Last Updated on October 12, 2016
It’s time to publish the second timeline of September (Part I here), covering the main cyber attacks occurred between 16-30 September 2016.
Well, this month will probably be remembered for the admission of the massive breach that hit Yahoo! (potentially 500 million users involved). This event, for sure, overshadowed all the rest (for instance the massive breach suffered by by i-dressup.com, a teenage girls social hangout website, which had its entire 2.2 million user base downloaded by a crook). The good news is that the level of activity showed a general reduction, and the tail of mega breaches seems to have shown a (temporary?) break. There has been some remarkable events (such as a $ 6 million BEC scam against SS&C Technologies), a wave of DDoS attacks against Battle.net (again), Ethereum, OVH and Newseek), but in general we are far from the peaks of this troubled infosec summer. As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates. Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Class Attack Class Country 1 16/09/2016 ? SS&C Technologies SS&C Technologies, falls victim of China-based hackers who sent a fake emails to company staffers in order to trick them into releasing client money, according to a complaint. Account Hijacking Industry: Financial Services CC US 2 18/09/2016 PoodleCorp Blizzard's Battle.net Blizzard's Battle.net servers are knocked offline by yet another denial-of-service (DDoS) attack claimed by hacking group PoodleCorp. DDoS Industry: Video Games CC US 3 19/09/2016 Fear Hundreds of US government servers hosted on .us and .gov A teenage hacker going by the pseudonym Fear claimed that he has gained access to hundreds of US government servers hosted on .us and .gov domains and stolen a massive trove of personal information of US citizens (among which 100 million Social Security Numbers). FTP Vulnerability Government CC US 4 19/09/2016 Anonymous Italia Antisec-Italia Four Italian Healthcare Organizations In name of #OpSafePharma, the Italian hacktivists hack four healthcare organizations and leak data from two. Unknown Healthcare H IT 5 19/09/2016 ? Saint Francis Health System Saint Francis Health System acknowledges the hack of 6,000 names and addresses. Unknown Healthcare CC US 6 20/09/2016 ? modaco.com Modaco.com, a UK-based forum dedicated to the the Android operating system is breached, with nearly 800,000 usernames and passwords stolen by hackers. The attack dates back to January 2016 Unknown Online Forum CC UK 7 20/09/2016 ? justformen[.]com The website for Just For Men, a company that sells various products for men is compromised to serve malware to its visitors. Malicious JS injection Industry: E-Commerce CC US 8 20/09/2016 ? H&L Australia Hackers claim to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and offer the database for sale. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago. SQLi Industry: PoS Software CC AU 9 22/09/2016 ? Yahoo! Yahoo! Inc. (NASDAQ:YHOO) confirms that a copy of certain user account information was stolen from the company's network in late 2014. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. Unknown Industry: internet Services CC US 10 22/09/2016 ? Ethereum Ethereum, a public blockchain-based decentralised computing platform for the cryptocurrency Ether is targeted by a DDoS attack on its network, causing all mining activities to slow down. DDoS Cryptocurrency Computing Platform CC N/A 11 22/09/2016 Unnamed group of Russian Criminals >1 Ed Alexander, a darknet investigator reveals that a group of Russian hackers launched cyberattacks to steal user credentials from at least 85 companies. Targets include Amazon, American Airlines, AT&T, Best Buy, Wells Fargo, DropBox, Dunkin Donuts, Ebay, GoDaddy, Uber, Match.com, McDonald’s, Office Depot, PayPal, Pizza Hut, Steam, Apple Pay, and others. Account Hijacking >1 CC >1 12 22/09/2016 ? Michelle Obama An image purported to be a scanned copy of U.S. first lady Michelle Obama’s passport is leaked online alongside personal emails said to belong to a low-level White House staffer who worked with Hillary Clinton’s presidential campaign. Account Hijacking Single Individuals CC US 13 22/09/2016 ? OVH Hosting company OVH is subject to the biggest attack DDoS known to date, with peaks of over 1 Tb per second of traffic. DDoS Industry: Hosting CC FR 14 22/09/2016 Black Team Several Individuals An investigation by InfoArmor reveals that Cybercrime syndicate Black Team is spreading its new malicious tool “RAUM” that drops malware on victims’ devices with a torrent file. Malware Single Individuals CC >1 15 22/09/2016 ? floridabar.org hacker or hackers associated with a former Palm Beach County Sheriff’s Office deputy who has a long-standing dispute with Florida law enforcement that appears to have gotten him raided by the FBI managed A hacker manages to access and acquire what