Last Updated on August 30, 2016

It has been a real cruel infosec summer! At least the first fifteen days of August that have shown a remarkable number of cyber attacks, and an even more staggering number of compromised accounts.

Effectively the month did not start very well: 200 alleged Yahoo! accounts have been published on the Real Deal marketplace by Peace, the same hacker who had previously sold the DB dumps of MySpace and Linkedin.

But this has not been the only mega breach of this fortnight: 15 million Iranian users of Telegram have been compromised by attackers tied with the infamous state-sponsored group Rocket Kitten, 3.7 million customers of Banner Health, an Arizona-based healthcare group, have been equally compromised (unfortunately the trail of massive breaches affecting healthcare continue), and finally, hackers belonging to the Pravy Sector collective have dumped more than 150GB of data from Central Ohio Urology Group.

Other interesting events in cyber crime include the discovery of malware in 20 locations of HEI Hotels & Resorts, the chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels, the hack against Bitfinex, in which hackers made off with $65m worth of Bitcoins (£48m, €57m), creating a turmoil in the value of the crypto currency, and the wave of DDoS attacks orchestrated by the PoodleCorp collective against several video games portals such as Blizzard’s battle.net or the PlayStation Network.

And whereas the Anonymous turned their attentions mainly against Brazil, because of the Olympic Games of Rio2016, the list of cyber espionage operation is really too long to summarize, so I strongly recommend you to scroll down the whole timeline.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
101/08/2016PeaceYahoo!Peace, the hacker who has previously sold dumps of Myspace and LinkedIn, lists 200 million supposed credentials of Yahoo users on The Real Deal marketplace. Yahoo confirms to be aware of the claim.UnknownIndustry: InternetCCUS
201/08/2016North KoreaSouth KoreaNorth Korean hackers gain access to data of dozens of South Korean officials including diplomats and top security personnel. Emails and passwords of as many as 56 people are leaked.Account HijackingGovernmentCEKR
301/08/2016?Klimpton Hotels and RestaurantsKlimpton Hotels and Restaurants advises guests of a possible credit card breach.POS MalwareIndustry: Hotel and HospitalityCCUS
401/08/2016AnonymousSeveral websites belonging to Andrej Babis, Czech Republic’s Finance Minister.In name of OpBlokada, the Czech and the Slovakian divisions of the Anonymous ddos the websites of private companies owned by Andrej Babis, Czech Republic’s Finance Minister. Targets include: Agrofert, Hyza, Cepro, Preol, Penam, Uniles, and Wotan Forest.DDoSGovernmentHCZ
502/08/2016Iranian hackers linked to the state-sponsored group Rocket KittenIranian Telegram UsersIranian hackers linked to the state sponsored group called Rotten Kitten have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users.Account Hijacking via Telegram VulnerabilitySingle IndividualsCEIR
602/08/2016 ?BitfinexThe price of bitcoin plummets after Hong Kong-based digital currency exchange Bitfinex was hit by hackers who stole $65m (£48m, €57m) of the digital currency.UnknownBitcoin ExchangeCCHK
702/08/2016Pravy SectorCentral Ohio Urology Group (centralohiourology.com)Pravy Sector, the Pro-Ukraine hacker (or hackers) dump 150 GB of data from the Central Ohio Urology Group.SQLiHealthcareCCUS
802/08/2016?123-Reg (123-reg.co.uk)123-Reg is taken down by a massive DDoS attack.DDoSIndustry: Web HostingCCUK
902/08/2016?Banner HealthArizona healthcare group Banner Health reveals that hackers may have accessed records of 3.7 million of its customers. The attack was initiated on 17 June.UnknownHealthcareCCUS
1002/08/2016Group5 (linked to Iran)Syrian DissidentsCitizen Lab reveals the details of a new cyberespionage group, appearing to be associated with Iran, which has launched an advanced malware operation targeting Syrian dissidents.Targeted AttackSingle IndividualsCESY
1102/08/2016Afzal FaizalUnnamed Indian BankA pro-Pakistani hacker dubbed Afzal Faizal claims to have obtained access to the e-payment system of a nationalized bankUnknownFinanceCWIN
