Last Updated on August 12, 2016

Let’s close the timeline of July with the second part of the Cyber Attacks Timeline (Part I here).

There are several macro events that characterized this fortnight: we could simply start from the trail of hacks against the US Democratic Party (4 only in these two weeks). And if this is not enough, these two weeks also featured multiple cyber attacks carried on in the wake of the foiled coup in Turkey (outside the nation such as the DDoS  attacks against Wikileaks and RT.com, but also inside the nation since Wikileaks was crippled while leaking  295,000 emails allegedly hacked from AKP the Turkey ruling party, by an old acquaintance like Phineas Fisher).

And obviously the invasion of Pokemon GO is a massive phenomenon. So massive to attract the unwelcome attentions of the OurMine and PoodleCorp crews, who purportedly took down the server infrastructure in two distint attacks.

The OurMine collective was also involved in other primary Twitter accounts hijacks (Shuhei Yoshida, the president of worldwide studios at Sony, and, John Hanke, the CEO of Niantic, the studio that developed Pokemon GO), but also belonging to Sarah Silverman’s account was hacked in the same period.

And, last but not least, other massive breaches were reported, targeting Interpark, a South Korean E-Commerce Company (10.1 million users affected), and two video games: the forum of Clash of Kings (1.6 million) and Warframe (775,000 users affected).

