Last Updated on January 9, 2016

Happy new year and happy new timeline! It’s time to publish the last timeline of the year, which closes 2015 and covers the main events occurred between 16 and 31 December 2015. I do not remember such a complicated Christmas from an Infosec perspective.

The problems have begun with the threats of the Phantom Squad, who had declared to DDoS the PlayStation Network and Xbox Live, emulation the actions of the Lizard Squad one year ago. The mission has been only partially accomplished since only Xbox Live and Electronic Arts have been partially affected. However many other primary targets have been DDoSed: the list of the victims also include: Linode, several Turkish Banks, BBC and most of all Steam. The latter in particular has paid the highest price since a caching configuration change applied to handle the DDoS attack has lead to the inadvertent exposure of 34.000 users.

Then Juniper Networks has issued an urgent security advisory about “unauthorized code”, active since 2012, found within the operating system used by some of the company’s firewalls and Secure Service Gateway appliances, and few days later Chris Vicker, a security researcher has discovered a leaked database of more than 3.3 million user accounts belonging to Sanrio Digital, and finally Ukraine has admitted to have been targeted, during the Christmas Eve, by an alleged Russian malware that has caused several power outages in the country.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack ClassCountry
116/12/2015Phantom SquadXbox LivePhantom Squad prepare their Christmas campaign and claim responsibility for a DDoS attack on Microsoft’s Xbox Live service.DDoSIndustry: Video GamesCCUS
216/12/2015APT16TaiwanSecurity researchers from FireEye unveil the details of APT16, a new APT group linked to mainland China, targeting Taiwanese politicians and members of the media, just weeks before the country’s elections.Targeted AttackGovernmentCETW
316/12/2015C0d3c1t4d3lkeepyourlinks.comC0d3c1t4d3l hacks keepyourlinks.com and dumps 4,586 usernames and clear text passwords.UnknownOnline ServicesCCUS
417/12/2015?Juniper NetworksJuniper Networks issues an urgent security advisory about “unauthorized code” found within the operating system used by some of the company’s firewalls and Secure Service Gateway appliances. The vulnerability, which may have been in place in some firewalls as far back as 2012 and which shipped with systems to customers until late 2013, allows an attacker to gain remote administrative access to systems with telnet or ssh access enabled.Unauthorized CodeIndustry: NetworkingCEUS
517/12/2015?Landry’s Inc.Landry’s Inc. is the latest hospitality firm to suffer a credit card breachPoS Malware?Industry: HospitalityCCUS
617/12/2015Mexican Drug CartelsUnmanned Air VehiclesThe US Department of Homeland Security (DHS) and the US Customs and Border Protection (CBP) agency report on incidents where drug traffickers have hacked unmanned air vehicles (UAVs, drones) in order to illegally and secretly cross the US-Mexican border.GPS SpoofingGovernmentCCUS
718/12/2015?GyftDigital gift card retailer Gyft forces a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers.UnknownIndustry: Online ServicesCCUS
818/12/2015DatabossBitTorrent clients qTorrent, Deluge and SumoTorrentA hacker known as Databoss steals the databases of BitTorrent clients qTorrent and Deluge, and offers access to all the data via his website databoss.io.UnknownBitTorrent ClientsCCN/A
919/12/2015Monte Melkonian Cyber ArmyAzerbaijani Ministry of Labour and Social protection Azerbaijani Ministry of Emergency SituationsArmenian hackers from The Monte Melkonian Cyber Army hack the official websites of Azerbaijani Ministry of Labour and Social protection and the Ministry of Emergency Situations, and leak a trove of sensitive documents belonging to local citizens.UnknownGovernmentCWAZ
1019/12/2015Comcastkidsagpestores.comA Crew called Comcastkids hacks agpestores.com and dumps 120,000 usernames and passwords.SQLiIndustry: Payment ProcessingCCUS
1119/12/2015?Unnamed Delhi-based FirmThe Delhi Police is probing a cyber heist in which suspected Isis hackers have routed payments made to a Delhi-based firm to the bank accounts associated with Islamic State (Isis) in Turkey.Account HijackingN/ACCIN
1220/12/2015Iranian hackersNew York DamThe Wall Street Journal reports that Iranian hackers penetrated the online control system of a New York dam in 2013. Apparently hackers gained access to the dam through a cellular modem.Targeted AttackUtilitiesCEUS
1320/12/2015?Martub ShkreliMartin Shkreli, the pharmaceutical executive of Turing Pharmaceuticals facing U.S. charges of securities fraud, has his Twitter account hacked.Account HijackingSingle IndividualCCUS
1421/12/2015?Sanrio DigitalChris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com.UnknownIndustry: ToysCCJP
1522/12/2015Roaming TigerRussian Speaking OrganizationsPalo Alto Networks unveils the details on a cyber-espionage campaign currently targeting Russian or Russian-speaking organizations. The campaign seems the continuation of an operation first uncovered by ESET, called Roaming Tiger. Suspects are directed to China.Targeted AttackGovernmentCERU
1623/12/2015?Hyatt Hotels CorporationHyatt Hotels Corporation announces that it recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations (627 properties across more than 50 countries).PoS MalwareIndustry: HospitalityCCUS
1724/12/2015?LivestreamVideo live-streaming service Livestream notifies customers of a security breach that may have given unauthorized persons access to user information such as email addresses, encrypted passwords, dates of birth and phone numbers.UnknownOnline ServicesCCUS
