1-15 December 2015 Cyber Attacks Timeline

If you believed (or maybe hoped) that the Christmas atmosphere could curb the crooks’ intentions, you will be disappointed: the first timeline of December reports 48 events, with several remarkable cases in all the sectors.

DDoS has played an important role in this fortnight with at least two important occurrences: a massive attack has mined the Internet root DNS infrastructure, and another one has crippled for a couple of days JANET, the UK network for research and education.

Hacktivists have been equally quite active, members of the Anonymous collective have carried on several operations against the streaming provider of the United Nation Framework Convention on Climate Change, Donald Trump, the website of the Japanese Prime Minister and the European Space Agency.

Last but not least China is still (allegedly) on the spot for Cybercrime., with a purported attack against the Australian Bureau of Meteorology, and a campaign against Hong Kong Journalists characterized by the utilization of a C&C infrastructure hosted on Dropbox. Another important event in this sector concerns the discovery of Packrat, a long lasting campaign (seven years) focused on targeting several countries in South America  (and during the analysis one of the hackers threatened a researcher to put a bullet in his brain).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetEvent DescriptionAttackTarget
101/12/2015?DNS Root ServersOn November 30, 2015 and December 1, 2015, over two separate intervals, several of the Internet Domain Name System's root name servers are the target of a massive DDoS attack.DDoSOrg: Internet ServicesCC>1http://arstechnica.com/security/2015/12/attack-flooded-internet-root-servers-with-5-million-queries-a-second/
201/12/2015?Mobile users in SingaporeThe Association of Banks in Singapore (ABS) warns mobile users of a new malware targeting banking services and hijacking sensitive data such as credit card details and one-time passwords (OTPs). The malware affects both Android and iOS devices.Mobile MalwareSingle IndividualsCCSGhttp://www.zdnet.com/article/singapore-consumers-warned-of-malware-targeting-mobile-banking-services/
301/12/2015?Kalahari ResortsKalahari Resorts announces that its Ohio and Wisconsin resorts have been hit by a point-of-sale (POS) breach between March 9 and June 8.PoS MalwareIndustry: Hotel and ResortCCUShttp://www.scmagazine.com/second-wisconsin-dells-based-resort-hit-by-breach/article/458238/
The Guardian reveals that an unknown hacker, on April 2015, tried to send 4M text messages saying “death to the Jews", using the data stolen from a 2013 breach of SMSGlobal, to abuse the network of DU, a UAE mobile operator.UnknownIndustry: TelcoCCUAEhttp://www.theguardian.com/technology/2015/dec/01/hacker-sent-death-to-the-jews-text-messages-after-breach-in-phone-network
501/12/2015Muslim Electronic ArmyThe Barbados AdvocateThe Barbados Advocate, the second most dominant daily newspaper in the country of Barbados is defaced by the Muslim Electronic Army.DefacementNewsHBBhttp://www.nationnews.com/nationnews/news/75091/advocates-site-hacked
602/12/2015ChinaAustralian Bureau of Meteorology
China is blamed for a major cyber attack on the computers at the Australian Bureau of Meteorology (bom.gov.au), which has compromised sensitive systems across the Federal Government.Targeted AttackGovernmentCEAUhttp://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278
702/12/2015[email protected]Hong Kong based journalistsResearchers from FireEye Labs identify a new campaign targeting Hong Kong based journalists. The campaign is characterized by the usage of Dropbox to host the C&C infrastructure. The group, dubbed [email protected] is suspected to originate from China.Targeted AttackSeveral IndividualsCEHKhttp://www.theregister.co.uk/2015/12/02/hong_kong_hacks_hacked_in_democracy_protest_yap_flap/
802/12/2015AnonymousMeta-Fusion GmbH
The second round of the campaign of the Anonymous against the Cop21 (the United Nations Conference of Climate Change) kicks off. The hacktivists hack the website of Meta-Fusion GmbH, a Germany-based official Webcast Streaming Service Provider for the UNFCCC, and leak the login credentials of the company’s employees.SQLiIndustry: Web StreamingHDEhttps://www.hackread.com/anonymous-hacks-un-climate-changes-webcast-service-provider/
902/12/2015@Smitt3nz AKA Rubberhttp://www.igcd.net/@Smitt3nz AKA Rubber hacks igcd.net and dumps 1,452 usernames and hashed passwords.SQLiOnline GamesCCFRhttp://siph0n.in/exploits.php?id=4266
