Last Updated on October 3, 2016

It’s time to review the main cyber attacks of the first two weeks of May, a fortnight that has seen quite a sustained level of activity and has been characterized by two trends: the discovery of several massive breaches, and a  wave of DDoS attacks carried on by hacktivist affiliated to the Anonymous collective and targeting several banks worldwide (codename: OpIcarus).

Regarding the first trend, there have been several noticeable events: a trove of passwords discovered in the dark web (a total of more than 300 million accounts spread in two different leaks and belonging to different services such as Google, Microsoft and mail.ru), and the alleged hack of two additional services (Fling.com, an adult site, and Neopets, a virtual pet community), compromising millions of accounts.

The hacktivist have quite “hacktive” as well (it reminded me the “good old days”). Despite their action has been limited to DDoS attacks, the list of the targets is quite long and includes, among the others, the Bank of Greece and the Bank of England.

Other interesting events include the release of the leak of UAE Investbank, and the discovery of a long-lasting campaign orchestrated by Iranian actors.

As usual, scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
102/05/2016?Alpha Payroll ServicesAlpha Payroll Services notifies that an employee has fallen victim of a phishing scam targeting clients’ 2015 employee W-2 information.Account HijackingIndustry: Payroll ServicesCCUS
202/05/2016?70 US military menA group claiming to be British hackers supporting the Islamic State (ISIS) publishes a ‘hit list’ of more than 70 US military men who have allegedly been involved in drone strikes against terrorists in Syria.UnknownMilitaryCWUS
302/05/2016IranIsraelResearchers from Palo Alto reveal the details of Infy, a new targeted attack campaign dating back nearly a decade and likely to have originated from Iran.Targeted Attack>1CEIL
402/05/20160x2Taylorremotestaff.com.au0x2Taylor hacks remotestaff.com.au and dumps 99,888 records with usernames and hashed passwords.SQLiIndustry: Job SearchCCAU
503/05/2016AnonymousBank of GreeceThe Anonymous Kick off OpIcarus and take down the Bank of GreeceDDoSFinanceHGR
603/05/2016?Union League ClubUnion League Club says it is working with the FBI to investigate a security breach involving guests’ credit card information. An employee accused to have installed malicious software is fired.MalwareSocial ClubCCUS
704/05/2016?KMOV, WBTVMalwarebytes reveals the details of a malvertising campaign targeting visitors to two TV stations (KMOV and WBTV) affiliated with the American CBS TV network.MalvertisingIndustry: BroadcastCEUS
805/05/2016?Several databasesThe discovery of a database containing the details of over 57 million people allegedly hacked by Russian hackers brings to light a massive breach occurred in 2015.Unknown>1CC>1
905/05/2016?Several databasesAnother massive breach discovered. A trove of 272.3 million accounts belonging to several services including mail.ru, Google, Microsoft is put on sold on the dark web.Unknown>1CC>1
1005/05/2016?EquifaxUnknown individuals access Equifax’s W2Express website and steal tax and salary data.UnknownIndustry: Financial ServicesCCUS
1105/05/2016?Bay Area Children’s AssociationBay Area Children’s Association reports that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider. MalwareOrg: Non-ProfitCCUS
1205/05/2016?NeopetsTens of millions of user accounts from virtual pets community Neopets are hacked and traded on the criminal underground.UnknownVirtual CommunityCCUS
1305/05/2016Phineas Phisher AKA Hack Back! AKA @GammaGroupPRN/AThe hacker behind the notorious attacks against Gamma Group and Hacking Team steals 10.000$ worth in Bitcoins from several victims and donates the money to a Kurdish anti capitalist group called Rojava Plan.UnknownN/AHN/A
1405/05/2016AnonymousCentral Bank of Cyprus (centralbank.gov.cy)OpIcarus continues and this time the hacktivists of the Anonymous collective take down the Central Bank of Cyprus (centralbank.gov.cy)DDoSFinanceHCY
1505/05/2016@TehBVMRedditA black hat hacker dubbed @TehBVM takes over random subreddits, removing moderators, and changing the subreddit’s CSS style, leaving a defacement message behind. DefacementSocial NetworkCCUS
1605/05/2016?Saint Agnes Medical Center2,800 employees of the Saint Agnes Medical Center are impacted by a possible identity theft after scammers got the W-2’s of everyone employed by the hospital.Account HijackingHealthcareCCUS
1706/05/2016?Nulled.IOThe Nulled.IO forum is compromised and its data consequently leaked, consisting of a 9.45GB SQL file.SQLiHacker ForumCCUS
1806/05/2016AnonymousBoris DobrodeevHacktivists from the Anonymous collective leak what could be the email inbox of Boris Dobrodeev, the former boss of Russian social network VK, previously known as VKontakte.UnknownSingle IndividualHRU
1906/05/2016?Fling.comA hacker called Peace claims to be selling tens of millions of user accounts for adult dating site Fling.com on the dark web, including information on sexual desires, preferences, and other personal details. The data allegedly belongs to a breach happened in 2011. UnknownAdult SiteCCUS
2006/05/2016BozkurtlarUAE InvestbankA 10GB file has been published online that purports to hold sensitive financial data on tens of thousands of customers belonging to UAE Investbank. A Turkish group dubbed Bozkurtlar claims responsibility for the attack.UnknownFinanceCCAE
2107/05/2016AnonymousSeveral Banks WorldwideOpIcarus continues and the Anonymous take down other banks across the world, including: The Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives, the Dutch Central Bank, the National Bank of Panama, the Central Bank of Kenya, the Central Bank of Mexico and the Central Bank of Bosnia and Herzegovina.DDoSFinanceHDO GG MV NL PA KE MX BA
220x2Taylorleoprinting.co.uk0x2Taylor hacks leoprinting.co.uk and dumps 14,958 transaction records with usernames and hashed passwords.SQLiIndustry: E-CommerceCCUK
2308/05/2016?51DegreesMobile device detection company 51Degrees reveals to have been hacked.UnknownIndustry: SoftwareCCUK
2409/05/2016?KiddicareBabycare retailer Kiddicare has warned customers that personal data consisting of 795,000 records shared with the store has been stolen by hackers.UnknownIndustry: RetailCCUK
2509/05/2016?UserVoiceUserVoice admits to have suffered a cyberattack in April which has exposed sensitive data belonging to a small subset of users with administrator or contributor status (0.001%).UnknownIndustry: SoftwareCCUS
2609/05/2016?PerezHilton.comCyphort Labs reveal the details of a malvertising campaign targeting PerezHilton.comMalvertisingBlogCCUS
2709/05/2016?Mayfield Brain & SpineMayfield Brain & Spine notifies its patients of a fake email containing malware sent to them. The incident affects a total of 23,341 patients.MalwareHealthcareCCUS
2809/05/2016Jimmydeways.comJimmy hacks deways.com and dumps 24,084 usernames and hashed passwords.SQLiIndustry: Car RentalCCFR
2910/05/2016Team Pak Cyber LionsUtkal University utkaluniversity.ac.inThe Utkal University portal is taken down after it is defaced.DefacementEducationHIN
3011/05/2016North KoreaHanjin Heavy IndustriesSouth Korea points the finger to North Korea after Hanjin Heavy Industries, a navy defence contractor. is hacked.Targeted AttackIndustry: DefenseCEKR
3111/05/2016Pawn StormGerman Christian Democratic UnionSecurity Researchers from Trend Micro reveal that Pawn Storm, one of the oldest APTs engaging in cyber espionage, is targeting members of the German Christian Democratic Union (CDU), the political party of German Chancellor Angela Merkel (and also other targets).Targeted AttackGovernmentCEDE
3211/05/2016?Medical Colleagues of TexasHackers breach the computer network of a doctors’ group in Katy, potentially accessing more than 60,000 medical records and personnel files.MalwareHealthcareCCUS
3312/05/2016shenfenzhengSeveral Chinese Communist Party Officials and Captains of IndustryPersonal information on dozens of Chinese Communist Party officials and captains of industry is exposed on Twitter from an account under the name “shenfenzheng”.UnknownSingle IndividualsCCCN
