Last Updated on April 11, 2016

Let’s go with the second part of the March Cyber Attacks Timeline (first part here), covering the main cyber attacks occurred between March 16 and 31.

1.5 million: this is the number of customer records stolen from Verizon Enterprise Solutions, and put published on an underground forum, in which can be considered the most important event of this fortnight. This event has shadowed another massive breach, in Japan, where the local police has discovered over 18 million user credentials hosted on a server of a local Japanese company, which allowed Chinese hackers to use its infrastructure for their attacks. Last but not least, this two weeks have also seen an unusual number of malvertising events with several high-profile victims.

The Anonymous were also quite active: most of all in the Philippines where hacktivists affiliated with the movement have dumped the entire populations of voters, consisting in 55 million records. Other minor operations hit Canada (a mining company), Kenya (a refinery), and Angola (28 government websites).

Last but not least, the Cyber War between India and Pakistan seems to be far from a conclusion. These two weeks have reported two operations carried on by Pakistan against India, one of which is quite particular: a malicious app uploaded in the Google Play Store, immediately become quite popular among the Indian Army, which allowed the Pakistani to snoop on the enemy’s conversations.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
115/03/2016PakistanIndiaGoogle removes the malicious SmeshApp from its play store, after an investigation by CNN-IBN, an Indian TV station, reveals that Pakistan was using it to snoop on Indian military personnel.Mobile MalwareMilitaryCEIN
216/03/2016NSHCSwiss People’s Party (SVP)A group of hackers dubbed NSHC claims to have hacked the database of Switzerland’s largest political party, the conservative Swiss People’s Party (SVP) and stolen the personal data of over 50,000 people, including the names and email addresses of SVP supporters.UnknownOrg: Political PartyCCCH
316/03/2016NSHCSeveral websites including the Swiss Federal Railways (SBB) and a number of retailers, including electronic retailer InterDiscountThe same group that hacked the SVP, takes down several swiss websites including the Swiss Federal Railways (SBB) and a number of retailers, including electronic retailer InterDiscount.DDoSTransportation Industry: RetailCCCH
417/03/2016?Lakes Region Scholarship FoundationLakes Region Scholarship Foundation notifies past applicants that their names, addresses and Social Security numbers may have been stolen by hackers.UnknownOrg: EducationCCUS
517/03/2016?River Cree CasinoThe River Cree casino says it was the victim of a “cyberattack” that resulted in the theft of customer and employee information.UnknownIndustry: Hotel and HospitalityCCUS
618/03/2016? (USA Cycling)In an email sent out to its over 62,000 members, USA Cycling, the official US cycling organization, warns to have suffered a “data security incident” that may have exposed members’ names, mailing addresses, email addresses, dates of birth, emergency contact details, and passwords.UnknownOrg: SportCCUS
718/03/2016KarmaSecvisit-jy.comHacktivists from KarmaSec hack the server of Japan’s Yamaguchi Prefecture Tourism Promotion Division ( and leak a trove of data protesting in support of animal rights and brutality in the country.UnknownIndustry: TourismHJP
818/03/2016SadClownsSeveral High Profiles including FOX News, BusinessInsiderProofpoint reveals how the malvertising campaign detected at the beginning of March has evolved. The malicious actors behind the campaign are dubbed “SadClowns”.Malvertising>1CC>1
918/03/2016BitQuickBitQuick announces to shut down its server following an attack that gave the attacker unauthorized administrative access. However, all funds, IDs and emails remain secured.UnknownBitcoin ExchangeCCUS
1019/03/2016?Several News Outlets in SwedenSeveral news outlets in sweden are taken down by a large-scale DDoS attack. The list of the victims include: Dagens Nyheter, Expression, Svenska Dagbladet, Aftonbladet, Sydsvenskan, Helsingborgs Dagblad, Dagens Industri.DDoSNewsCCSE
