Last Updated on April 4, 2016

It’s time to publish the timeline of the main cyber attacks occurred during the first fortnight of March, two weeks that have been characterized by an unbelievable amount of attacks aimed to file fraudulent tax returns and carried on via Business Email Compromise (and the list of the victims includes a well-known brand like Seagate).

Other remarkable events motivated by Cyber Crime include the breach suffered by 21st Century Oncology (2.2 Million patients and employees possibly compromised) and the heist against the Central Bank of Bangladesh where the $ 80 million stolen by the attackers could have been much worse without the spelling mistake that allowed to detect the illegitimate activity of the criminals.

Finland, South Korea and India were the main victims of operations motivated by Cyber Espionage a sector that also offered multiple noticeable events in this period.

Last but not least, hacktivists preferred to keep a low profile, the chronicles report the leak of Donald Trump’s voicemail, a wave of DDoS attacks against several targets in Salt Lake City (these two operations were carried on by hacktivists affiliated to the Anonymous collective) and a spree of attacks against targets in Russia in retaliation for the the Malaysia Airlines Flight MH17.

f you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/03/2016?SeagateSeagate is the last victim of a payroll phish. A Seagate employee sends the data to an outside e-mail address after receiving an e-mail purportedly from Seagate’s CEO Stephen Luczo requesting 2015 W-2 data for current and former Seagate employees.Account HijackingIndustry: Computer StorageCCUS
201/03/2016?Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG),BIMCO [Baltic and International Maritime Council] and The Standard Club issue a warning regarding an alleged security breach in the Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG), potentially resulting in the release of ships’ data to pirates. MTISC-GoG denies the claims.UnknownOrg: Anti-Piracy Maritime SecurityCCGU
301/03/2016@TheFamilyMethodBank of North DakotaMembers of the @TheFamilyMethod claim to have hacked the Bank of North Dakota and dump the records of 124 transactions.SQLiFinanceCCUS
401/03/2016@0x1Taylorsktorrent.eu@0x1Taylor hacks sktorrent.eu and dumps more than 117,000 usernames and passwords.SQLiTorrent TrackerCCSK
501/03/2016?Pharm-Olam InternationalPharm-Olam International starts notifying employees of a security incident that compromised their names, Social Security and income informationAccount HijackingIndustry: Legal ServicesCCUS
601/03/2016RyanDa1338plastic4you.ruRyanDa1338 hacks plastic4you.ru and dumps 26,396 usernames and passwords.UnknownIndustry: Plastic SurgeryCCRU
701/03/2016DarkHotelSeveral ExecutivesChinese Company ThreatBook reveals a new spree in the infamous DarkHotel Campaign dubbed Operation 8651.Targeted Attack>1CE>1
802/03/2016?Central Concrete SupplyCentral Concrete Supply notifies its employers of a security incident that might have been exposed their personal information.Account HijackingIndustry: ConcreteCCUS
902/03/2016?cplusplustutor.comAn unknown hacker hacks cplusplustutor.com and dumps 5,596 usernames and hashed passwords.UnknownOnline ServicesCCUS
1003/03/2016?Unnamed Global Shipping CompanyAn incident detailed in the recently released Verizon Data Breach Digest report, unveiled this week at the RSA security conference reveals that a global shipping company has been the victim of high-seas piracy aided by a network intrusion. The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo.UnknownIndustry: ShippingCCN/A
1103/03/2016?Cox CommunicationsCox Communications investigates a possible data breach after alleged names, email addresses, phone numbers, and other information relating to some 40,000 employees is currently advertised on The Real Deal Market, a marketplace specialising in stolen data and computer exploits.UnknownIndustry: TelcoCCUS
1204/03/2016?MoneytreeMoneytree is the latest company to alert current and former employees that their tax data, including Social Security numbers, salary and address information, was accidentally handed over directly to scam artists.Account HijackingIndustry: Financial ServicesCCUS
