Last Updated on July 20, 2016

If you had any hope that the trail of mega breaches and mega hacks could end in June you will be disappointed, since this second half of the month has confirmed, if not worsened, the trend of the last period.

Unsurprisingly more and more records are on sale in the dark web. The list of this fortnight includes 154 million voter profiles on US citizens, 1.1 million users of Lookbook, a social fashion community, 9.2 million records siphoned from at least 3 healthcare databases and, last but not least, a mid-2014 copy of the controversial database World-Check containing details of 2.2 million individuals suspected of terrorism.

But even the trends of mega hacks continued, and the most noticeable cases concernt the DAO foundation (criminals made off with more than 3.6 million Ethereum, whose value is between $45 and $77 million given the consequent volatility of the value), yet another attack carried on via the SWIFT messaging system, stealing $10 million from an unnamed Ukrainian bank, according to an ISACA report, and a global password reset for “GoToMyPC” users amid a “sophisticated cyber attack”.

The list of the victims also include Google CEO Sundar Pichai and Brendan Iribe, CEO of virtual reality company Oculus, whose Twitter accounts have been hacked (but this time with limited damages except for the reputation of the owners), and the US Democratic Party, which had other internal documents leaked by Guccifer 2.0.

As usual, scroll down the timeline for the details of the events (and remember that the description has a hyperlink that jumps to the original source). And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
114/06/2016?Vermont Fish & Wildlife DepartmentThe Vermont Fish & Wildlife Department reports that data of those purchasing hunting or fishing licenses may have been compromised on two separate occasions (December 2015 and again in January 2016).UnknownGovernmentCCUS
215/06/20161×0123Fidelity National Information Services, Inc. (FIS Global)1×0123, the same hacker who previously claimed to have hacked PornHub, claims to have hacked the client portal of Fidelity National Information Services.Undisclosed VulnerabilityIndustry: FinanceCCUS
315/06/2016?Unnamed Chinese Gambling SiteIncapsula reveals the details of a 470 Gbps DDoS attack on an unnamed gambling website.DDoSIndustry: GamblingCCCN
415/06/2016?Multi-Color CorporationMulti-Color, a label solutions firm, reports that a break-in at a third party affiliate resulted in the compromise of Multi-Color employee personally identifiable information.UnknownIndustry: Label SolutionsCCUS
516/06/2016?Jordan’s Official News AgencyJordan’s official state news agency has claimed a hacker is responsible for breaching its computer system to insert false comments into a story describing how Saudi Arabia royalty funded 20% of Hillary Clinton’s presidential campaign.UnknownNewsCCJO
617/06/2016?The DAOUnknown attackers attack the DAO foundation and steal more than 3.6 million Ethereum (whose value is between $45 and $77 million)Cripto Currency VulnerabilityIndustry: Cryptocurrency SoftwareCCUS
717/06/2016ScarCruft>1Kaspersky Lab reveals the details of Operation Daybreak, a campaign carried on by an APT group called ScarCruft, and targeting victims in Russia, Nepal, South Korea, China, India, Kuwait and Romania.Targeted Attack>1CE>1
817/06/2016?Besa Hitman-for-Hire ServiceOnce again, bRpsd hacks the Dark Web portal of the Albanian mafia group called Besa, and dumps the data online and exposing their hitman-for-hire service.SQLiOnline ServicesCCAL
917/06/2016Union of HacktivistsEleven Media Group (EMG) Myanmar-language websiteThe Union of Hacktivists defaces the Eleven Media Group (EMG) Myanmar-language websiteDefacementNewsHMM
1019/06/2016?GoToMyPCGoToMyPC the remote access software service is hit by hackers conducting a “very sophisticated password attack”. The company initiates password resets for all users.Targeted AttackIndustry: SoftwareCCUS
1119/06/2016?Quebec Liberal Party (PLQ)The Quebec Liberal Party (PLQ) fixes a security issue in their video conferencing software that allowed an unknown hacker to spy on their meetings and even access the video camera.Undisclosed VulnerabilityOrg: Political PartyCCCA