1119/03/2016?naira4dollar.comNaira4dollar, a Nigerian e-currency exchange website, is the target of unknown hackers who are able to steal $15,000 worth of Bitcoins.Account HijackingBitcoin ExchangeCCNG
1220/03/2016?EC-Council ( website of EC-Council, the professional organization that administers the Certified Ethical Hacker program, is compromised to redirect the visitors to an Angler Exploit Kit landing page, where the infamous Teslacrypt ransomware is injected.Malicious PHP injection via WordPress VulnerabilityOrg: Security ProfessionalsCCUS
1320/03/2016?Harry Styles and Kendall JennerOne Direction singer Harry Styles and his alleged girlfriend Kendall Jenner have their personal photos leaked online after iCloud account hack. Account HijackingSingle IndividualsCCUK
1420/03/2016AnonymousCorruptnasa.govAnonymousCorrupt, a group of hacktivists linked to the Anonymous claim to have taken down the website.DDoSGovernmentHUS
1521/03/2016?Norfolk General HospitalTHe website of the Norfolk General Hospital is hacked to spread malware to its visitors.Joomla VulnerabilityHealthcareCCCA
1621/03/2016?Concordia UniversityConcordia University warns the community about a possible computer security breach.MalwareEducationCCCA
1722/03/2016?Kemuri Water Company (fantasy name for a water utility)The latest Verizon Data Breach Report reveals the details of an attack against a water utility company, in which the attackers were able to infiltrate the water utility’s control system and change the levels of chemicals being used to treat tap water.SQLi/PhishingUtilityHN/A
1822/03/2016?Pivotal SoftwarePivotal Software notifies the California Department of Justice Office of the Attorney General to have been hit with a W-2 phishing scam where an unknown number of the company’s employees had their tax data compromised.Account HijackingIndustry: SoftwareCCUS
1922/03/2016?Kentucky State UniversityKentucky State University is the victim of a BEC scam: an employee, responding to an email supposedly from the school’s president, sends off the 2015 W-2s for about 1000 employees and students.Account HijackingEducationCCUS
2022/03/2016?Chinese UsersFireEye reveals the details of a malvertising campaign, targeting Chinese users, employing the Baidu advertising platform, and abusing one of its ad APIs to push malware.MalvertisingSeveral IndividualsCCCN
2123/03/2016?Sprouts Farmers MarketSprouts Farmers Market falls victim to a W-2 phishing scam, with the company admitting an employee sent off the tax data for all its workers to an unknown person.Account HijackingIndustry: GroceryCCUS
2223/03/2016?Ryman Hospitality PropertiesRyman Hospitality Properties falls victim to a fraudulent phishing scam that resulted in employees’ IRS W-2 information, which includes Social Security numbers, being disclosed externally.Account HijackingIndustry: Hotel and HospitalityCCUS
2324/03/2016?Verizon Enterprise SolutionsThe contact information on some 1.5 million customers of Verizon Enterprise is published on an underground forum. THe company confirms to have recently discovered and remediated a security vulnerability on its enterprise client portal.Mongo DB VulnerabilityIndustry: TelcoCCIT
2424/03/2016PakistanIndiaTrend Micro release the details of Operation C-Major, a Pakistan-Linked Cyber-Espionage Campaign Against Indian military employees.Targeted AttackMilitaryCEIN
2524/03/ posts online the personal information of roughly 250 Norfolk Admirals hockey team customers.SQLiSportCCUS
2624/03/2016? vnulletin.orgAdministrators of the vBulletin forums start a site-wide password reset operation after an unknown attacker gained access to one of their servers.UnknownIndustry: SoftwareCCUS
2724/03/2016?jasacare.orgJASACare reports to have been attacked by hackers who managed to gain access to its email system. As a consequence of the breach of an employee’s email account, patient and employee data could have been potentially compromised.Account HijackingOrg: Home CareCCUS
2825/03/2016? reveals the details of a malvertising campaign, distributing the infamous Angler Exploit Kit, and targeting
