| ID |
Date |
Author |
Target |
Description |
Attack |
Target
Class |
Attack Class |
Country |
| 1 |
16/12/2015 |
Phantom Squad |
Xbox Live |
Phantom Squad prepare their Christmas campaign and claim responsibility for a DDoS attack on Microsoft’s Xbox Live service. |
DDoS |
Industry: Video Games |
CC |
US |
| 2 |
16/12/2015 |
APT16 |
Taiwan |
Security researchers from FireEye unveil the details of APT16, a new APT group linked to mainland China, targeting Taiwanese politicians and members of the media, just weeks before the country’s elections. |
Targeted Attack |
Government |
CE |
TW |
| 3 |
16/12/2015 |
C0d3c1t4d3l |
keepyourlinks.com |
C0d3c1t4d3l hacks keepyourlinks.com and dumps 4,586 usernames and clear text passwords. |
Unknown |
Online Services |
CC |
US |
| 4 |
17/12/2015 |
? |
Juniper Networks |
Juniper Networks issues an urgent security advisory about “unauthorized code” found within the operating system used by some of the company’s firewalls and Secure Service Gateway appliances. The vulnerability, which may have been in place in some firewalls as far back as 2012 and which shipped with systems to customers until late 2013, allows an attacker to gain remote administrative access to systems with telnet or ssh access enabled. |
Unauthorized Code |
Industry: Networking |
CE |
US |
| 5 |
17/12/2015 |
? |
Landry’s Inc. |
Landry’s Inc. is the latest hospitality firm to suffer a credit card breach |
PoS Malware? |
Industry: Hospitality |
CC |
US |
| 6 |
17/12/2015 |
Mexican Drug Cartels |
Unmanned Air Vehicles |
The US Department of Homeland Security (DHS) and the US Customs and Border Protection (CBP) agency report on incidents where drug traffickers have hacked unmanned air vehicles (UAVs, drones) in order to illegally and secretly cross the US-Mexican border. |
GPS Spoofing |
Government |
CC |
US |
| 7 |
18/12/2015 |
? |
Gyft |
Digital gift card retailer Gyft forces a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. |
Unknown |
Industry: Online Services |
CC |
US |
| 8 |
18/12/2015 |
Databoss |
BitTorrent clients qTorrent, Deluge and SumoTorrent |
A hacker known as Databoss steals the databases of BitTorrent clients qTorrent and Deluge, and offers access to all the data via his website databoss.io. |
Unknown |
BitTorrent Clients |
CC |
N/A |
| 9 |
19/12/2015 |
Monte Melkonian Cyber Army |
Azerbaijani Ministry of Labour and Social protection Azerbaijani Ministry of Emergency Situations |
Armenian hackers from The Monte Melkonian Cyber Army hack the official websites of Azerbaijani Ministry of Labour and Social protection and the Ministry of Emergency Situations, and leak a trove of sensitive documents belonging to local citizens. |
Unknown |
Government |
CW |
AZ |
| 10 |
19/12/2015 |
Comcastkids |
agpestores.com |
A Crew called Comcastkids hacks agpestores.com and dumps 120,000 usernames and passwords. |
SQLi |
Industry: Payment Processing |
CC |
US |
| 11 |
19/12/2015 |
? |
Unnamed Delhi-based Firm |
The Delhi Police is probing a cyber heist in which suspected Isis hackers have routed payments made to a Delhi-based firm to the bank accounts associated with Islamic State (Isis) in Turkey. |
Account Hijacking |
N/A |
CC |
IN |
| 12 |
20/12/2015 |
Iranian hackers |
New York Dam |
The Wall Street Journal reports that Iranian hackers penetrated the online control system of a New York dam in 2013. Apparently hackers gained access to the dam through a cellular modem. |
Targeted Attack |
Utilities |
CE |
US |
| 13 |
20/12/2015 |
? |
Martub Shkreli |
Martin Shkreli, the pharmaceutical executive of Turing Pharmaceuticals facing U.S. charges of securities fraud, has his Twitter account hacked. |
Account Hijacking |
Single Individual |
CC |
US |
| 14 |
21/12/2015 |
? |
Sanrio Digital |