1003/12/2015RopertusJD WetherspoonJD Wetherspoon reveals that its website has been hacked between 15 and 17 June this year, resulting in the potential loss of customer data including names, dates of birth, email addresses and phone numbers, as well as a small amount of credit card records. The breach could potentially impact 656,723 users.SQLiIndustry: HospitalityCCUKhttp://www.zdnet.com/article/jd-wetherspoon-loses-data-of-over-650000-customers-in-cyberattack/
1103/12/2015NetherlandsMoDzhttp://apgschool.com/NetherlandsMoDz hacks apgschool.com and dumps 1.087 records with usernames and hashed passwords.UnknownEducationCCBHhttp://pastebin.com/UAQakZ2N
1203/12/2015NetherlandsMoDzhttp://www.springfieldnutra.comNetherlandsMoDz hacks springfieldnutra.com and dumps 1.087 records with usernames and hashed passwords.UnknownOrganization: nutraceuticalCCNLhttp://pastebin.com/6YXaFr97
1304/12/2015?TuneCoreTunecore Database is breached. The company reveals that the data that may have been accessed includes names, email, addresses, mailing addresses, account numbers, and passwords.UnknownIndustry: MusicCCUShttp://help.tunecore.com/app/answers/detail/a_id/669
1404/12/2015ap3x h4x0rhttp://saifa.ir/ap3x h4x0r from the Anonsec collective hacks saifa.ir and dumps 11,792 records.SQLiIndustry: E-CommerceCCIRhttp://pastebin.com/ftXELSC5
1505/12/2015darkshadow-tn>200 Indian WebsitesAnother episode of the Cyberwar between India and Pakistan. Using the hashtag #FreeKashmir, a hacker called darkshadow-tn from the AnonCoders collective defaces over 200 Indian Websites.Defacement>1CWINhttp://thehackednews.com/2015/12/200-indian-websites-hacked-by-anoncoders/
1606/12/2015?Nexus Mods
Nexus Mods announces a potential database breach. The breach includes information for about 6 million users, but the database that was breached was last updated on July 22nd, 2013.UnknownOnline GamesCCUShttp://www.slashgear.com/nexus-mods-reports-database-breach-08417627/
1706/12/2015?Jim Ross Twitter Account
Unknown hackers hijack the Twitter account of Jim Ross and post the fake news of his death to his 1.3 million followers.Account HijackingSingle IndividualCCUShttp://www.welivesecurity.com/2015/12/07/hackers-announce-wwes-jim-ross-dead-wrestling-control-twitter-account/
Malwarebytes reveals the details of a malvertising campaign targeting DailyMotion, the popular French video sharing site, surreptitiously distributing the Angler Exploit Kit to its victims.MalvertisingVideo SharingCCFRhttps://blog.malwarebytes.org/malvertising-2/2015/12/malvertising-hits-dailymotion-serves-up-angler-ek/
1907/12/2015?JanetUK publicly-funded academic computer network Janet comes under a persistent DDoS attack today.DDoSOrganization: NRENCCUKhttp://www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/
2007/12/2015@Smitt3nz AKA Rubberhttp://artrookie.co.uk@Smitt3nz AKA Rubber hacks artrookie.co.uk and dumps 1,710 usernames and hashed passwords.SQLiIndustry: E-CommerceCCUKhttp://siph0n.in/exploits.php?id=4275
2107/12/2015Freedom Cry400 WebsitesA Muslim hacker dubbed Freedom Cry from the Anonymous R4BIA collective defaces 400 websites in a single shot to spread a message pro-Islam.Defacement>1HN/Ahttp://www.databreaches.net/uk-social-networking-site-xat-hacked-user-database-acquired-by-hackers/
2207/12/2015GrenXPaRTahttp://www.befriending.co.ukGrenXPaRTa hacks befriending.co.uk and dumps 7325 usernames and hashed passwords.UnknownOnline ServicesCCUKhttp://grenxparta.blogspot.co.id/2015/12/hacked-leak-and-dump-site.html
2308/12/2015PackratSeveral countries in South AmericaResearchers at Cyphort and Citizen Lab reveals the details of a hacker group who has spent the past seven years targeting countries in South America with malware campaigns, phishing attacks, and fake news organizations. The hacker group is given the name "Packrat" based upon its preference for embedded remote access trojans (RATs).Targeted Attack>1CE>1https://grahamcluley.com/2015/12/packrat-gang-targeted-south-america-malware-seven-years/
Individuals and entities inside Iran and abroadSymantec reveals the details of two groups, most likely based out of Iran, which have been conducting a sophisticated cyber surveillance campaign targeting individuals and entities inside Iran and abroad since July 2014, and possibly as early as 2011. The groups are named Cadelle and Chafer.Targeted Attack>1CE>1http://www.darkreading.com/attacks-breaches/-iranian-groups-conducting-sophisticated-surveillance-on-middle-eastern-targets/d/d-id/1323468?