1304/03/2016?Mansueto VenturesAnother victim of a payroll phish: unknown criminals obtain the IDs of 90 percent of the employees of Mansueto Ventures and use the data to file the fraudulent tax returns.Account HijackingIndustry: PublishingCCUS
1404/03/2016?GCIGCI notifies more than 2,500 employees that their W-2 forms were stolen in an apparent phishing scam in February.Account HijackingIndustry: TelcoCCUS
1504/03/2016?Rosen Hotels & ResortsUS chain Rosen Hotels & Resorts is the latest to confirm a malware-based breach of its payment processing systems. The breach covered an extended period between September 2, 2014 to February 18, 2016POS MalwareIndustry: Hotel and HospitalityCCUS
1604/03/2016Cyber AnakinSeveral websites including km.ru and nival.comCyber Anakin, a teenage hacker angry about the downing of the Malaysia Airlines Flight MH17, claims to have breached several random Russian websites and spilling the private information on 1.5 million of Russian internet users.Unknown>1HRU
1705/03/2016AnonymousDonald Trump’s voicemailDonald Trump’s voicemail is allegedly  hacked by members of Anonymous. The messages are published on Gawker.Account HijackingSingle IndividualHUS
1805/03/2016Caliphate Cyber Army55 New Jersey police officersHackers from the Caliphate Cyber Army release the information of 55 New jersey Police Officers, including home addresses, phone numbers and working locations.UnknownLaw EnforcementCWUS
1905/03/2016Hackers affiliated to ISISUnnamed South Korean news-clipping firmSouth Korean officials launch an investigation into whether an Islamic State militant group hacked a South Korean news-clipping firm’s computer network. Data on 20 South Koreans was reportedly acquired in the attackUnknownIndustry: NewsCWKR
2007/03/2016Pawn StormSeveral Government Offices in TurkeyA new report from Trend Micro reveals that the Russian Group behind the Operation Pawn Storm is targeting several offices in TurkeyTargeted AttackGovernmentCETR
2107/03/2016Operation Transparent TribeIndian Officials WorldwideResearchers from ProofPoint reveal the details of Operation Transparent Tribe, a campaign against Indian Officials worldwide.Targeted AttackGovernmentCEIN
2207/03/2016?Ezaki Glico Co.Ezaki Glico Co. reveals that personal data on users of its online shopping site may have been compromised following unauthorized accesses. Up to 83,194 records of personal data may have been stolen, including 43,744 that contained credit card information, according to the firm.UnknownIndustry: Food manufacturingCCJP
2308/03/2016North KoreaSouth KoreaThe South Korean National Intelligence Service (NIS) claims that North Korea hacked the smartphones of senior South Korean government officials and stole call history, texts, and even voice calls. South Korean officials’ smartphones were attacked between the end of February and early March using texts to plant malicious codes.MalwareGovernmentCEKR
2408/03/2016China or Russia?Finland Foreign MinistryFinland foreign minister Erkki Tuomioja reveals to the media that foreign ministry computer network has been infiltrated by spies. The breach has apparently been going on for four years. Suspects are directed to Russia or China.Targeted AttackGovernmentCEFI
2508/03/2016?1-800 Flowers1-800 Flowers sends out data breach letters notifying customers that a hacker might have stolen their personal information.UnknownIndustry: RetailCCUS
2608/03/2016?hawkingtech.comAn unknown hacker hacks hawkingtech.com and dumps 12,548 records with usernamens and hashed passwords.UnknownIndustry: Home routersCCUS
2709/03/2016OnionDogCompanies and government agencies of Korean-speaking countriesChinese security researchers from cyber-security vendor Qihoo 360 reveals the details of a malicious actor named OnionDog that’s been targeting Korean-speaking countries since October 2013.Targeted AttackGovernmentCEKR
2809/03/2016?GreenshadesA breach in the website of Greenshades causes a spike of tax refund frauds.Account HijackingIndustry: Payroll ServicesCCUS
2910/03/2016?Bangladesh Central BankReuters reports that unknown hackers were able to breach the Bangladesh Bank’s systems and steal its credentials for payment transfers, using them to transfer money to entities in the Philippines and Sri Lanka. The hackers were able to get away with a bounty of about $80 million, but a spelling mistake helped prevent a further nearly $1 billion theft.Account HijackingFinanceCCBD
