Last Updated on January 25, 2016

It’s time to publish the first timeline of 2016, covering the main cyber attacks between 1 and 15 January 2016.

A new year begun under the sign of hacktivism, since the Anonymous and their affiliates have characterized this fortnight withseveral attacks (essentially DDoS ) against the governments of Thailand, Saudi Arabia, Nigeria, and also a primary automotive company like Nissan.

Time Warner Cable, Linode, and (partially) Citrix characterized the cyber crime landscape. In particular the event that occurred to Citrix is still surrounded by mistery, since the alleged hack, denied by the company, was unveiled in October.

Curiously there were no events driven by Cyber Espionage this month (so far).

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
102/01/2016New World Hacktivists (NWH)donaldjtrump.comThe hacking group New World Hacktivists (NWH) takes down the official Election Campaign website of American Presidential candidate Donald Trump ( The same attackers claim responsibility for the DDoS attack that crippled the BBC website during the New Year’s Eve.DDoSSingle IndividualHUS
203/01/2016AnonymousSaudi Arabian Government
The Anonymous protest against the execution of 47 people in Saudi Arabia and take down several high-profile Saudi Arabian government websites under the banner of operation #OpSaudi and #OpNimr. DDoSGovernmentHSA
303/01/2016Sc0rp!n Att@ck3r from Muslim Cyber ArmyGoa University!n Att@ck3r from Muslim Cyber Army hacks the Goa University ( and dumps 10,380 records with hashed passwords.UnknownEducationHIN
404/01/2016?Saudi Ministry of Defense
The tension between Iran and Saudi Arabia continue in the cyberspace: a group of unknown hackers carries on a DDoS attack on Saudi Arabian Ministry of Defense
505/01/2016Anonymous14 Thailand Police WebsitesThe Anonymous start their campaign against the Thai government and claims responsibility for shutting down 14 Thailand police websites to protest the death sentences of two Myanmar migrant workers (Zaw Lin and Win Zaw Htun) convicted of murdering two British tourists (Hannah Witheridge and David Miller).DDoSLaw EnforcementHTH
605/01/2016?LinodeAfter struggling with a long-lasting DDoS attack, Linode reports a credential leak and runs a system-wide password reset on customer accounts.Account HijackingIndustry: Web HostingCCUS
Christian Group
Another massive database leaked in the wild… Chris Vickery, a security researcher discovers a leak containing 56 million records belonging to right-wing Christian group originating in the US.UnknownOrganization: Political PartyCCUS
805/01/2016?Chinese Banks’ CustomersMcAfee reveals the details of a novel phishing campaign against Chinese banks’ customers that lures users sending phishing text messages and redirecting them to authenticate into fake websites.Account HijackingSingle IndividualsCCCN
905/01/2016ISISFacebook Account of Ruqia HassanThe Independent reveals that after murdering the activist Ruqia Hassan Mohammed in September, the ISIS jihadists hijacked and continued to operate her social media accounts until very recently to lure other opponents into a trap.Account HijackingSingle IndividualCWLB
1005/01/2016root AKA @ciadotgovallwomenstalk.comRoot AKA @ciadotgov hacks and dumps 136,938 usernames and passwords.UnknownSocial NetworkCCUA
1105/01/2016? unknown hacker hacks and dumps 3,096 records including usernames and hashed passwords.SQLiIndustry: recruitingCCBR
1206/01/2016?DellA new tech support scam targeting Dell customers raises concern that the PC manufacturer could have been breached since the criminals seem to be in possess of private information of the victims. UnknownIndustry: Computer HardwareCCUS
1306/01/2016?Forbes WebsiteBrian Baskin, a digital forensics expert, is served with malware when visiting the Forbes’ website, after the AD blocker as suggested.MalvertisingNewsCCUS
1406/01/2016GeNiuS-JorDanRepublic of Uganda Ministry of Foreign AffairsA hacker going with the online handle of GeNiuS-JorDan defaces the official website of The Republic of Uganda, Ministry of Foreign Affairs, posting a message against the US Invasion of Iran.DefacementGovernmentHUG
alda-europe.euA hacker called DeleteTheDamnElite hacks and dumps 6,594 emails.SQLiOrganization: PoliticsCCN/A
1607/01/2016?Time Warner CableTime Warner Cable warns that login credentials for 320,000 customers may have been stolen. However the event looks more like a phishing attack rather than a direct hack.Account HijackingIndustry: TelcoCCUS
 1707/01/2016?Japanese Banks’ CustomersResearchers at IBM X-Force unmask the cybergang that controls the Rovnix Trojan launching an aggressive campaign against 14 major Japanese Banks.MalwareSingle IndividualsCCJP
1807/01/2016root AKA @ciadotgovbattlefy.comroot AKA @ciadotgov hacks and dumps 89,299 usernames and hashed passwords.UnknownOnline ServicesCCUS
1908/01/2016AnonymousNigerian Government websitesIn name of #OpNigeria and #OpCorruption, the Nigerian branch of the Anonymous takes down several government websites.DDoSGovernmentHNG
2008/01/2016IBH Indian Black HatsPakistani Government websitesAn Indian hacking crew going by the name of IBH (Indian Black Hats) defaces several Pakistani websites in revenge for the death of Lt. Col. Niranjan Kumar and as an homage to his two-year-old daughter Vismaya.DefacementGovernmentCWPK
2108/01/2016?Indian Institute of Management – Ahmedabad (IIM-A) results of the Common Admission Test (CAT) 2015 for the Indian Institute of Management – Ahmedabad are leaked before being officially released.UnknownEducationCCIN