2925/03/2016?OpSec SecurityOpSec Security joins the list of the companies victim of email scams, as a consequence the 2015 W-2 tax forms for current and former employees are compromised.Account HijackingIndustry: Anti-CounterfeitingCCUS
3025/03/2016?Tidewater Community CollegeTidewater Community College reports that the tax information of all those employed at the school in 2015 (3000 employees) is taken in a spear phishing scam.Account HijackingEducationCCUS
3125/03/2016?Mercy Iowa City and Mercy ClinicMercy Iowa City and Mercy Clinic notify patients that a malware discovered on their systems could have compromised the identities of 15,000 users.MalwareHealthcareCCUS
3226/03/2016ChinaJapanTokyo police announces the discovery of over 18 million user credentials on a server of Nicchu Shinsei Corp., a local company that complicitly allowed Chinese hackers to use it in their attacks.UnknownSingle IndividualsCCJP
3327/03/2016Anonymous Philippines LulzSec PhilippinesCOMELEC ( database of the Philippine Commission on Elections (COMELEC) is breached and the personal information of 55 million voters potentially exposed in two consecutive attacks.UnknownGovernmentHPH
3427/03/2016?SportPursuit website SportPursuit is hit by hackers over the Easter weekend, potentially losing customers’ bank card details.UnknownIndustry: E-CommerceCCIE
3527/03/2016AnonymousBCGold Corp.As part of its #OpCanary operation against multinational corporations, the Anonymous deface the homepage of BCGold Corp., a Canadian-based company focused primarily on gold and copper mining.DefacementIndustry: MiningHCA
3628/03/2016Andrew “Weev” AuernheimerSeveral Universities including Princeton University, University of California-Berkeley, University of Massachusetts-Amherst, Brown University, Smith College, and Mount Holyoke CollegeAndrew “Weev” Auernheimer sends out a massive racist print job on the networks of several US UniversitiesUnauthorized AccessEducationCCUS
3729/03/2016? livejournal.comMalwarebytes reveals the details of a malvertising campaign, distributing the infamous Angler Exploit Kit, and targeting and, two famous social network sites visited by respectively 110M and 140M visitors per month.MalvertisingSocial NetworkCWUS
3829/03/2016?Cravath Swaine & Moore LLP Weil Gotshal & Manges LLPFBI investigates the breaches at two know law firms Cravath Swaine & Moore LLP, and Weil Gotshal & Manges LLP, and issues a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting international law firm information used to facilitate business ventures.Targeted AttackLaw FirmsCCUS
3929/03/2016BudminerSeveral Entities in TaiwanSymantec reveals the details of Backdoor.Dripion, a cyber espionage campaign attribute to a threat actor known as Budminer, targeting entities in Taiwan.Targeted AttackN/ACETW
4029/03/2016AnonymousKenya Petroleum Refineries LimitedAs part of their #OpAfrica, the Anonymous deface (rickroll) the website of Kenya Petroleum Refineries Limited. DefacementIndustry: Oil and EnergyHKE
4129/03/2016Anonymous Portugal28 Angolan Government WebsitesIn name of #OpLusofonia, the Portuguese branch of the Anonymous defaces 28 Angolan Government Websites in retaliation for the recent sentencing of 17 activists.DefacementGovernmentHAO
4229/03/2016?Several Hacked WebsitesSucuri reveals the details of a new black hat SEO campaign that leverages a combination of hacked websites, backdoors, doorway scripts, and SEO poisoning to redirect users to pornographic sites.>1>1CC>1
4330/03/2016?Coinkite Inc.After a sustained wave of DDoS attacks, the Bitcoin startup Coinkite Inc. officially announces the shutdown of its secure wallet service.DDoSBitcoin ExchangeCCUS
4431/03/2016TheNeoBossteamskeet[.]comA hacker called TheNeoBoss hacks teamskeet[.]com and advertises on the dark web the database supposedly containing email addresses, plain text passwords, names, and physical and IP addresses for over 237,000 users of the site, as well as the broader porn network, Paper Street Media (PSM). SQLiAdult SiteCCUS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.