1202/08/2016PeggleCrewFosshub (fosshub.com)A hacking crew that goes by the name of PeggleCrew compromises Fosshub and embedded malware inside the files hosted on the website and offered for download.Account HijackingOnline ServicesCCUS
1302/08/2016Zurael_sTzparsiva.daba.co.irAn Israeli hacker going by the handle of Zurael_sTz hacks the official website of Iranian Internet services provider Daba and leaks login credentials of thousands of registered users. The total hack should include 52K users, despite only a smaller number of accounts is dumped.UnknownIndustry: ISPHIR
1403/08/2016PoodleCorpBlizzard’s Battle.netBlizzard’s Battle.net servers are hit by a massive DDoS attack causing latency, connection and login issues across popular games such as Overwatch, World of Warcraft and HearthstoneDDoSIndustry: Video GamesCCUS
1503/08/2016PoodleCorpLeague of Legend (leagueoflegendes.com)And the PoodleCorp collective also claims to have taken down the website of League of Legends (leagueoflegends.com)DDoSIndustry: Video GamesCCUS
1603/08/2016?Romelu Lukaku’s Instagram AccountRomelu Lukaku, the Everton footballer is the latest celebrity to have his own Instagram account hacked.Account HijackingSingle IndividualsCCBE
1704/08/2016?An Garda Síochána (Irish Police)Police in Ireland launches a probe after a hacker attempted to break into its computer network, forcing officials to temporarily shut down several of their systems to ensure the security of data held on staff and the publicMalwareLaw EnforcementCCIE
1804/08/2016ChinaSeveral targets including the Philippines Department of JusticeF-Secure reveals the details of NanHaiShu, a spy campaign aimed at accessing information from high-profile targets involved in the South China Sea dispute.Targeted AttackGovernmentCEPH
1904/08/2016Kazakhstan Government?Kazakh DissidentsThe Electronic Frontier Foundation reveals the details of Operation Manul, a cyber espionage campaign targeting journalists, political activists and lawyers.Targeted AttackSingle IndividualsCEKZ
2004/08/2016?Christians Against Poverty (capuk.org)UK debt relief charity Christians Against Poverty notifies supporters following a data breach that exposed personal details including phone and bank account numbers, and banking sort codes. Unidentified hackers broke into the charity’s systems in late July. The intrusion was only detected a week later.UnknownOrg: CharityCCUK
2104/08/2016IntsightsISIS Forum on the Dark WebIntsights, an Israeli cyber-intelligence firm, claims to have uncovered plans for future ISIS attacks after hacking into an ISIS forum the group had used in the past to plan other attacks.Account HijackingOrg: TerrorismCWN/A
2204/08/2016PoodleCorpPlayStation NetworkThe PoodleCorp collective claims to have taken down the PlayStation Network servers.DDoSIndustry: Video GamesJPCC
2304/08/2016PoodleCorpGTAOnlineAnd this time the PoodleCorp collective claims to have taken down the GTA (Grand Theft Auto) website.DDoSIndustry: Video GamesUSCC
2405/08/2016?The Khronos Group (khronos.org)Accounts of employees from Apple, Intel, and Google are exposed after the website of the Khronos Group, a non-profit organization, is hacked.SQLiOrg: Non-ProfitCCUS
2505/08/2016?Smartphone users in China and JapanBitdefender reveals the details of an Android RAT designed to target smartphones with specific IMEI numbers in China and Japan.MalwareSingle IndividualsCCJP CN
2605/08/2016Anonymous BrazilSeveral Brazilian government websitesThe online hacktivists of Anonymous Brazil take down several Brazilian government websites to protest against the ongoing Olympics in Rio de Janeiro. Targets include: the official website of the federal government for the 2016 Games (brasil2016.gov.br), Portal of the State Government of Rio de Janeiro (rj.gov.br), Ministry of sports (esporte.gov.br), Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com).DDoSGovernmentHBR
2705/08/2016Anonymous BrazilSeveral Brazilian government individualsIn the second phase of their operation, Anonymous Brazil claims to have leaked personal details of Mayor of Rio de Janeiro, Governor of Rio de Janeiro, Minister of Sport, President of the Brazilian Olympic Committee and three businessmen who are allegedly involved in corruption.UnknownSingle IndividualsHBR
