Last Updated on January 24, 2016

If you believed (or maybe hoped) that the Christmas atmosphere could curb the crooks’ intentions, you will be disappointed: the first timeline of December reports 48 events, with several remarkable cases in all the sectors.

DDoS has played an important role in this fortnight with at least two important occurrences: a massive attack has mined the Internet root DNS infrastructure, and another one has crippled for a couple of days JANET, the UK network for research and education.

Hacktivists have been equally quite active, members of the Anonymous collective have carried on several operations against the streaming provider of the United Nation Framework Convention on Climate Change, Donald Trump, the website of the Japanese Prime Minister and the European Space Agency.

Last but not least China is still (allegedly) on the spot for Cybercrime., with a purported attack against the Australian Bureau of Meteorology, and a campaign against Hong Kong Journalists characterized by the utilization of a C&C infrastructure hosted on Dropbox. Another important event in this sector concerns the discovery of Packrat, a long lasting campaign (seven years) focused on targeting several countries in South America  (and during the analysis one of the hackers threatened a researcher to put a bullet in his brain).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetEvent DescriptionAttackTarget
101/12/2015?DNS Root ServersOn November 30, 2015 and December 1, 2015, over two separate intervals, several of the Internet Domain Name System's root name servers are the target of a massive DDoS attack.DDoSOrg: Internet ServicesCC>1
201/12/2015?Mobile users in SingaporeThe Association of Banks in Singapore (ABS) warns mobile users of a new malware targeting banking services and hijacking sensitive data such as credit card details and one-time passwords (OTPs). The malware affects both Android and iOS devices.Mobile MalwareSingle IndividualsCCSG
301/12/2015?Kalahari ResortsKalahari Resorts announces that its Ohio and Wisconsin resorts have been hit by a point-of-sale (POS) breach between March 9 and June 8.PoS MalwareIndustry: Hotel and ResortCCUS
The Guardian reveals that an unknown hacker, on April 2015, tried to send 4M text messages saying “death to the Jews", using the data stolen from a 2013 breach of SMSGlobal, to abuse the network of DU, a UAE mobile operator.UnknownIndustry: TelcoCCUAE
501/12/2015Muslim Electronic ArmyThe Barbados AdvocateThe Barbados Advocate, the second most dominant daily newspaper in the country of Barbados is defaced by the Muslim Electronic Army.DefacementNewsHBB
602/12/2015ChinaAustralian Bureau of Meteorology
China is blamed for a major cyber attack on the computers at the Australian Bureau of Meteorology (, which has compromised sensitive systems across the Federal Government.Targeted AttackGovernmentCEAU
702/12/2015admin@338Hong Kong based journalistsResearchers from FireEye Labs identify a new campaign targeting Hong Kong based journalists. The campaign is characterized by the usage of Dropbox to host the C&C infrastructure. The group, dubbed admin@338 is suspected to originate from China.Targeted AttackSeveral IndividualsCEHK
802/12/2015AnonymousMeta-Fusion GmbH
The second round of the campaign of the Anonymous against the Cop21 (the United Nations Conference of Climate Change) kicks off. The hacktivists hack the website of Meta-Fusion GmbH, a Germany-based official Webcast Streaming Service Provider for the UNFCCC, and leak the login credentials of the company’s employees.SQLiIndustry: Web StreamingHDE
902/12/2015@Smitt3nz AKA Rubber AKA Rubber hacks and dumps 1,452 usernames and hashed passwords.SQLiOnline GamesCCFR
1003/12/2015RopertusJD WetherspoonJD Wetherspoon reveals that its website has been hacked between 15 and 17 June this year, resulting in the potential loss of customer data including names, dates of birth, email addresses and phone numbers, as well as a small amount of credit card records. The breach could potentially impact 656,723 users.SQLiIndustry: HospitalityCCUK
