other-wordpress-sites-compromised-push-angler-ek/ 27 26/11/2015 Multiple Indian Hacking Groups Multiple Pakistani Targets Multiple hacking groups from India carry out coordinated attacks against more than 200 Pakistani websites, as revenge for 7th anniversary of the Mumbai November 26, 2008 terror attacks. Defacement Government CW PK http://news.softpedia.com/news/indian-hackers-deface-125-pakistani-websites-as-payback-for-mumbai-2008-attacks-496903.shtml 28 26/11/2015 Multiple Pakistani Hacking Groups Central Bank of India And as a partial revenge Pakistani hackers hack the website of the Central Bank of India. Rumors on Twitter also indicate that Pakistani hackers are also to blame for the downtime on the website of an Indian BJP Intellectuals cell. Unknown Government CW IN http://www.techworm.net/2015/11/indian-cyber-warriors-pay-homage-to-2611-martyrs-by-hacking-200.html 29 27/11/2015 ? https://www.vtech.com A massive breach compromises 4.8 million of records from VTech, a Hong Kong toy company. SQLi Industry: Children Toys CC HK http://www.troyhunt.com/2015/11/when-children-are-breached-inside.html 30 27/11/2015 ? Unnamed hosting company affecting Hungryhouse.co.uk Online takeaway service Hungryhouse resets the passwords of thousands of its customers following an apparent data breach at a third party hosting company. 10.000 users might be affected Unknown Industry: Online Food Delivery CC UK http://www.theregister.co.uk/2015/11/27/hungryhouse_password_change/ 31 27/11/2015 ? https://www.cryptocoinsnews.com
Two websites (CryptoCoinNews and Hacked) offer bounty of five bitcoins (worth about £1200) to catch blackmailer who is holding them to ransom with DDoS threat. DDoS News CC NO http://www.scmagazineuk.com/news-websites-offer-bitcoin-bounty-over-ddos-attacker/article/456389/ 32 27/11/2015 Anonymous Iceland Government Websites In name of #OpWhales, the Anonymous take down almost all the Iceland government websites for about 13 hours as a protest against the whaling practices in Iceland. DDoS Government H IS https://www.hackread.com/anonymous-crushes-iceland-govt-for-whale-slaughter/ 33 27/11/2015 Several Indian Hackers Several Pakistani Websites Indian hackers pay homage to 26/11 Mumbai attack martyrs by hacking 200 Pakistani websites Defacement Government H PK http://www.techworm.net/2015/11/indian-cyber-warriors-pay-homage-to-2611-martyrs-by-hacking-200.html 34 29/11/2015 Pakistani Cyber Attackers Jabalpur Police
Hackers calling themselves “Pakistani cyber attackers” deface the official website of Jabalpur police with Pakistani flags and slogans claiming revenge against Indian attacks. Defacement Law Enforcement CW IN http://www.databreaches.net/madhya-pradesh-police-falls-to-pakistani-cyber-attackers/ 35 30/11/2015 Armada Collective Three Unnamed Greek Banks Reuters reveals that hackers belonging to the Armada Collective have staged cyber-attacks on three Greek banks and demanded a ransom in bitcoins, to stop their disruption. DDoS Finance CC GR http://www.reuters.com/article/2015/11/30/greece-banks-idUSL8N13P5B420151130#8J9mWZxowdvvfWli.97 36 30/11/2015 Anonymous United Nations Climate Change
Anonymous breach into the website of United Nations Framework Convention on Climate Change (UNFCCC) against the police attack on Cop21 March and leak personal information of 1415 officials. SQLi Org: United Nations H N/A https://www.hackread.com/anonymous-hacks-un-climate-change-website/ 37 30/11/2015 Anonymous Taiwan Police In name of #OpSingleGateway, the Anonymous hack Thailand Police Servers against Internet Censorship. SQLi Law Enforcement H TW https://hacked.com/opsinglegateway-anonymous-hacks-thai-police-servers-proves-its-point/ 38 30/11/2015 ? http://sexyirelandescorts.com
Special mention of the month for an anonymous hacker who dumps data from several Escort sites. The sum of the total accounts is close to 18,000. Unknown Dating CC >1