2208/01/ ForumA hacker called Sonny hacks the forum and dumps 34,658 records including usernames and hashed passwords.SQLiIndustry: Web HostingCCCY
2309/01/2016?InterxionData center services Interxion informs customers that it has suffered a security breach, which has seen hackers access contact information stored in its CRM about corporate clients and prospects. The breach happened in December and could have affected 23,200 users.UnknownIndustry: Web HostingCCNL
2409/01/2016Fr0mShellover2craft.frA crew called Fr0mShell hacks and dumps 5,868 accounts with clear text passwords.UnknownOnline ServicesCCFR
2510/01/2016?Jeremy Corbyn Twitter Account @jeremycorbynAn attacker takes over the Twitter account of the Labour Leader Jeremy Corbyn and posts several bogus tweets. In particular one of them mocks the UK Prime Minister David Cameron.Account HijackingSingle IndividualCCUK
2610/01/2016ROR[RG]LifeSaferA hacker called ROR[RG], who acts as the moderator of the recently re-booted Hell hacking forum, dumps supposed internal documents of LMG Holdings, and more specifically, at least one of the companies it owns, LifeSafer, specialized in Car Breathalyzer.UnknownIndustry: Car BreathalyzerCCUS
2710/01/2016Fr0mShello2c.frFr0mShell hacks and dumps 4,160 accounts with clear text passwords.UnknownNewsCCFR
2810/01/2016root AKA @ciadotgovmilq.comroot AKA @ciadotgov hacks and dumps 3,594 usernames and hashed passwordsUnknownSocial NetworkCCCA
2911/01/2016?,000 British fans of the dance music band Faithless have their personal data stolen after the website is hacked. The breach happened in September but is reported only in January 2016.SQLiIndustry: EntertainmentCCUK
3011/01/2016Crackas With Attitude or CWASocial Media Accounts of James Clapper Director of National IntelligenceCrackas With Attitude or CWA, the same teen hackers who last year broke into the CIA Director John Brennan’s email accounts, now target the Director of National Intelligence James Clapper, breaking into several email accounts and changing the settings so that every call to his house number get forwarded to the Free Palestine Movement.Account HijackingSingle IndividualHUS
3111/01/2016?TaxActTax software maker TaxAct informs some of its customers that an unauthorized third party accessed their TaxAct account in late 2015. UnknownIndustry: SoftwareCCUS
3211/01/2016?Minesota Court system.mncourts.govThe Minnesota court system announces that its website ( was down for ten days in December due to a series of severe DDoS attacks.DDoSGovernmentCCUS
3311/01/2016?Brigham and Women’s and Brigham and Women’s Faulkner HospitalsBrigham and Women’s and Brigham and Women’s Faulkner Hospitals report an incident involving the compromise of an employee’s email account. The information of 1,009 patients is compromised.Account HijackingHealthcareCCUS
3412/01/2016Cyber TeamRoxCambodian WebsitesA group of online hackers calling themselves Cyber TeamRox deface several Cambodian websites over the past two days, including those of the Cambodian Navy, AEON Microfinance and Build Bright University.Defacement>1CCKH
3513/01/ name of #OpKillingBay, the Japanese carmaker suspends its global ( and Japanese ( sites after they are DDoSed by the Anonymous.DDoSIndustry: AutomakerHJP
3613/01/2016AnonymousHundreds of Thai Government WebsitesThe Anonymous continue their campaign against Thai government and take down hundreds of government websites over death sentences handed down to two Myanmar migrant workers (Zaw Lin and Win Zaw Htun) for the murder of two British tourists (Hannah Witheridge and David Miller).DDoSGovernmentHTH
3713/01/2016W0rmCitrixA Russian hacker dubbed W0rm claims to have broken into systems run by Citrix, and gained access to potentially a huge number of customers.UnknownIndustry: SoftwareCCUS
3813/01/2016ElSurveillanceebar.comElSurveillance hacks and dumps 1,148 usernames and clear text passwords.UnknownNewsHUS
3914/01/2016Crackas With Attitude or CWASocial Media Accounts of Vonna Weir HeatonThe teen hackers of CWA hack the Facebook and Linkedin accounts of Vonna Weir Heaton, a former senior executive at the National Geospatial-Intelligence Agency (NGA).Account HijackingSingle IndividualHUS
4014/01/2016?Hokkaido UniversityHokkaido University reveals that the personal data of more than 110,000 students and graduates may have been leaked due to unauthorized access of its computer systems by unknown parties.UnknownEducationCCJP
4114/01/2016?Blue Shield of CaliforniaBlue Shield of California announces that personal information from nearly 21,000 individual and family plan customers was accessed in a security breach late last year.UnknownHealthcareCCUS
4214/01/2016Blink Hacker GroupSupreme Court of ThailandThe Operation #BoycottThailand, aimed to expose the wrongdoing of Thai Police over the death sentences handed down to two Myanmar migrant workers, continues. Blink Hacker Group, a collective affiliated to the Anonymous leaks 1Gb of data belonging to Thailand’s Supreme Court.UnknownGovernmentHTH
4314/01/2016bRpsdemkoelektronik.comA hacker with the handle bRpsd hacks and dumps 9,253 usernames with clear text passwords.UnknownIndustry: Control InstrumentsCCTR
4415/01/2016?CryptsyPaul Vernon, founder of Cryptsy announces that the cryptocurrencies exchange has been hacked. The announcement is made more than a year after the discovery of the hack because Cryptsy, in the meantime, was trying to cover the losses, which amount to USD 6M.Code BackdoorCryptocoin ExchangeCCUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.