3010/03/2016?21st Century OncologyUS cancer clinic 21st Century Oncology admits that a breach on its systems may have exposed private information on 2.2 million patients and employees. The breach happened in November 2015 but the FBI asked 21st Century to hold off from disclosing the incident until a thorough investigation had been completed.UnknownHealthcareCCUS
3110/03/2016?Unnamed American Express third-party card processorAmerican Express warns some customers that their personal details may have been exposed due to a data breach of a third-party service provider.UnknownIndustry: Financial ServicesCCUS
3210/03/2016?Litecointalk ForumThe Litecointalk forum is hacked, and all users are forced to reset their passwords.UnknownForumCCUS
3310/03/2016SonnySpooksbuzzmachines.comSonnySpooks hacks buzzmachines.com and dumps nearly 37.000 usernames and passwords.SQLiOnline ServicesCCUS
3410/03/2016?virtualworldlets.netAn unknown hacker hacks virtualworldlets.net and dumps 13,421 usernames and clear text passwords. SQLiOnline ServicesCCUK
3511/03/2016?StaminusStaminus, a security company specialized in hosting and DDoS protection, is the victim of unknown hackers who breach their network, reset the routers to factory settings and dump customer data.UnknownIndustry: DDoS protectionCCUS
3611/03/2016?worldchess.comControversial website worldchess.com, broadcasting in exclusive the World Chess Candidates Tournament, is the target of a DDoS attack.DDoSEntertainmentCCUS
3711/03/2016?West Bloomfield School DistrictWest Bloomfield School District officials send an email to parents saying a security breach to their network exposed certain student information.UnknownEducationCCUS
3813/03/2016New World Hackers group (NWH)Official Websites of the Salt Lake City Police and AirportHackers from New World Hackers group (NWH) claim to have taken down the official website of Salt Lake City police, the airport, First Utah Bank and Downtown Alliance in a form of protest against the shooting of the teenager Abdi Mohamed.DDoSGovernmentHUS
3914/03/2016?Several high profile websites including The New York Times, the BBC, MSN, and AOLSeveral security vendors including Trend Micro and Malwarebytes reveal the details of a large scale malvertising campaign targeting high profile sites, including The New York Times, the BBC, MSN, and AOL. MalvertisingSingle IndividualsCC>1
4015/03/2016Metropolisallosambre.comMetropolis hacks allosambre.com and dumps 1,535 usernames and clear text passwords.SQLiOnline ServicesCCFR
4115/03/2016SuckflySeveral government and commercial organizationsSymantec reveals the details of Suckfly, a malicious actor based in China, whose attack modus operandi involves the use of stolen legitimate certificates to sign the malware used for their operations.Targeted Attack>1CE>1
4215/03/2016?Bayley’sOutdoor equipment retailer Bailey’s Inc. notifies its customers that an attacker may have stolen payment card information of 250,000 customers from the company website and that the length of the breach was longer than once thought (between Dec. 1, 2011 and Jan. 26, 2016).UnknownIndustry: RetailCCUS
4315/03/2016?Russian customers of a dozen of unnamed banksThe customers of dozens of banks in Russia are targeted by hackers pretending to be the security arm of the Russian Central Bank, FinCERT. Account HijackingSingle IndividualsCCRU
4415/03/2016?LAZ ParkingLAZ Parking reveals that tax and revenue information for about 14,000 employees may have been stolen by an “unknown individual.UnknownIndustry: ParkingCCUS
45Special Mention of the MonthThis month has seen a remarkable number of W-2 data breaches aimed to use the stolen identities to file fraudulent tax returns. Victims include: – Ameripride – Actifio – Endologix – DataXu – Billy Casper Golf – Care.com – Matric NAC and Matrix Service Company Applied Systems – SevOne – SalientCRGT – Mitchell International – WorkCare – Foss – PerkinElmer – Advance Auto Parts – Sequoia Union High School District Account Hijacking>1CCUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.