1103/12/2015NetherlandsMoDz hacks and dumps 1.087 records with usernames and hashed passwords.UnknownEducationCCBH
1203/12/2015NetherlandsMoDzhttp://www.springfieldnutra.comNetherlandsMoDz hacks and dumps 1.087 records with usernames and hashed passwords.UnknownOrganization: nutraceuticalCCNL
1304/12/2015?TuneCoreTunecore Database is breached. The company reveals that the data that may have been accessed includes names, email, addresses, mailing addresses, account numbers, and passwords.UnknownIndustry: MusicCCUS
1404/12/2015ap3x h4x0r h4x0r from the Anonsec collective hacks and dumps 11,792 records.SQLiIndustry: E-CommerceCCIR
1505/12/2015darkshadow-tn>200 Indian WebsitesAnother episode of the Cyberwar between India and Pakistan. Using the hashtag #FreeKashmir, a hacker called darkshadow-tn from the AnonCoders collective defaces over 200 Indian Websites.Defacement>1CWIN
1606/12/2015?Nexus Mods
Nexus Mods announces a potential database breach. The breach includes information for about 6 million users, but the database that was breached was last updated on July 22nd, 2013.UnknownOnline GamesCCUS
1706/12/2015?Jim Ross Twitter Account
Unknown hackers hijack the Twitter account of Jim Ross and post the fake news of his death to his 1.3 million followers.Account HijackingSingle IndividualCCUS
Malwarebytes reveals the details of a malvertising campaign targeting DailyMotion, the popular French video sharing site, surreptitiously distributing the Angler Exploit Kit to its victims.MalvertisingVideo SharingCCFR
1907/12/2015?JanetUK publicly-funded academic computer network Janet comes under a persistent DDoS attack today.DDoSOrganization: NRENCCUK
2007/12/2015@Smitt3nz AKA Rubber AKA Rubber hacks and dumps 1,710 usernames and hashed passwords.SQLiIndustry: E-CommerceCCUK
2107/12/2015Freedom Cry400 WebsitesA Muslim hacker dubbed Freedom Cry from the Anonymous R4BIA collective defaces 400 websites in a single shot to spread a message pro-Islam.Defacement>1HN/A
2207/12/2015GrenXPaRTa hacks and dumps 7325 usernames and hashed passwords.UnknownOnline ServicesCCUK
2308/12/2015PackratSeveral countries in South AmericaResearchers at Cyphort and Citizen Lab reveals the details of a hacker group who has spent the past seven years targeting countries in South America with malware campaigns, phishing attacks, and fake news organizations. The hacker group is given the name "Packrat" based upon its preference for embedded remote access trojans (RATs).Targeted Attack>1CE>1
Individuals and entities inside Iran and abroadSymantec reveals the details of two groups, most likely based out of Iran, which have been conducting a sophisticated cyber surveillance campaign targeting individuals and entities inside Iran and abroad since July 2014, and possibly as early as 2011. The groups are named Cadelle and Chafer.Targeted Attack>1CE>1
2508/12/2015?Middlesex HospitalThe Middlesex Hospital in Connecticut reveals that the personal information of almost 1,000 patients could have been compromised through a phishing scam.
Account HijackingHealthCCUS
2608/12/2015?Elephant BarCM Ebar, LLC, the owner of Elephant Bar restaurants, announces that a PoS malware breach may have affected the information of customers at 29 locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida.PoS MalwareIndustry: RestaurantCCUS
2708/12/2015?Cricket South Africa Facebook PageThe Cricket South Africa page is hacked, and the hackers post racist and sexual content on the page.Account HijackingSportCCZA
2808/12/2015?Official Twitter Account of Pakistani Journalist Hamid Mir
The official Twitter account of Pakistani journalist Hamid Mir is hacked by an unknown hacker, apparently pro-ISIS, who leaks screenshots of his personal emails to the 1.7M followers.Account HijackingSingle IndividualHPK
2909/12/2015?WP EnginePopular WordPress-specific hosting provider WP Engine is apparently the victim of a data breach, and forces their customers to change their passwords.UnknownIndustry: Web HostingCCUS