appears to be the entire database of Florida Bar Association (floridabar.org) Unknown Org: Professional Order CC US 16 23/09/2016 Bundeswehr’s Computer Network Operations Unit (CNO) Unnamed Afghan Mobile Operator Der Spiegel reveals that the Bundeswehr's (German Armed Forces) special cyber unit is believed to have conducted the nation's first known "offensive" cyber operation in 2015, when it hacked into the network of an Afghan mobile network provider. Unknown Industry: Mobile Telco CW AF 17 23/09/2016 "Crafty Cockney" (Nathan Wyatt?) Pippa Middleton Pippa Middleton falls fallen victim to an iCloud hacker after an anonymous seller calling himself 'Crafty Cockney' offers to sell 3,000 private photographs of her and fiance James Matthews to the press for £50,000. A 35-year-old man Nathan Wyatt is arrested shortly after. Account Hijacking Single Individuals CC UK 18 23/09/2016 Guccifer 2.0 DCCC (Democratic Congressional Campaign Committee) Guccifer 2.0 releases a new cache of documents from the DCCC (Democratic Congressional Campaign Committee). Unknown Org: Political Party CC US 19 23/09/2016 ? Jive Software house Jive resets customers passwords after the company discovered a data breach. Unknown Industry: Software CC US 20 23/09/2016 ? apple.afsmith.bm Office supplies firm AF Smith suspends sales on its Apple website amid fears over credit-card hacking. Unknown Industry: E-Commerce CC US 21 25/09/2016 Monte Melkonian Cyber Army (MMCA) Several Azeri embassies and government websites Armenian hackers from Monte Melkonian Cyber Army (MMCA) leak personal details of several Azeri government officials and also deface several Azeri embassy and government sites to celebrate 25 years of Armenian independence. Unknown Government CW AZ 22 26/09/2016 Fancy Bear, APT28 Several Targets Researchers from Palo Alto reveals the details of Komplex, a sophisticated piece of malware designed to infect computer systems running Apple OSX. Targeted Attack >1 CE >1 23 26/09/2016 ? i-dressup.com Un unknown hacker downloads more than 2.2 million of improperly stored account credentials from i-dressup.com, a social hangout website for teenage girls. SQLi Social Network CC US 24 26/09/2016 Libyan Scorpion High Profile Libyans A cyber-espionage actor dubbed Libyan Scorpion is targeting high-profile Libyans, infecting their Android smartphones with a remote access trojan (RAT) known as AlienSpy. Targeted Attack Single Individuals CE LY 25 27/09/2016 The Dark Overlord WestPark Capital The Dark Overlord leak around 20 internal files online from Los Angeles-based WestPark Capital, as retaliation for the bank's CEO not accepting their "handsome proposal". RDP Vulnerability Industry: Financial Services CC US 26 27/09/2016 ? Over 100 US Universities An investigation reveals that over 100 top US universities have been hacked and injected with SEO spam with the purpose of boosting the search engine ranking of an online gambling site. SEO Poisoning Education CC US 27 29/09/2016 Hackers from Russia? Newsweek Newsweek suspects that Russian hackers are to blame for the crash of its website, after it published an article about Donald Trump’s company secretly conducting business in Cuba in the 1990s. DDoS News CC US 28 29/09/2016 Fancy Bear, APT28 Bellingcat ThreatConnect reveals that Investigative journalism group Bellingcat, that helped to investigate the downing of the MH17 flight over eastern Ukraine in 2014 have been targeted in a series of sophisticated attacks by pro-Russia group Fancy Bear. Targeted Attack News CC UK 29 29/09/2016 Vendetta Brothers PoS systems and ATMs across the US and Scandinavian countries A small, yet very sophisticated group of cyber-criminals named the Vendetta Brothers is behind numerous attacks on PoS systems and ATMs across the US and Scandinavian countries. Account Hijacking Industry: PoS Software CC >1 30 29/09/2016 pr0jekkt feverclan.com pr0jekkt hacks feverclan.com and dumps the data of 50,000 users. SQLi Online Services CC US 31 30/09/2016 ? Large LED video screen billboard in South Jakarta An unknown hacker or a group of hackers hack into the computer system of a large LED video screen billboard in the Kebayoran Baru district of South Jakarta and replace the advertisement on the screen with pornographic content for a short period of time. Unknown Billboard CC ID 32 30/09/2016 Websites Hunter newseasims.com A hacker going by the handle of “Websites Hunter” hacks newseasims.com, a website that offers custom content for Sims video games from Electronic Arts, and leaks personal details of 118,000 customers/users. SQLi Online Services CC US 33 30/09/2016 RedHack Personal email accounts of Turkey’s Energy Minister and President Erdoğan’s son-in-law, Berat Albayrak The RedHack collective claims to have hacked personal email accounts of Turkey’s Energy Minister and President Erdoğan’s son-in-law, Berat Albayrak. Unknown Government H TR