2508/12/2015?Middlesex HospitalThe Middlesex Hospital in Connecticut reveals that the personal information of almost 1,000 patients could have been compromised through a phishing scam.
Account HijackingHealthCCUShttp://www.scmagazine.com/phishing-scam-hits-middlesex-hospital-in-conn/article/458813/
2608/12/2015?Elephant BarCM Ebar, LLC, the owner of Elephant Bar restaurants, announces that a PoS malware breach may have affected the information of customers at 29 locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida.PoS MalwareIndustry: RestaurantCCUShttp://www.scmagazine.com/elephant-bar-announced-a-point-of-sale-breach-that-affected-29-locations-in-seven-states/article/458707/
2708/12/2015?Cricket South Africa Facebook PageThe Cricket South Africa page is hacked, and the hackers post racist and sexual content on the page.Account HijackingSportCCZAhttps://www.hackread.com/cricket-south-africa-facebook-page-hacked/
2808/12/2015?Official Twitter Account of Pakistani Journalist Hamid Mir
The official Twitter account of Pakistani journalist Hamid Mir is hacked by an unknown hacker, apparently pro-ISIS, who leaks screenshots of his personal emails to the 1.7M followers.Account HijackingSingle IndividualHPKhttps://www.hackread.com/pakistani-journalist-hamid-mir-twitter-account-hacked/
2909/12/2015?WP EnginePopular WordPress-specific hosting provider WP Engine is apparently the victim of a data breach, and forces their customers to change their passwords.UnknownIndustry: Web HostingCCUShttp://www.net-security.org/secworld.php?id=19221
3009/12/2015Anonymoushttp://www.trumptowerny.com/The Anonymous set their sight to Donald Trump and take down the website for Donald Trump's trademark New York City skyscraper (trumptowerny.com).DDoSIndustry: Real EstateHUShttp://edition.cnn.com/2015/12/11/politics/donald-trump-tower-anonymous-hackers/
3109/12/2015AnonymousThe website of Japan's Prime Minister Shinzo Abe
The website of Japan's Prime Minister Shinzo Abe (s-abe.or.jp) is taken down by a DDoS attack. The hacktivist collective Anonymous is suspected to be the author of the attack the site in protest of the nation's whale hunting policy.DDoSSingle IndividualHJPhttp://www.japantimes.co.jp/news/2015/12/10/national/anonymous-hacker-takes-credit-for-shutting-down-prime-ministers-website/#.VnV2KvG1_id
3209/12/2015?The GuardianFireEye labs reveal that an archived article on The Guardian website that investigates cybercrime distributes malware via the Angler Exploit Kit.
Malicious Script InjectionNewsCCUKhttp://www.zdnet.com/article/guardian-article-on-cybercrime-serves-up-malvertising/#!