3009/12/2015Anonymous Anonymous set their sight to Donald Trump and take down the website for Donald Trump's trademark New York City skyscraper ( Real EstateHUS
3109/12/2015AnonymousThe website of Japan's Prime Minister Shinzo Abe
The website of Japan's Prime Minister Shinzo Abe ( is taken down by a DDoS attack. The hacktivist collective Anonymous is suspected to be the author of the attack the site in protest of the nation's whale hunting policy.DDoSSingle IndividualHJP
3209/12/2015?The GuardianFireEye labs reveal that an archived article on The Guardian website that investigates cybercrime distributes malware via the Angler Exploit Kit.
Malicious Script InjectionNewsCCUK!
3309/12/2015?The Independent Blog
The Independent’s blog-hosting site is the victim of a malvertising campaign that targets visitors with a ransomware.MalvertisingNewsCCUK
3409/12/2015?Swedish House Mafia Facebook PageThe Facebook page of the Electronic Dance Music Group Swedish House Mafia is hacked and the attacker posts some offending images of Miley Cyrus.Account HijackingIndustry: MusicCCSE
3510/12/2015?EasilyIn a letter to customers, UK web hosting firm reveals to have suffered a targeted attack which exposed an unspecified number of customer domain names.Targeted AttackIndustry: Web HostingCCUK
3610/12/2015Armada CollectiveMoonfruitAfter suffering a DDoS attack by the infamous Armada Collective, Moonfruit takes down all the websites to enhance the defences and avoid to pay the ransom.DDoSIndustry: Web HostingCCUK
3711/12/2015?Danish Parliament website
The Danish Parliament website is taken offline in a DDoS attack.DDoSGovernmentCCDK
3811/12/2015?Single Individuals using Alibaba.comResearchers from Comodo identify a new phishing attack targeted specifically at businesses and consumers who may use HijackingIndustry: E-CommerceCCCN
3913/12/2015g0tchackCity of Providence
A hacker called g0tchack hacks the website of the CIty of Providence and asks for a ransom of 1BTC (358USD worth) to give the data back.UnknownGovernmentCCUS
4014/12/2015?Turkey National Domain Registrar
Turkey National Domain Registrar is the victim of a sustained DDoS attack that affect the entire national Internet infrastructure.DDoSInternet ServicesCW?TR
4114/12/2015?Websites running JoomlaSucuri identifies a wave of cyber attacks against websites running the Joomla Content Management System exploiting an unpatched a critical remote command-execution vulnerability.Unpatched Vulnerability>1CC>1
4214/12/2015?Several Twitter usersTwitter warns dozens of users that their account data may have been targeted by state-sponsored hackers. The list includes security researchers, journalists, and activists.Account HijackingSeveral IndividualsCE>1
4314/12/2015?ComcastResearchers at Malwarebytes identify a malvertising campaign targeting Comcast Users via the Xfinity search page.MalvertisingIndustry: TelcoIndustry: TelcoUS
4414/12/2015AnonymousSeveral ESA domains:
Members of the online hacktivist Anonymous hacks several subdomains of the European Space Agency website and leak personal and login credentials of more than 8000 subscribers and officialsSQLiOrganization: Space AgencyHN/A
4514/12/2015Islamic Cyber ArmyMilitary Officials in France and USIn reaction to the campaign of the Anonymous against ISIS, the group leaks personal data, and claims that it belongs to military officials in France and US.UnknownMilitaryCWUS
4614/12/2015ProjectDump hacks and dumps 6,187 usernames and hashed passwords.UnknownOnline ServicesCCCA
4715/12/2015?Several Internet Services in BostonSeveral Internet services in Boston are disrupted by a DDoS attack, defines as a “minor act of cybervandalism”. The outage, affects city agencies and the police and fire departments.DDoSGovernmentCCUS
4815/12/2015?Swiss CleanersThe dry cleaning firm Swiss Cleaners suffered a point of sale data breach that could have potentially stolen the data from every payment card type used in the eight-store chain for almost one year.PoS MalwareIndustry: Dry CleanersCCUS


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.