Even hactivists were quite active (Donald Trump is always a compelling target, in any case scroll down the timeline for the details of the events, and if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Additionally, if you want, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
114/07/2016Unknown Agency in India (Airtel?)CloudflareAn unknown agency in India mysteriously hijacks the traffic of local users directed to several websites including The Pirate Bay.UnknownIndustry: Internet ServiceCCIN
215/07/2016MonsSeveral Pro-ISIS WebsitesAn unknown attacker going by the handle of Mons, takes down several Pro-ISIS websites.DDoSOrg: TerrorismHN/A
316/07/2016?RT.comRT.com is target of a sustained DDoS attack during the coverage of the attempted coup in Turkey.DDoSNewsCWRU
416/07/2016AnonKeyGenThe Websites of the cities of Loon and PanglaoHackers claiming to be Chinese deface the official government portals for two local government units (LGUs) from the Philippines: the cities of Loon and Panglao. The defacements come just days after the Permanent Court of Arbitration at The Hague ruled in favour of the Philippines over the South China Sea dispute.DefacementGovernmentCWPH
517/07/2016?Library of Congress (loc.gov)The Library of Congress is the target of a 4 days DDoS attack.DDoSGovernmentCCUS
617/07/2016PoodleCorpPokemon GO ServersPoodleCorp hackers claim to have taken down the Pokemon GO Servers.DDoSIndustry: Video GamesCCJP
718/07/2016OurMinePokemon GO ServersThis time OurMine hackers claim to have taken down the Pokemon GO servers.DDoSIndustry: Video GamesCCJP
818/07/2016AnonKeyGenPhilippines Commision On Audit (COA)The same alleged Chinese hackers deface the official portal of the Commission On Audit.DefacementGovernmentCWPH
918/07/2016?Road SignAnother example of road sign hacking: someone hacks into the electronic sign in a Cobb County neighborhood (Georgia) and hacks it with anti-police messages.DefacementRoad SignCCUS
1019/07/2016Phineas Fisher?AKP (Turkey’s ruling political party).WikiLeaks publishes what it’s calling the Erdoğan Emails, a searchable collection of 294,548 emails it says are leaked from the AKP, Turkey’s ruling political party.UnknownOrg: Political PartyHTR
1119/07/2016?WikileaksWikiLeaks suffers a sustained DDoS attack after announcing mega leak of Turkey government documents.DDoSOrg: Non-ProfitCCINT
1219/07/2016?Several websites of major businessesInvincea discovers a major campaign hijacking high profile websites, through the SoakSoak botnet, to deliver the CryptXXX ransomware.Malicious Code Injection>1CC>1
1319/07/2016UndetectedAlpine County Superior Court (alpine.courts.ca.gov)A hacker going by the online handle of “Undetected” defaces the official website of Alpine County Superior Court (alpine.courts.ca.gov) posting a message against Donald Trump.DefacementGovernmentHUS
1420/07/2016Guccifer 2.0US Democratic PartyGuccifer 2.0, the hacker suspected of breaching the US Democratic National Committee releases another trove of internal documents containing financial documents, staff lists, donor records and memos marked as ‘private and confidential’.Targeted AttackOrg: Political PartyCEUS
1520/07/2016OurMineMinecraft AccountOurMine hackers claim to have gained access to any account linked to the wildly popular world-building video game Minecraft.Account HijackingIndustry: Video GamesCCUS
1620/07/2016OurMineShuhei Yoshida’s Twitter account (@yosp)OurMine hackers claim to have hijacked the Twitter Account of Shuhei Yoshida, the president of worldwide studios at Sony.Account HijackingIndustry: EntertainmentCCJP
1720/07/2016?WarframeUser details of 775,000 Warframe users are leaked and sold in the dark web. The breach occurred in November 2014.SQLi via Drupal vulnerabilityIndustry: Video GamesCCUS
1820/07/2016?Beggars GroupBeggars Group, home of independent music labels 4AD, Matador, Rough Trade Records, XL Recordings and Young Turks, warns US customers of a data breach. People who purchased any products from the websites for the aforementioned labels between 28 April 2015 and 4 May 2016 may have been victims of the data breachUnknownIndustry: EntertainmentCCUK
1920/07/2016?Several E-Commerce WebsitesSucuri reveals a new phishing technique that aims to compromise legitimate retail sites through their e-commerce solutions, by adding a short, malicious JavaScript snippet to the code that runs checkout pages.Malicious Code InjectionSingle IndividualsCC>1
2020/07/2016Anonymous BrasilRio Court (tjrj.jus.br)Anonymous Brasil, the Brazil branch of the Anonymous hacker collective launches a DDoS attack against the website (tjrj.jus.br) of the Rio court that banned WhatsApp usage across the country.DDoSGovernmentHBR
2121/07/2016?News 9 (News9.com)Oklahoma’s News 9 website is the victim of a malvertising attack which lasted at least a week.MalvertisingNewsCCUS
2222/07/2016?Democratic National Committee (DNC)Wikileaks releases nearly 20,000 emails sent out by senior officials of the Democratic National Committee (DNC).UnknownOrg: Political PartyHUS
2322/07/2016North Korea?InterparkInterpark becomes aware that its systems have been infiltrated and that names, addresses and phone numbers of roughly 10.3 million customers have been stolen two months earlier. The authors of the attack come allegedly from North Korea.Targeted AttackIndustry: E-CommerceCCKR
2422/07/2016?Clash of Kings ForumAn unknown hacker hacks the official forum for popular mobile game “Clash of Kings,” and makes off with close to 1.6 million accounts. The hack was carried out on July 14vBulletin VulnerabilityOnline ForumCCUS
2522/07/2016AnonymousIzmir GazIn name of #OpTurkey, an unknown member of the Anonymous hacker collective dumps a database online, claiming to belong to Izmir Gaz, a Turkish energy and natural gas provider.UnknownIndustry: Energy and GasHTR
2622/07/2016?Illinois State Board of Elections Online Voter Registration PortalThe Illinois State Board of Elections reveals a hack on its online voter registration portal. The hack happened on July, the 12th.UnknownGovernmentCCUS
2722/07/2016?Laser & Dermatologic Surgery CenterLaser & Dermatologic Surgery Center notifies 31,000 users of a possible compromise of their personal information.MalwareHealthcareCCUS