3309/12/2015?The Independent Blog
The Independent’s blog-hosting site is the victim of a malvertising campaign that targets visitors with a ransomware.MalvertisingNewsCCUKhttp://www.theguardian.com/media/2015/dec/09/independent-blog-site-ransomware-hackers-viruses
3409/12/2015?Swedish House Mafia Facebook PageThe Facebook page of the Electronic Dance Music Group Swedish House Mafia is hacked and the attacker posts some offending images of Miley Cyrus.Account HijackingIndustry: MusicCCSEhttps://thump.vice.com/en_us/article/swedish-house-mafias-facebook-got-hacked
3510/12/2015?EasilyIn a letter to customers, UK web hosting firm Easily.co.uk reveals to have suffered a targeted attack which exposed an unspecified number of customer domain names.Targeted AttackIndustry: Web HostingCCUKhttp://www.infosecurity-magazine.com/news/uk-web-hoster-easily-hit-by/
3610/12/2015Armada CollectiveMoonfruitAfter suffering a DDoS attack by the infamous Armada Collective, Moonfruit takes down all the websites to enhance the defences and avoid to pay the ransom.DDoSIndustry: Web HostingCCUKhttp://www.bbc.co.uk/news/technology-35091534
3711/12/2015?Danish Parliament website
The Danish Parliament website folketinget.dk is taken offline in a DDoS attack.DDoSGovernmentCCDKhttp://www.scmagazine.com/ddos-attack-knocks-danish-parliament-website-offline/article/459253/
3811/12/2015?Single Individuals using Alibaba.comResearchers from Comodo identify a new phishing attack targeted specifically at businesses and consumers who may use Alibaba.com.Account HijackingIndustry: E-CommerceCCCNhttps://blog.comodo.com/comodo-news/alibaba-phishing-attack/
3913/12/2015g0tchackCity of Providence
A hacker called g0tchack hacks the website of the CIty of Providence and asks for a ransom of 1BTC (358USD worth) to give the data back.UnknownGovernmentCCUShttp://wpri.com/2015/12/13/providence-city-website-was-hacked/
4014/12/2015?Turkey National Domain Registrar
Turkey National Domain Registrar NIC.tr is the victim of a sustained DDoS attack that affect the entire national Internet infrastructure.DDoSInternet ServicesCW?TRhttp://www.dailydot.com/politics/turkey-ddos-attack-tk-universities/
4114/12/2015?Websites running JoomlaSucuri identifies a wave of cyber attacks against websites running the Joomla Content Management System exploiting an unpatched a critical remote command-execution vulnerability.Unpatched Vulnerability>1CC>1http://arstechnica.com/security/2015/12/hackers-actively-exploit-critical-vulnerability-in-sites-running-joomla/
4214/12/2015?Several Twitter usersTwitter warns dozens of users that their account data may have been targeted by state-sponsored hackers. The list includes security researchers, journalists, and activists.Account HijackingSeveral IndividualsCE>1http://arstechnica.com/tech-policy/2015/12/beware-of-state-sponsored-hackers-twitter-warns-dozens-of-users/
4314/12/2015?ComcastResearchers at Malwarebytes identify a malvertising campaign targeting Comcast Users via the Xfinity search page.MalvertisingIndustry: TelcoIndustry: TelcoUShttps://blog.malwarebytes.org/malvertising-2/2015/12/comcast-customers-targeted-in-elaborate-malvertising-attack/
4414/12/2015AnonymousSeveral ESA domains:
Members of the online hacktivist Anonymous hacks several subdomains of the European Space Agency website and leak personal and login credentials of more than 8000 subscribers and officialsSQLiOrganization: Space AgencyHN/Ahttps://www.hackread.com/anonymous-hacks-european-space-agency-domains/
4514/12/2015Islamic Cyber ArmyMilitary Officials in France and USIn reaction to the campaign of the Anonymous against ISIS, the group leaks personal data, and claims that it belongs to military officials in France and US.UnknownMilitaryCWUS
4614/12/2015ProjectDumphttp://www.bluebooktrader.com/ProjectDump hacks bluebooktrader.com and dumps 6,187 usernames and hashed passwords.UnknownOnline ServicesCCCAhttp://pastebin.com/Dmjb4SeJ
4715/12/2015?Several Internet Services in BostonSeveral Internet services in Boston are disrupted by a DDoS attack, defines as a “minor act of cybervandalism”. The outage, affects city agencies and the police and fire departments.DDoSGovernmentCCUShttp://www.bostonherald.com/news/local_coverage/2015/12/officials_call_city_hall_cyberattack_minor
4815/12/2015?Swiss CleanersThe dry cleaning firm Swiss Cleaners suffered a point of sale data breach that could have potentially stolen the data from every payment card type used in the eight-store chain for almost one year.PoS MalwareIndustry: Dry CleanersCCUShttp://www.scmagazine.com/pos-attack-hits-swiss-cleaners-for-10-months/article/459952/


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: