Last Updated on June 14, 2016

It’s time to publish the second part of the Cyber Attacks timeline of May (Part I here), covering the main events between 16 and 31 May 2016.

Two more weeks, two more megabreaches: the total of account siphoned from Tumblr and MySpace exceeds 300 million setting a new unwelcome record. But that was not the only remarkable event for this fortnight, which also revealed the real extent of the SWIFT hack, involving 12 additional banks.

The hacktivists were also quite active in this period: the Anonymous added other targets to their OpIcarus, and also leaked 2 Gb of data from 33 Turkish hospitals. Phineas Phisher, the infamous hacktivist behind the attacks to Hacking Team and Gamma International was back, leaking the details of several cops from the Catalan Police Union (and posting a tutorial on YouTube).

Last but not least, this period also registered several Cyber Espionage operations, such as the attack against RUAG, a Swiss defense contractor (probably orchestrated from Russia) and the operations Stealth Falcon (against Emirati journalists, activists and dissidents) and OilRig (against Saudi Arabian financial institutions and technology organizations).

As usual, scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
105/05/2016Russia?RUAGThe identities of members of an elite Swiss special forces army unit have been revealed in a hack of the RUAG defence contractor Targeted AttackIndustry: Defence ContractorCECH
216/05/2016?Commercial Bank of CeylonThe Sri Lanka-based Commercial Bank of Ceylon releases a statement admitting that a “hacking attack” on its website resulted in a successful intrusion. However, no customer data has been compromised.UnknownFinanceCCLK
317/05/2016?Several WebsitesCyphort Labs unveil the details of a new Angler Campaign targeting 19 Websites, including UltraVNC.JS injection>1CC>1
418/05/2016?Phishing Government WebsitesNetcraft reveals a banking phishing campaign targeting customers of Wells Fargo, Google, and AOL and exploited using Bangladesh Government websites.Account HijackingSingle IndividualsCCBD
518/05/2016?Anti Ukraine Government SeparatistsResearchers from ESET unveil the details of another cyberespionage operation in Ukraine: Operation Groundbait targeting anti-governative separatists.Targeted AttackSingle IndividualsCEUA
618/05/2016?San Juan CountySan Juan County reports that the information of patients in the county’s DWI treatment program may have been compromised after an attacker gained remote access to one of its computersUnknownGovernmentCCUS
718/05/2016Anonymous33 Turkish HospitalsHacker(s) claiming to be part of Anonymous post online a link pointing to a 2GB archive containing personal records stolen from 33 Turkish hospitals. SQLiHealthcareHTR
818/05/2016?Complete Chiropractic & Bodywork TherapiesComplete Chiropractic & Bodywork Therapies notifies 4,082 patients after discovering that malware had been injected into their system in November, 2015.MalwareHealthcareCCUS
918/05/2016?The Sydney Morning Herald The Age Digital EditionsTwo Australian-based news websites, belonging to Fairfax Media, The Sydney Morning Herald and The Age Digital Editions, have been hacked and as a result, over 13,000 email subscriber accounts have been leaked online.SQLiNewsCCAU
1019/05/2016?Noodles & CompanyNoodles & Company says it has hired outside investigators to probe reports of a credit card breach at some locations.PoS MalwareIndustry: RestaurantCCUS
1120/05/2016North Korea?Bank in EcuadorHere’s the third victim of the SWIFT hack: bank in Ecuador was also the victim of a similar attack in 2015 which saw cybercriminals stealing around $9m.Targeted AttackFinanceCCEC
1220/05/2016?Fur AffinityFur Affinity, a community people with an interest in anthropomorphic animal characters such as wolves and foxes is hacked and the hackers may have run off with email addresses and hashed passwords. ImageMagick VulnerabilityForumCCUS
1320/05/2016?Ubiquity NetworksUbiquity Networks reveals that an exploit which can lead to completely hijacked network devices is being used in fresh campaigns against its devices.MalwareIndustry: NetworkingCCUS
1420/05/2016Phineas FisherSindicat de Mossos d’EsquadraPhineas Fisher, the hacker behind the Gamma International and Hacking Team breaches hacks the Sindicat de Mossos d’Esquadra (the Catalan police union), published personal information about police officers (including their badge numbers), and hijack their Twitter account.SQLiLaw EnforcementHES
1521/05/2016?majorgeeks.com270,000 reccords from majorgeeks.com appear in the dark web.UnknownOnline ServicesCCUS
1622/05/2016bRpsdchilisuae.combRpsd hacks chilisuae.com and dumps 5,584 records.UnknownIndustry: RestaurantCCAE
1722/05/2016Azmethburgerking.com.arAzmeth hacks burgerking.com.au and dumps 4,833 records with usernames and hashed passwords.SQLiIndustry: RestaurantCCAR
1822/05/2016?hortinews.co.ke42,000+ usernames and passwords appear in the dark web.UnknownNewsCCKE
1923/05/2016?Stamford Podiatry GroupStamford Podiatry Group notifies patients that medical and personal information of 40,000 individuals was compromised in a recent security incident. UnknownHealthcareCCUS
2023/05/2016Amar^SHGMétéo France (meteofrance.com)A hacker who goes by the nickname of Amar^SHG (formerly Kuroi’SH) defaces France’s most visited weather portal, Météo France. DefacementOnline ServicesHFR
2123/05/2016Ke3changMultiple Embassies Around the WorldFireEye reveals the details of a cyber-espionage group tied to China and called Ke3chang targeting multiple embassies around the world. Targeted AttackGovernmentCE>1
2223/05/2016?raas.com.auAn anonymous hacker hacks raas.com.au and dumps 3,456 records with usernames and hashed passwords.SQLiReal EstateCCAU
2324/05/2016Attackers from three countries including Saudi ArabiaStatistical Centre of IranThe Statistical Centre of Iran is targeted by unknown attackers. Iran tracks the origin of the attack from three Arab countries including Saudi Arabia.UnknownGovernmentCEIR
2424/05/2016?hypergen.chAn unknown hacker hacks hypergen.ch and dumps 22,000 accounts.UnknownOnline ServicesCCCH
2525/05/2016?NS1Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provide.DDoSIndustry: Internet ServicesCCUS
2625/05/2016?Twitter accounts of over 2,500 individualsTwitter accounts of over 2,500 users, including accounts that have a large number of followers, are hacked in the span of two weeks. The hacked accounts appear to have been replaced by pornbots that weet sexual content and post links to adult dating websites.Account HijackingSingle IndividualsCC>1
2726/05/2016?scrum.orgScrum.org, the Scrum certification and training site contacts users to warn them of a security breach.Undisclosed VulnerabilityOnline ServicesCCUS
2827/05/2016[email protected]MySpaceA hacker hiding behind the email address [email protected] publishes a database containing 360 million records belonging to MySpace. The database is the alleged result of a breach occurred in 2013.UnknownSocial NetworkCCUS
2927/05/2016?12 more banksThe investigation into the attempted $1 billion electronic heist at the Central Bank of Bangladesh expands to as many as 12 more banks that all use the SWIFT payment network.Targeted AttackFinanceCC>1
3027/05/2016?RedditA surge in account hijacking and takeovers forces Reddit to reset 100,000 passwords.Account HijackingSocial NetworkCCUS
3127/05/2016?Southeast Eye InstituteThe Southeast Eye Institute reports a possible data breach after an unauthorized individual gained access to data of 87,000 patients via a third party affiliate.   UnknownHealthcareCCUS
3227/05/2016?FiverrFiverr suffers Six-Hour DDoS Attack After Removing DDoS-for-Hire Listings. DDoSOnline MarketplaceCCIL
3327/05/2016SonnySpookspaypalsucks.comSonnySpooks hacks paypalsucks.com and dumps 82,169 records with usernames and hashed passwords.UnknownOnline ServicesCCUS
3428/05/2016Tiger MateZameen.comA Bangladeshi hacker going with the handle of Tiger Mate hacks and defaces one of Pakistan’s largest real estate websites Zameen.com. The hacker has also leaks the site’s entire database online. DefacementReal EstateCCPK
3529/05/2016Stealth FalconEmirati Journalists, Activists and DissidentsThe University of Toronto reveals the details of a cyber-espionage group codenamed Stealth Falcon, using a combination of home-cooked malware and social engineering tactics to spy on Emirati journalists, activists, and dissidents. Targeted AttackSingle IndividualsCEAE
3629/05/2016OilRigSaudi Arabian financial institutions and technology organizationsResearchers from Palo Alto Networks reveal the details of a cyber-espionage campaign named OilRig, targeting Saudi Arabian financial institutions and technology organizations. Account HijackingFinance Industry: TechnologyCESA
3729/05/2016?Transport for NSWTransport for NSW says it is investigating a “compromise” of the TrainLink website’s reservations system, which is since then shut down. The company states that no personal data or credit card has been compromised.UnknownTransportCCAU
3830/05/2016PeaceTumblr65 million passwords of Tumblr are on sell on the underground. The company admitted to have suffered a breach on May 12.UnknownSocial NetworkCCUS
3930/05/2016@[email protected]Katy Perry’s Twitter Account (@katyperry)Katy Perry’s Twitter account is taken over by a hacker dubbed @[email protected], sending out a series of bizarre Tweets to the pop star’s 89 million-plus followers.Account HijackingSingle IndividualCCUS
4030/05/2016World Hacker Team (WHT)National Oil Corporation of KenyaWorld Hacker team hacks the National Oil Corporation of Kenya and posted a link online containing the database dump. SQLiIndustry: EnergyHKE
4131/05/2016@FkPoliceAnonOpsSpanish Police Department@FkPoliceAnonOps hacks the Spanish Police Department and leaks personal details of 5,000 Spanish police officers online.SQLiLaw EnforcementHES
4231/05/2016MitM3Rumoveindia.comMitM3R hacks umoveindia.com and dumps 18,416 records with usernames and hashed passwords.UnknownReal EstateCCIN
4313-19/05/2016Anonymous18 banks including, Bank of Scotland, Bank of France, five US Federal Reserve branchesSpecial Mention of the month: In name of OpIcarus, Anonymous affiliated hackers have continued their DDoS campaign on international financial institutions. The hacktivist collective attacked 18 banks between 13 and 19 May. Apart from the New York stock exchange, Bank of Scotland, Bank of France, five US Federal Reserve branches, among others were targeted by the collective.DDoSFinanceH>1

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.