1220/06/2016The United Cyber Caliphate77 U.S. and NATO air force facilities around the worldISIS Cyber Caliphate has collected information on 77 U.S. and NATO air force facilities around the world and is calling on supporters to attack them, according to South Korea’s intelligence agency. The terror group has also released information on individuals in 21 countries.UnknownMilitaryCWUS
1320/06/2016Lizard SquadBlizzard’s Battle.netBlizzard’s Battle.net experiences an outage, leaving players unable to log in to popular games such as Overwatch, Hearthstone and World of Warcraft due to an alleged DDoS attack. Notorious hacker group Lizard Squad has claimed responsibility for the latest disruption.DDoSIndustry: Video GamesCCUS
1420/06/2016Guccifer 2.0US Democratic PartyGuccifer 2.0, the hacker who previously hacked the Democratic National Committee, leaks 21 internal documents on Hillary Clinton.UnknownOrg: Political PartyCCUS
1520/06/2016?jkanime.netAn anime site popular in Mexico and South America is infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors.Malicious JS redirectionOnline StreamingCCMX
1620/06/2016?Single IndividualsResearchers from OpenDNS detect a phishing and typosquatting campaign aimed at stealing Bitcoin and blockchain wallet credentials.Account HijackingBitcoin WalletsCC>1
1721/06/2016nofawkX-alRomanian Football Federation (FRF)An Albanian hacker named nofawkX-al defaces the website of the Romanian Football Federation (FRF), two days after the Albanian football team defeated the Romanian football team at the 2016 European Football Championship.DefacementOrg: Sport (Football)HRO
1821/06/2016Guccifer 2.0US Democratic PartyGuccifer 2.0 leaks 260 additional internal documents on Hillary Clinton.UnknownOrg: Political PartyCCUS
1921/06/2016?CarboniteOnline backup service Carbonite forces users to pick new passwords in the wake of discovering that it was under a large-scale account takeover attack.Account HijackingIndustry: Online ServicesCCUS
2022/06/2016?University of Cambridge’s Cambridge Schools Classics Project (cambridgescp.com)Hackers hit the University of Cambridge’s Cambridge Schools Classics Project website, exposing the email addresses and cleartext passwords of over 1,500 students and employees. The University confirms the Bridge.UnknownEducationCCUK
2122/06/2016Anonymous LegionMinnesota Judicial Court (mncourts.gov)Anonymous Legion claims responsibility for taking down the Minnesota Judicial Branch’s website (mncourts.gov).DDoSGovernmentHUS
2223/06/2016ElSurveillance40 escort services websitesAs part of a campaign dubbed #EscortsOffline, ElSurveillance defaces nearly 40 websites that offer escort services and claims to be on the verge of leaking data on 100,000 registered users.DefacementEscort websitesH>1
2323/06/2016?Unnamed CompanyA database containing 154 million voter profiles on US citizens is exposed online.UnknownN/ACCUS
2423/06/2016?IRS.govThe IRS announces that it has removed its electronic filing PIN tool (e-File PIN), following “additional questionable activity.”Account HijackingGovernmentCCUS
2523/06/2016?Air IndiaIndia’s national airline, Air India, is the target of a hacking campaign exploiting members of the airline’s frequent-flyer program to make away with air miles.Account HijackingIndustry: AirlineCCIN
2623/06/2016Ghost Squad Hackers2,347 US Army personalsAs part of #OpSilence, Ghost Squad Hackers publish a file containing data of 2,437 US Army personals including names, emails, phone numbers, full addresses, credit card data.UnknownMilitaryHUS
2724/06/2016?Japanese BusinessesSecurity researchers discover a rare malware family in attacks that targeted numerous Japanese businesses showing a modus operandi similar to that adopted in actions against the Taiwanese government, in 2012.Targeted Attack>1CEJP
2825/06/2016?Unnamed Ukrainian BankAnother hacks carried on via the SWIFT messaging system: this time hackers have stolen $10 million from an unnamed Ukrainian bank, according to an ISACA report.Targeted AttackFinanceCCUA
2926/06/2016thedarkoverlordThree unnamed healthcare organizationsA hacker called thedarkoverlord advertises hundreds of thousands of alleged records from healthcare organizations on a dark web marketplace, including social security and insurance policy numbers.UnknownHealthcareCCUS