Chris Vickery, a security researcher discovers a leaked database of more than 3.3 million user accounts for Sanriotown.com and other Sanrio-owned websites like hellokitty.com and mymelody.com. |
Unknown |
Industry: Toys |
CC |
JP |
| 15 |
22/12/2015 |
Roaming Tiger |
Russian Speaking Organizations |
Palo Alto Networks unveils the details on a cyber-espionage campaign currently targeting Russian or Russian-speaking organizations. The campaign seems the continuation of an operation first uncovered by ESET, called Roaming Tiger. Suspects are directed to China. |
Targeted Attack |
Government |
CE |
RU |
| 16 |
23/12/2015 |
? |
Hyatt Hotels Corporation |
Hyatt Hotels Corporation announces that it recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations (627 properties across more than 50 countries). |
PoS Malware |
Industry: Hospitality |
CC |
US |
| 17 |
24/12/2015 |
? |
Livestream |
Video live-streaming service Livestream notifies customers of a security breach that may have given unauthorized persons access to user information such as email addresses, encrypted passwords, dates of birth and phone numbers. |
Unknown |
Online Services |
CC |
US |
| 18 |
24/12/2015 |
Phantom Squad |
Electronic Arts |
Phantom Squad, the group of hackers who threatened to ruin the Christmas for gamers decide to keep their promise and take down the Electronic Arts servers. |
DDoS |
Industry: Video Games |
CC |
US |
| 19 |
24/12/2015 |
Russia? |
Ukrainian Utilities |
The Ukrainian government blames power outages in the Western Ukraine on “hacker attacks by Russian special services”. According to the Security Service of Ukraine (SBU), malware has been found in the networks of some utilities. Moreover, these malware intrusions coincided with a “non-stop telephone flood at utility plants’ technical support departments”, according to local reports. |
Targeted Attack |
Government |
CW |
UA |
| 20 |
24/12/2015 |
Anonymous Rabaa Team |
Ministry of the Environment in Costa Rica sirea.minae.go.cr/ |
Egyptian hackers associated with the Anonymous Rabaa Team deface the website of the Ministry of the Environment in Costa Rica, and more specifically, two pages with details about the System of Conservation Areas and the Isla del Coco (Cocos Island), the inspiration for Isla Nublar from the Jurassic Park movies. |
Defacement |
Government |
H |
CR |
| 21 |
24/12/2015 |
Anonymous |
Turkish leading banks such as Isbank, Garanti and Ziraat Bank |
Anonymous claims responsibility for the wave of DDoS attacks against Turkey (accusing the government to support ISIS) and starts a second wave against some Turkish leading banks such as Isbank, Garanti and Ziraat Bank. |
DDoS |
Finance |
H |
TR |
| 22 |
24/12/2015 |
? |
Brian Kreb’s Paypal Account |
Brian Kreb’s PayPal account is hacked. The attackers tried unsuccessfully to send his PayPal funds to Junaid Hussain, a 17-year-old member of the hacktivist group Team Poison tied to the jihadist militant group ISIS. |
Account Hijacking |
Single Individual |
CC |
US |
| 23 |
24/12/2015 |
Exe-code |
geolify.com |
Exe-code hacks geolify.com and dumps 3.706 usernames and hashed passwords. |
Unknown |
Online Services |
CC |
AU |
| 24 |
25/12/2015 |
? |
Steam |
A DDoS attack against Steam causes the company to deploy a new caching configuration in production, which leads to the inadvertent exposure of 34.000 users. |
DDoS |
Industry: Video Games |
CC |
US |
| 25 |
25/12/2015 |
Anonymous |
Asia Pacific Telecommunity apt.int |
Members of the Anonymous hacker collective deface the Asia Pacific Telecommunity website (apt.int), gain access to the site’s admin panel and also manage to get their hands on a database dump. |
Defacement |
Org: Telecommunication |
H |
INT |
| 26 |
25/12/2015 |
? |
Road Sign |
A crook decides to boost Donald Trump’s visibility in the GOP nomination race by breaking into a road sign in Corona (California) and changing its default message into one in support of the Republican candidate. |
