Last Updated on February 8, 2016

It’s time to publish the second part of the January 2016 Cyber Attacks Timeline (Part I here) covering the main Cyber Attacks occurred between January 16 and January 31.

This fortnight has shown quite a high number of events, in terms of impact the most important ones hit two companies, a bank (Crelan) and an aerospace industry (FACC), which lost respectively USD 75.8 and 54.5 as the effect of a BEC (Business Email Compromise).

Another remarkable event concerns a “possible” hack of NASA. The term “possible” is more than justified here since there are many doubts regarding the fact that the attack really happened.

And while Israel and Ukraine were the victims of more cyber attacks against their critical infrastructures, HSBC was flooded by a DDoS attack, the Cyber War between Armenian and Azerbaijani hackers added new chapters, and the Anonymous continued their personal war against the Taiwanese government.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
113/01/2016?TaxSlayerTax preparation software publisher TaxSlayer notifies about 8,800 of its customers that an unauthorized third party may have gained access to the personal information contained on their tax return.UnknownIndustry: SoftwareCCUS
216/01/2016Russia?Kiev AirportUkrainian authorities announce to review the defences of government computer systems, after detecting a cyber attack on Kiev’s main airport launched from a server in Russia.Targeted AttackAirportCWUA
316/01/2016Börteçine Siber TimRussian Embassy in Israel crew of Pro-Turkish hackers defaces the website of the Russian Embassy in Israel (
416/01/2016?KickassTorrents kat.crKickassTorrents ( is taken down by a DDoS attack. DDoSTorrent TrackerCCN/A
516/01/2016?pagesjaunesdusenegal.comAn unknown attacker hacks and dumps 9500 usernames and hashed passwords.UnknownOnline ServicesCCUS
618/01/2016?boards.ieThe popular Irish forum is taken down by a DDoS attack.DDoSForumCCIE
718/01/2016Islamic State HackerTsinghua UniversityAn ISIS-affiliated hacker dubbed “Islamic State Hacker” defaces the website of the Tsinghua University and leaves jihadist messages on some of the site’s pages.DefacementEducationHCN
818/01/2016CWA (Crackas WIth Attitude)John HoldrenCrackas With Attitude claims to have hacked the home telephone and email account of President Barack Obama’s senior advisor on science and technology John Holdren.Account HijackingSingle IndividualCCUS
918/01/2016Turk Hack TeamSeveral Iranian Government WebsitesHackers from Turk Hack Team take down several Iranian government websites including Ministry of information, Ministry of Foreign Affairs, Ministry of Energy and the official website of the President of the Islamic Republic of Iran (
1019/01/2016?CrelanBelgian bank Crelan is the last victim of fraudsters, with a damage of over EUR 70 million (around $75,8 million).Account HijackingFinanceCCBE
1119/01/2016?FACCAerospace parts manufacturer FACC says that its financial accounting department has been attacked by hackers, who managed to steal approximately €50 million ($54.5 million). Account HijackingIndustry: AerospaceCCAT
1219/01/2016?Royal Melbourne HospitalThe Royal Melbourne Hospital’s core computer systems and personal computer systems have been infected by a virus. After two weeks the hospital still struggles to mitigate the infection.MalwareHealthcareCCAU
1319/01/2016?MSN.comMalwarebytes detects a malvertising campaign targeting the MSN Home Page via the AD network AdSpiritMalvertisingIndustry: SoftwareCCUS
1419/01/2016Gaza Cybergang or Gaza Hackers TeamSeveral individuals in Israel, Egypt, Saudi Arabia, United Arab Emirates, Iraq, US and EU.ClearSky Cybersecurity reveals a new campaign originating from the Gaza Cybergang, also known as the Gaza Hackers Team. The malware is named DustSky (or NeD Worm), and targets victims in Israel, Egypt, Saudi Arabia, United Arab Emirates, Iraq, US and some European states.Targeted Attack>1CE>1
1519/01/2016WKPFEkonombankA group of Turkish hackers dubbed WKPF defaces the official website of Russia’s Joint-Stock Commercial Bank for Reconstruction and Development Ekonombank.DefacementFinanceHRU