3026/06/2016Red Hell SofyanOiAn Algerian hacker called Red hell Sofyan defaces the official website of Oi telecom along with several of its subdomains.DefacementIndustry: TelcoHBR
3126/06/2016Nofawkx-al Kkuq e ziSouth Yorkshire PoliceTwo Albanian hackers deface the South Yorkshire Police website.DefacementLaw EnforcementHUK
3226/06/2016?lookbook.nuLogin data of Lookbook’s 1.1 million users is available on the darknet for sale.UnknownSocial networkCCUS
3327/06/2016OurMineTwitter account of Sundar Pichai, Google CEOGoogle CEO Sundar Pichai is the latest victim of the hacking group ‘OurMine’ after his Twitter-linked Quora account is temporarily compromised and filled with spam links.Account HijackingSingle IndividualCCUS
3427/06/2016?Deutsche TelekomDeutsche Telekom has warned its customers that it found account passwords for sale on the dark web.UnknownIndustry: TelcoCCDE
3527/06/2016TG-41271,800 targets with info interesting to Russian governmentResearchers at SecureWorks disclose the details of the Threat Group 4127, a state sponsored actor targeting 1,800 targets with info interesting to Russian government.Targeted Attack>1CE>1
3628/06/2016?World-Check DatabaseResearcher Chris Vickery reveals to have obtained a mid-2014 copy of the controversial database World-Check containing details of 2.2 million individuals suspected of terrorism.UnknownIndustry: MediaCCCA
3728/06/2016?Unnamed Jewelry ShopResearchers from Sucuri reveal the details of a massive DDoS attack against an unnamed Jewelery Shop carried on leveraging a network of 25,000 compromised CCTV boxes.DDoSIndustry: JewelryCCN/A
3828/06/2016?More than a dozen House Democrats’ official websitesMore than a dozen House Democrats’ official websites are taken down, after Democrats ended an overnight sit-in to press for a vote on gun control legislation.DDoSOrg: Political PartyCCUS
3928/06/2016thedarkoverlordMultiple Healthcare DatabasesHere we are again, this time thedarkoverlord claims to have broken into multiple healthcare databases across America and lists a fresh trove of 9.2m records on a Dark Web-based marketplace for 750 bitcoin (£368,000).Undisclosed VulnerabilityHealthcareCCUS
4028/06/2016?Noodles & CompanyNoodles & Company announces that malware infected its backend card processing system and maybe have compromised customer credit and debit card data collected between January 31, 2016 and June 2, 2016.MalwareIndustry: RestaurantCCUS
4129/06/2016@LidTwitter account of Brendan Iribe, CEO of virtual reality company OculusBrendan Iribe, CEO of Facebook-owned virtual reality company Oculus, is the latest victim of the trail of Twitter accounts hjiacks.Account HijackingSingle IndividualCCUS
4229/06/2016?Muslim MatchA niche dating website called Muslim Match has suffered a data breach exposing roughly 150,000 user accounts and more than half a million private messages.SQLiDatingCCUK
4329/06/2016?Hard Rock Hotel and Casino Las VegasThe Hard Rock Hotel and Casino Las Vegas notifies guests of “certain restaurant and retail outlets” located at its Las Vegas casino that hackers breached payments systems extracting credit card data.UnknownIndustry: Hotel and RestaurantCCUS
4429/06/2016?Washington County Community Development AgencyThe Washington County Community Development Agency warns that an unauthorized third party hacked into one of the agency’s servers earlier this month, potentially exposing certain community members and employees’ personal information.UnknownGovernmentCCUS
4530/06/2016Guccifer 2.0US Democratic PartyGuccifer 2.0 releases 25 new documents.UnknownOrg: Political PartyCCUS
4630/06/2016?Patterson Dental Supply IncA breach at Patterson Dental Supply Inc compromises the information of roughly 4,300 patients of the Massachusetts General Hospital.UnknownIndustry: Medical SuppliesCCUS
4730/06/2016?University of ReginaThree University of Regina computers are hacked. Names, student and employee numbers, as well as social insurance numbers, may have been accessed.UnknownEducationCCUS
4830/06/2016?crackingforum.comThe entire database of crackingforum.com (658.644 entries) is leaked on the darknet.UnknownForumCCN/A

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.