Road Sign Hacking |
Road Sign |
CC |
US |
| 27 |
27/12/2015 |
? |
University of Connecticut |
The official Web portal of the University of Connecticut is compromised and used to spread malware to all visitors, masqueraded as a fake Adobe Flash Player update. |
DNS Hijacking |
Education |
CC |
US |
| 28 |
27/12/2015 |
ElSurveillance |
79 escort websites |
A Moroccan hacker who calls himself ElSurveillance defaces and steals data from 79 escort websites, as part of a larger campaign he started last summer, a campaign against adult and escort portals motivated by religious beliefs. |
Defacement |
Adult Sites (Escort) |
H |
>1 |
| 29 |
27/12/2015 |
? |
Quincy Credit Union |
Quincy Credit Union temporarily suspends its customers’ ATM cards after multiple people reported fraudulent charges. The banks confirms it is investigating a possible hack. |
Unknown |
Finance |
CC |
US |
| 30 |
28/12/2015 |
? |
191 million American citizens registered to vote |
Researcher Chris Vickery uncovers a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote (300 Gb). The data appears to date back to 2000. The researchers point the finger to NationBuilder, a service that sets up digital campaigns for political parties. |
Unknown |
Government |
CC |
US |
| 31 |
28/12/2015 |
? |
Rutgers University |
Rutgers University is the target of a large-scale DDoS attack that keeps some of its systems down for four days between December 24 and December 28. |
DDoS |
Education |
CC |
US |
| 32 |
28/12/2015 |
? |
Several Dance Moms cast members |
Several Dance Moms cast members, including Abby Lee Miller, Mackenzie Ziegler and others have their phone numbers and other cast info posted on social media by an unknown hacker. |
Account Hijacking |
Single Individuals |
CC |
US |
| 33 |
28/12/2015 |
? |
tunesoman.com |
An unknown hacker hacks tunesoman.com and dumps 7,343 usernames and passwords. |
Unknown |
Industry: E-Commerce |
CC |
OM |
| 34 |
29/12/2015 |
? |
Linode |
Virtual server host Linode is the target of a four days lasting DDoS attack. |
DDoS |
Industry: Hosting |
CC |
US |
| 35 |
29/12/2015 |
Mr.Sh4hz3b-HaXoR |
aerobertics.be |
A hacker called Mr.Sh4hz3b-HaXoR hacks aerobertics.be and dumps 1,259 usernames and hashed passwords. |
SQLi |
Industry: E-Commerce |
CC |
BE |
| 36 |
30/12/2015 |
Mr 4nOnymOus (part of 034th adr355 Cr3w) |
kasganjlive.in |
Another episode of the Cyber War between India and Pakistan. A local news portal of Kasganj district (kasganjlive.in) is hacked by a Pakistani hacker called Mr 4nOnymOus. |
Defacement |
News |
CW |
IN |
| 37 |
30/12/2015 |
? |
psicamp.it/ |
An unknown hacker hacks psicamp.it and dumps 2049 usernames and passwords. |
Unknown |
Org: Health |
CC |
IT |
| 38 |
31/12/2015 |
? |
BBC |
All the BBC’s websites are unavailable early following a DDoS attack. |
DDoS |
Industry: Media |
CC |
UK |
| 39 |
31/12/2015 |
China? |
Several individuals leaders of China’s Tibetan and Uighur minorities |
According to former Microsoft employees, Microsoft experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular, but it decided not to tell the victims, allowing the hackers to continue their campaign. |
Targeted Attack |
Single Individuals |
CE |
.TI |
| 40 |
31/12/2015 |
? |
Cyberoam |
Security firm Cyberoam confirms a cyber attack on its systems last week, resulting in possible leakage of its database containing personal details of one million records of customers and partners. Apparently the author of the attack is trying to sell the database in the dark web for 100 BTC ($43,000). |
Unknown |
Industry: Security Hardware and Software |
CC |
IN |
| 41 |
31/12/2015 |
bRpsd |
autolet.it |
A hacker called bRpsd hacks autolet.it and dumps 2,716 records including usernames and clear text passwords. |
SQLi |
Industry: E-Commerce |
CC |
IT |