2806/08/2016OurMineAlexa Losey Twitter AccountThe OurMine collective hacks the Twitter account of popular Youtuber Alexa LoseyAccount HijackingSingle IndividualsCCUS
2907/08/2016StriderSelected targets in Russia, China, Sweden, and BelgiumSymantec reveals the details of Strider, a previously unknown group conducting cyber espionage-style attacks against selected targets in Russia, China, Sweden, and Belgium (36 infections across 7 organizations since 2011). The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks. Its code contains a reference to Sauron, the all-seeing antagonist in Lord of the Rings.Targeted Attack>1CERU CN SE BE
3007/08/2016OurMineTwitter and Quora account of Zach Klein, co-founder of video-sharing website VimeoThe official Twitter and Quora account of Zach Klein, co-founder of video-sharing website Vimeo are hacked by the OurMine collective.Account HijackingSingle IndividualsCCUS
3108/08/2016Carbanak GangMICROSThe Carbanak Gang appears to have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems, and used that access to steal administrative credentials and implant malicious code on 700 terminals.POS MalwareIndustry: PoS SystemsCCUS
3208/08/2016New World Hackersmichaelphelps.comNew World Hackers claim responsibility for taking down the personal website of Michael Phelps.DDoSSingle IndividualsCCUS
3309/08/2016?Australian Bureau of Statistics (abs.gov.au)Millions of Australian citizens hoping to take part in the country’s first ever digital census are left frustrated after the website used to complete the survey is taken down by a DDoS attackDDoSGovernmentCCAU
3409/08/2016?PoS Systems WorldwidePanda Labs reveals the details of a criminal group is using compromised LogMeIn accounts belonging to systems running PoS software to access those computers and infect them with the new PosCardStealer malware.PoS Malware>1CC>1
3509/08/2016?Brant County Health UnitBrant County Health Unit reveals that an unauthorized person gained access to the immunization records of nearly 500 people between July 2015 and October 2015.UnknownHealthcareCCUS
3610/08/2016?Dota 2 ForumThe forum for the popular online multiplayer game, Dota 2 is hacked and as a result, 2 million accounts are leaked. The Attack was executed on July 10.SQLi (via vBulletin vulnerability)Industry: Video GamesCCUS
3710/08/2016?Instagram UsersSymantec reveals the details of a campaign aimed to hack Instagram accounts, altering profiles with sexually suggestive imagery to lure users to adult dating and porn spam.Account HijackingSingle IndividualsCC>1
3810/08/2016?WebcamA Texas mother realizes that someone hacked into a webcam positioned in her two daughters’ bedroom and streamed their private goings-on live online for thousands to watch.Account HijackingSingle IndividualsCCUS
3910/08/2016?Anderson CountyAnderson County government officials and the sheriff’s office investigate a possible computer security breach (a “potential system-wide breach” of the main courthouse server) involving 1,800 people.UnknownGovernmentCCUS
4011/08/2016?Natwest usersMalwarebytes reveals the details of a social engineering campaign carried out on Twitter and made inserting a fake account into a conversation with legitimate support channels. This specific campaign targets Natwest bank accounts.Account HijackingSingle IndividualsCC>1
4111/08/2016Carbanak Gang5 PoS Systems manufacturer including Cin7, ECRS, Navy Zebra, PAR Technology and UniwellForbes reveals that the Carbanak Gang also breached 5 more cash registers providers.POS MalwareIndustry: PoS SystemsCCUS
4211/08/2016?LinkedInA new lawsuit reveals that data thieves used a massive botnet against LinkedIn to steal members’ personal information via information scraping by fake profiles.BotsSocial NetworkCCUS
4311/08/2016?swimming.org.auSwimming.org.au, the swimming Australia’s website is hit by a DDoS attack in the wake of Olympic gold medallist Mack Horton’s comments about his Chinese competitor Sun Yang being a drug cheat.DDoSOrg: SportCCAU