1824/12/2015Phantom SquadElectronic ArtsPhantom Squad, the group of hackers who threatened to ruin the Christmas for gamers decide to keep their promise and take down the Electronic Arts servers.DDoSIndustry: Video GamesCCUS
1924/12/2015Russia?Ukrainian UtilitiesThe Ukrainian government blames power outages in the Western Ukraine on “hacker attacks by Russian special services”. According to the Security Service of Ukraine (SBU), malware has been found in the networks of some utilities. Moreover, these malware intrusions coincided with a “non-stop telephone flood at utility plants’ technical support departments”, according to local reports.Targeted AttackGovernmentCWUA
2024/12/2015Anonymous Rabaa TeamMinistry of the Environment in Costa Rica sirea.minae.go.cr/Egyptian hackers associated with the Anonymous Rabaa Team deface the website of the Ministry of the Environment in Costa Rica, and more specifically, two pages with details about the System of Conservation Areas and the Isla del Coco (Cocos Island), the inspiration for Isla Nublar from the Jurassic Park movies.DefacementGovernmentHCR
2124/12/2015AnonymousTurkish leading banks such as Isbank, Garanti and Ziraat BankAnonymous claims responsibility for the wave of DDoS attacks against Turkey (accusing the government to support ISIS) and starts a second wave against some Turkish leading banks such as Isbank, Garanti and Ziraat Bank.DDoSFinanceHTR
2224/12/2015?Brian Kreb’s Paypal AccountBrian Kreb’s PayPal account is hacked. The attackers tried unsuccessfully to send his PayPal funds to Junaid Hussain, a 17-year-old member of the hacktivist group Team Poison tied to the jihadist militant group ISIS. Account HijackingSingle IndividualCCUS
2324/12/2015Exe-codegeolify.comExe-code hacks geolify.com and dumps 3.706 usernames and hashed passwords.UnknownOnline ServicesCCAU
2425/12/2015?SteamA DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34.000 users.DDoSIndustry: Video GamesCCUS
2525/12/2015AnonymousAsia Pacific Telecommunity apt.intMembers of the Anonymous hacker collective deface the Asia Pacific Telecommunity website (apt.int), gain access to the site’s admin panel and also manage to get their hands on a database dump.DefacementOrg: TelecommunicationHINT
2625/12/2015?Road SignA crook decides to boost Donald Trump’s visibility in the GOP nomination race by breaking into a road sign in Corona (California) and changing its default message into one in support of the Republican candidate.Road Sign HackingRoad SignCCUS
2727/12/2015?University of ConnecticutThe official Web portal of the University of Connecticut is compromised and used to spread malware to all visitors, masqueraded as a fake Adobe Flash Player update.DNS HijackingEducationCCUS
2827/12/2015ElSurveillance79 escort websitesA Moroccan hacker who calls himself ElSurveillance defaces and steals data from 79 escort websites, as part of a larger campaign he started last summer, a campaign against adult and escort portals motivated by religious beliefs.DefacementAdult Sites (Escort)H>1
2927/12/2015?Quincy Credit UnionQuincy Credit Union temporarily suspends its customers’ ATM cards after multiple people reported fraudulent charges. The banks confirms it is investigating a possible hack.UnknownFinanceCCUS
3028/12/2015?191 million American citizens registered to voteResearcher Chris Vickery uncovers a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote (300 Gb). The data appears to date back to 2000. The researchers point the finger to NationBuilder, a service that sets up digital campaigns for political parties.UnknownGovernmentCCUS
3128/12/2015?Rutgers UniversityRutgers University is the target of a large-scale DDoS attack that keeps some of its systems down for four days between December 24 and December 28.DDoSEducationCCUS
3228/12/2015?Several Dance Moms cast membersSeveral Dance Moms cast members, including Abby Lee Miller, Mackenzie Ziegler and others have their phone numbers and other cast info posted on social media by an unknown hacker.Account HijackingSingle IndividualsCCUS
3328/12/2015?tunesoman.comAn unknown hacker hacks tunesoman.com and dumps 7,343 usernames and passwords.UnknownIndustry: E-CommerceCCOM
3429/12/2015?LinodeVirtual server host Linode is the target of a four days lasting DDoS attack.DDoSIndustry: HostingCCUS
3529/12/2015Mr.Sh4hz3b-HaXoRaerobertics.beA hacker called Mr.Sh4hz3b-HaXoR hacks aerobertics.be and dumps 1,259 usernames and hashed passwords.SQLiIndustry: E-CommerceCCBE
3630/12/2015Mr 4nOnymOus (part of 034th adr355 Cr3w)kasganjlive.inAnother episode of the Cyber War between India and Pakistan. A local news portal of Kasganj district (kasganjlive.in) is hacked by a Pakistani hacker called Mr 4nOnymOus.DefacementNewsCWIN
3730/12/2015?psicamp.it/An unknown hacker hacks psicamp.it and dumps 2049 usernames and passwords.UnknownOrg: HealthCCIT
3831/12/2015?BBCAll the BBC’s websites are unavailable early following a DDoS attack.DDoSIndustry: MediaCCUK
3931/12/2015China?Several individuals leaders of China’s Tibetan and Uighur minoritiesAccording to former Microsoft employees, Microsoft experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular, but it decided not to tell the victims, allowing the hackers to continue their campaign.Targeted AttackSingle IndividualsCE.TI
4031/12/2015?CyberoamSecurity firm Cyberoam confirms a cyber attack on its systems last week, resulting in possible leakage of its database containing personal details of one million records of customers and partners. Apparently the author of the attack is trying to sell the database in the dark web for 100 BTC ($43,000).UnknownIndustry: Security Hardware and SoftwareCCIN
4131/12/2015bRpsdautolet.itA hacker called bRpsd hacks autolet.it and dumps 2,716 records including usernames and clear text passwords.SQLiIndustry: E-CommerceCCIT

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.