1619/01/2016root AKA @ciadotgovcodemasters-project.netroot AKA @ciadotgov hacks and dumps 57,109 usernames and hashed passwords.SQLiForumCCN/A
1720/01/2016Russia?Ukrainian UtilitiesESET reveals a new wave of cyberattacks against the Ukrainian electric power industry.Targeted AttackUtilitiesCWUA
1820/01/2016?JYP Entertainment jype.comUnknown hackers take down the website of JYP Entertainment.DDoSIndustry: EntertainmentCCKR
1921/01/2016Anonymous?Flint HospitalHurley Medical Center in Flint, Mich. is hit by a cyber attack, one day after the hacktivist group, Anonymous, threatened to take action for the city’s water crisis DDoSHealthcareHUS
2021/01/2016MMCA (Monte Melkonian Cyber Army)Official websites of Permanent Mission of Armenia in NATO, Permanent Mission of the organization for Security and Co-operation in Europe (OSCE) and Permanent Mission of the United Nations.Hackers from the Monte Melkonian Cyber Army deface the official websites of Permanent Mission of Armenia in NATO, Permanent Mission of the organization for Security and Co-operation in Europe (OSCE) and Permanent Mission of the United Nations.Defacement>1CW>1
2122/01/2016?State of Michigan Portal michigan.govThe State of Michigan confirms to have suffered a cyber attack similar to the one targeting Hurley Medical Center.DDoSGovernmentHUS
2222/01/2016?Anonymous, Hurley Medical Center, FlintThe University of Virginia admits to have been targeted by a data breach which has placed the private data of employees at risk. Cyberattackers were able to access a component of the HR system, leading to the exposure of information belonging to approximately 1,400 Academic Division employees.Account HijackingFinanceCCUS
2322/01/2016?Premier Lotteries IrelandPremier Lotteries Ireland (PLI), which runs the Irish Lottery, confirms in a statement that it suffered a distributed denial-of-service (DDoS) attack that knocked its website offline and made it inaccessible to gamblers for some hours.DDoSLotteryCCIE
2422/01/2016?Irish Government WebsitesA number of Irish government-related and public sector websites are knocked offline by an apparent DDoS attack.DDoSGovernmentCCIE
2522/01/2016Crazy-3r3rblog.imam-khomeini.irA Saudi hacker called Crazy-3r3r defaces the official web portal of Supreme Leader of Iran Ruhollah Khomeini ( IndividualCWIR
2623/01/2016AnonymousNarita International AirportThe Anonymous claim responsibility for taking down the Narita International Airport website in revenge for the detainment of a leading US animal rights DDoSAirportHJP
2723/01/2016Ourmineforums.dayzgame.comThe online forums of the DayZ gaming community ( are compromised by a group of Saudi Arabian hackers known as OurMine. 200,000 accounts could be potentially compromised.UnknownForumCCUS
2823/01/2016Lorde Bashtien80 police officers from several Miami departments.A hacker dubbed Lorde Bashtien releases the personal details of 80 police officers from the Miami Police Department, the Miami-Dade Police Department, and the Miami Beach Police Department.UnknownLaw EnforcementHUS
2923/01/2016Black-Spytoyota.ruBlack-Spy hacks and dumps 5,108 records with personal data.UnknownIndustry: AutomotiveCCRU
3023/01/2016root AKA @ciadotgovkakasure.comroot AKA @ciadotgov hacks and dumps 57,000 usernames and hashed passwords.UnknownOnline ServicesCCJP
3124/01/2016Codoso or C0d0s0Single IndividualsSecurity researchers from Palo Alto Networks report an increased activity from Codoso or C0d0s0, the Chinese-linked cyber-espionage group that previously hacked and later Samsung Pay.Targeted AttackSingle IndividualsCE>1
3224/01/2016?Bank YerushalayimHackers break into the servers of Bank Yerushalayim and access data on thousands of customers.UnknownFinanceCCIL
3324/01/2016Gensu & hack is not particularly impacting (664 usernames) but it affects an official subdomain of Ferrari.UnknownIndustry: AutomotiveCCIT
3425/01/2016Scarlet MimicMinority Activist Groups in ChinaResearchers from Palo Alto Networks unveil a four-year long cyber-attack campaign with the primary mission of gathering information about minority activist groups in China (Uyghur and Tibetan groups). The campaign is dubbed ‘Scarlet Mimic’Targeted AttackActivists GroupsCECN