4411/08/2016Monsoon Group (Indian speaking hackers)Chinese nationals within different industries and government agencies in Southern AsiaForcepoint reveals the details of the Monsoon Group (also known as Patchwork APT, Dropping Elephant, and Operation Hangover), a crew of hackers based in India, who has compromised both Chinese nationals within different industries and government agencies in Southern Asia, as far back as 2013.Targeted Attack>1CE>1
4511/08/2016?Municipality of EdeThe Municipality of Ede reveals to have discovered on July 8th that the personal information of about 3,700 Ede residents has been accessed by unauthorized persons due to a security vulnerability on the municipal site.UnknownGovernmentCCNL
4612/08/2016Guccifer 2.0Democratic Congressional Campaign Committee (DCCC)Guccifer 2.0 leaks a fresh batch of documents, memos and passwords, this time from the Democratic Congressional Campaign Committee (DCCC). They include a spreadsheet of congressional contacts’ phone numbers and email addresses, internal memos and what purports to be documents stolen from the computer of Nancy Pelosi, the highest-ranking Democrat in Congress.Account HijackingOrg: Political PartyCCUS
4712/08/2016?Major Iranian Oil and Gas FacilitiesIran’s Supreme National Cyberspace Council investigates whether a recent string of oil and petrochemical fires were caused by a cyberattack.Targeted AttackIndustry: Oil and GasCWIR
4812/08/2016Anonymous PolandWorld Anti-Doping Agency and Court of Arbitration for Sport (tas-cas.org)A collective associated with the Polish branch of the Anonymous hacks the servers of the World Anti-Doping Agency and Court of Arbitration for Sport (tas-cas.org) and dumps a 412MB file which contains 3,121 unique email accounts along with their passwords.SQLiOrg: SportHINT
4912/08/2016?Valley Anesthesiology and Pain Consultants (VAPC)Valley Anesthesiology and Pain Consultants announces that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. The incident involves approximately 882,590 patients, and all current and former employees and providers.UnknownHealthcareCCUS
5013/08/2016?Yulia Stepanova’s WADA AccountThe World Anti-Doping Agency (WADA) confirms that hackers appear to have accessed the online account of Russian athletics doping whistleblower Yulia Stepanova.Account HijackingSingle IndividualsCCRU
5114/08/2016?HEI Hotels & ResortsHEI Hotels & Resorts, the chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels, reveals that the payment systems for 20 of its locations has been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. The malware was discovered in early to mid-June.PoS MalwareIndustry: Hotel and HospitalityCCUS
5214/08/2016?Sage SoftwareA data breach at Sage Software may have compromised personal information for employees at 280 UK businesses. The breach was caused by “unauthorised access” by someone using an “internal” company computer login. The alleged author of the attack, a 32 years old woman, is arrested on August 17.Account HijackingIndustry: SoftwareCCUK
5315/08/2016Shadow BrokersThe Equation GroupAn anonymous group calling itself Shadow Brokers publishes what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency known as “The Equation Group”. A further analysis confirms the link with the state sponsored crew.UnknownGovernmentCCUS
5415/08/2016Queensland Police Service’s Task Force ArgosUS Tor UsersMotherboard reveals that, in 2014, Australian authorities hacked Tor users in the US as part of a child pornography investigation against The Love Zone, a dark web child abuse site.Account HijackingSingle IndividualsCCUS
5515/08/2016Unknown India-based HackersSeveral targetsMalwarebytes reveals the details of Shakti, a trojan built with the only purpose to steal documents.Targeted Attack>1CE>1
5615/08/2016?.gov email addressesUnknown attackers launch a massive attack aimed at flooding targeted .gov email inboxes with subscription requests to thousands of email lists.DDoSGovernmentCCUS
5715/08/2016Kerala Cyber Warriors50 Pakistan websitesIn occasion of the Indian Independence Day, Kerala Cyber Warriors deface 50 Pakistani Websites.Defacement>1CWPK

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.