2823/07/2016?Several ISPs in MumbaiSeveral Internet Service Providers in Mumbai are the targets of an unprecedented waves of DDoS attacks.DDoSIndustry: TelcoCCIN
2924/07/2016Ali David SonbolySelina Akim’s Facebook AccountReports surface that Ali David Sonboly, the eighteen-year-old teenager who opened fire inside a McDonald’s restaurant at the Olympia Mall in Munich, Germany, used a hacked Facebook account to lure victims to the restaurant.Account HijackingSingle IndividualCCDE
3025/07/2016?GunMag WarehouseReports surface of a possible data breach at the magazine clearing house GunMag Warehouse.Undisclosed Vulnerability in the e-commerce platformIndustry: E-CommerceCCUS
3125/07/2016?Hunting & Fishing NZ (huntingandfishing.co.nz)Hunting & Fishing NZ (huntingandfishing.co.nz) is hacked and urges users to change their passwords.UnknownIndustry: RetailCCNZ
3226/07/2016OurMineTechCrunchThe website of technology outlet TechCrunch is defaced by a the infamous hacking group OurMine.DefacementNewsCCUS
3326/07/2016?Tinder UsersTinder users fall victim of a scam campaign where hackers using bots trick users into paying for adult content.Spam BotSingle IndividualsCC>1
3426/07/2016?O2O2 customers’ data emerges on the dark web. O2 denies the breach, the data is probably obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log onto O2 accounts.Credential StuffingIndustry: TelcoCCUK
3526/07/2016GP WhitehatTwo Gay Porn WebsitesA self defined “whitehat” hacks two gay porn websites, HotGuysFuck[.]com and GayHoopla[.]com, both owned by the same company, Blurred Media LLC., and dumps 30,000 accounts.UnknownAdult SitesCCUS
3626/07/2016?Kimpton HotelsKimpton Hotels says it is investigating reports of a credit card breach at multiple locations.PoS MalwareIndustry: Hotel and HospitalityCCUS
3726/07/2016The Dark OverlordAthens Orthopedic ClinicThe Athens Orthopedic Clinic (AOC) in Georgia confirms a breach and notifies patients of a data breach that compromised the personal information of current and former patients. The database was leaked one month before.Account Hijacking (via a third party vendor)HealthcareCCUS
3826/07/2016?ShapewaysCustom 3D model printing business Shapeways is hacked and notifies customers that the attacker gained access to shipping and email addresses, usernames and hashed passwords.UnknownIndustry: 3D PrintingCCUS
3927/07/2016AnonymousSarah Silverman’s Twitter Account (@SarahKSilverman)After announcing her support to Hillary Clinton, the Twitter Account of Sarah Silverman (@SarahKSilverman) is hacked by an Anonymous member.Account HijackingSingle IndividualHUS
4027/07/2016The Dark OverlordA group of clinics in Farmington, MissouriAnd a group of clinics in Farmington, Missouri confirms the breach by The Dark Overlord. Targets include: Midwest Imaging Center, LLC; Van Ness Orthopedic and Sports Medicine, Inc.; Mineral Area Pain Center, P.C.; Select Pain & Spine Dr. Christopher T. Sloan, D.P.MAccount Hijacking (via a third party vendor)HealthcareCCUS
4128/07/2016?Multiple Web SitesResearchers from ProofPoint and Trend Micro unveil the details of a malvertising campaign dubbed AdGholas, which has been found to have targeted one million victims, successfully infecting thousands, everyday.MalvertisingSingle IndividualsCC>1
4229/07/2016?US Democratic PartyPeople familiar with the matter tell Reuters that a computer network used by Democratic presidential nominee Hillary Clinton’s campaign was hacked as part of a broad cyber attack on Democratic political organizations. Hackers had access to the analytics program’s server for approximately five days.Targeted AttackOrg: Political PartyCEUS
4329/07/2016?Democratic Congressional Campaign Committee (DCCC)The FBI investigates a second cyber attack targeting the interests of the US Democratic Party after a breach is reported at the Democratic Congressional Campaign Committee (DCCC), a group that handles donations for democrats running for the US House of Representatives.Targeted AttackOrg: Political PartyCEUS
4429/07/2016China 1937CNVietnam AirlinesAirport websites in Vietnam are defaced and the attacks are attributed to China-based hackers, who deface the website of the state-owned Vietnam Airlines. The group says the attack is a “warning message” to Vietnam and Philippines, the countries involved in a dispute over territorial rights in the South China Sea. Apparently the details of 411,000 passengers have been fallen in the hand of the hackers.UnknownAirlineCWVN
4529/07/2016?Disney’s Playdom Forum (playdomforums.com)Disney notifies users of its Playdom Forum that hackers have made off with sensitive personal information which could put their privacy and online security at risk. The victims are potentially 356K.UnknownIndustry: EntertainmentCCUS
4629/07/2016?Several WebsitesSucuri reveals that several websites using the FreeDNS hosting service from NameCheap have their visitors redirected to malicious, cloned sites via an IP address that once hosted command-and-control servers for the Conficker worm.DNS Hijacking>1CC>1
4729/07/2016?Prosthetic & Orthotic Care (P&O Care)And also Prosthetic & Orthotic Care (P&O Care) confirms to have been hacked by the Dark Overlord.Undisclosed VulnerabilityHealthcareCCUS
4830/07/2016?Around 20 state agencies, defence companies and other organisations in RussiaRussia’s Federal Security Service, the FSB, claims that a “coordinated attack” has seen spyware infect the computer networks of around 20 state agencies, defence companies and other organisations in the county.Targeted AttackGovernmentCERU
4930/07/2016G4mm4 from Ghost SquadTwitter account of Afghanistan’s Chief Executive Dr. Abdullah AbdullahThe official Twitter account of Afghanistan’s Chief Executive Dr. Abdullah Abdullah has been hacked by Ghost Squad.Account HijackingSingle IndividualCCAF
5031/07/2016OurMineNiantic CEO John Hanke’s Twitter accountThe latest victim of the infamous collective OurMine is Niantic CEO (the developer of Pokemon Go) John Hanke’s Twitter account. The hackers ask for the release of Pokemon Go in Brazil.Account HijackingSingle IndividualCCUS

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.