3525/01/2016Anonymous Conservative2016iowacaucus.comA crew dubbed Anonymous Conservative defaces the 2016 Iowa Caucus website ( PoliticsHUS
3625/01/2016?Hailey BaldwinUnknown hackers obtain personal details of Hailey Baldwin and dump personal data including her phone number.Account HijackingSingle IndividualCCUS
3726/01/2016?Israel’s Electric AuthorityThe Israeli Energy Minister reveals that the Israel’s Electric Authority is currently targeted by a severe cyber-attack.Targeted AttackUtilitiesCCIL
3826/01/2016?Fraternal Order of Police (FOP) fop.netUK-based researcher and activist Thomas White releases 2.5 GB of data stolen in a recent hack of the computer systems of the Fraternal Order of Police (FOP), the biggest police union in the United States. The activist is not the author of the attack and admits to have received the data from an unknown sourceUnknownLaw EnforcementCCUS
3926/01/2016?Several .edu and .gov targetsSymantec reports the worldwide infection of 3,500 public servers with a malicious script that redirects victims to other compromised websites that could be used to download malware and which the company said could be part of a recon effort for future attacks.HTML redirectionEducation GovernmentCEUS
4026/01/2016?Sydney Data CenterThe notorious spyware FinFisher, used to infect mobile phones and computers, has been found in a Sydney data centre. The origin is claimed to be in Indonesia.Targeted AttackN/ACEN/A
4126/01/2016Hanom1960 AKA @hanomlulzsecCosta Rica Ministry of Culture and Foreign Affairs rree.go.crIn name of #OpPuraVida, a form of protest against the CAFTA trade deal, a hacker dubbed Hanom1960 AKA @hanomlulzsec hacks the Costa Rica Ministry of Culture and Foreign Affairs.DefacementGovernmentHCR
4227/01/2016?Wendy’sWendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. UnknownIndustry: RestaurantCCUS
4328/01/2016?CPanelCPanel says the company has managed to repel a cyberattack against servers containing customer data. One of the cPanel customer databases might have been breached.UnknownIndustry: SoftwareCCUS
4428/01/2016?Rotten Tomatoes and The Jerusalem Post WebsiteMalwarebytes identifies a malvertising campaign targeting several high-profile sites such as: Rotten Tomatoes and The Jerusalem Post.Malvertising>1CC>1
4528/01/2016AnonymousTaiwanese Prison SystemAnonymous’ crusade against the Thai justice system continues: the hacktivists take down 20 websites belonging to the local prison system.DDoSLaw EnforcementHTH
4628/01/2016MMCA (Monte Melkonian Cyber Army)Azerbaijani government serversHackers from Monte Melkonian Cyber Army take down several Azerbaijani government servers including: the E-Government Portal (, Ministry of Taxes of the Republic of Azerbaijan ( and the official Internet resource of the State Bodies (
4728/01/2016?valleyevents.caAn unknown hacker hacks and dumps 4.646 usernames and hashed passwords.UnknownOnline ServicesCCCA
4829/01/2016?HSBCHSBC is hit by an apparent DDoS attack on its online banking system.DDoSFinanceCCUK
4929/01/2016?Neiman Marcus GroupNeiman Marcus Group (NMG) reports that someone gained unauthorized access to 5,200 online customer accounts on the Neiman Marcus, Bergdorf Goodman, Last Call, and CUSP websites.UnknownIndustry: RetailCCUS
5030/01/2016Hanom1960 AKA @hanomlulzsecColombian Ministry of Education & Colombian Ministry of Information and CommunicationsHanom1960 continues his campaign and leaks the databases of the Colombian Ministry of Education & Colombian Ministry of Information and Communications.UnknownGovernmentHCO
5130/01/2016?pastebin.comPastebin is taken down by a huge DDoS attack.DDoSOnline ServicesCCNL
5231/01/2016Anonsecnasa.govThe AnonSec collective claims to have broken into the computer systems of NASA, partially hijacking a drone, stealing hours of on-board footage from the agency’s fleet of aircraft, hundreds of data logs from its weather and climate missions, as well as a list of names, phone numbers and emails of more than 2,400 employees. The Agency denies the hack and many experts believe the information is unclassified and partially public.MalwareGovernmentHUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.