3412/05/2016?>4000 JournalistsMore than 4,000 journalists, accused by pro-Kiev activists of “collaborating with terrorists” for their reporting from war-torn eastern Ukraine, have their personal details leaked on a website called Mirotvorets (Pace Keeper).UnknownSingle IndividualsH>1
3512/05/2016?Unnamed Adult ForumAn unnamed porn forum is hacked and details of 100,000 members leakedSQLiAdult ForumCCN/A
3612/05/2016?Besa Hitman-for-Hire ServicebRpsd hacks the Dark Web portal of the Albanian mafia group called Besa, and dumps the data online and exposing their hitman-for-hire service. SQLiOnline ServicesCCAL
3713/05/2016?Tien Phong BankSWIFT confirms a new attack in which attackers managed to illegally transfer funds from a member bank by using its system. Further details, including the bank name are revealed two days after.Targeted AttackFinanceCCN/A
3813/05/2016AnonymousBank of EnglandIn name of OpIcarus, the Anonymous claim to have taken down the internal email server of the Bank of EnglandUnknownFinanceHUK
3913/05/2016New World HackersUniversity of LimpopoNew World Hackers (NWH), one of the hacking crews participating in the Anonymous #OpAfrica campaign, leak data obtained after hacking and then defacing the website of the University of Limpopo from the town of Polokwane, South Africa. SQLiEducationHZA
4013/05/2016Anonymous BannedOffline Ghost SquadCentral Bank of Jordan Central bank of South Korea Bank of Compagnie Monegasque Central Bank of MontenegroAnother round of OpIcarus. This time the targets are: Central Bank of Jordan, Central bank of South Korea, Bank of Compagnie Monegasque, Central Bank of Montenegro. DDoSFinanceHJO KR FR ME
4113/05/2016?AventionAvention, investigate data breaches affecting personal information of its employees.Account HijackingIndustry: SoftwareCCUS
4213/05/2016SonnySpooksfijilive.comSonnySpooks hacks fijilive.com and dumps 91,460 usernames and hashed passwords.SQLiNewsCCFJ
4314/05/2016BozkurtlarDutch Bangla Bank City Bank Trust Bank Business Universal Development Bank Sanima Bank Commercial Bank of CeylonThe Turkish hacker group Bozkurtlar leaks data allegedly belonging to six international banks: the Dutch Bangla Bank (Bangladesh), The City Bank (Bangladesh), Trust Bank (Bangladesh), Business Universal Development Bank (Nepal) and Sanima Bank (Nepal), and then for the Commercial Bank of Ceylon (Sri Lanka). SQLiFinanceCCBD NP LK
4414/05/2016Anonymousncgov.org ncgov.net ncgov.com np.nc.gov governor.state.nc.us northcarolina.govIn name of #OpLGBT, the Anonymous take down a number of government websites in North Carolina.DDoSGovernmentHUS
4514/05/20161×0123Pornhub[.]comFew days after kicking off its bug bounty problem, Pornhub is hacked by an underground researcher who claims to sell the access to a command execution shell for $1000.Undisclosed VulnerabilityAdult SiteCCUS
4614/05/2016?Hi-Tec SportsHi-Tec Sports notifies customers about a compromise affecting its online ordering system and payment card data.MalwareIndustry: SportswearCCNL
4715/05/2016GhostShellSeveral TargetsGhostShell, is back with a new leak as part of his new campaign called Light Hacktivism. His new leak after a few months of silence involves a list of 32 websites from where the hacker has taken readily available data containing sensitive information. Misconfigured FTP Server>1H>1
4815/05/2016?GatecoinHong Kong-based Bitcoin and Ethereum exchange service Gatecoin announces the theft of a large amount of cryptocurrency following what they believe was a server intrusion. The company says it lost 250 Bitcoin ($114,500) and 185,000 Ethereum ($1,850,000), totaling over $2,000,000. UnknownBitcoin ExchangeCCHK
4915/05/2016AnonymousBank of France Central bank of the United Arab Emirates Central Bank of Tunisia Central Bank of Trinidad and Tobago Philippine National BankOther targets taken down in name of OpIcarusDDoSFinanceHFR AE TN TT PH

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.