Last Updated on October 12, 2016

It’s time to publish the second timeline of September (Part I here), covering the main cyber attacks occurred between 16-30 September 2016.

Well, this month will probably be remembered for the admission of the massive breach that hit Yahoo! (potentially 500 million users involved). This event, for sure, overshadowed all the rest (for instance the massive breach suffered by by, a teenage girls social hangout website, which had its entire 2.2 million user base downloaded by a crook).

The good news is that the level of activity showed a general reduction, and the tail of mega breaches seems to have shown a (temporary?) break. There has been some remarkable events (such as a $ 6 million BEC scam against SS&C Technologies), a wave of DDoS attacks against (again), Ethereum, OVH and Newseek), but in general we are far from the peaks of this troubled infosec summer.

As usual, if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountry
116/09/2016?SS&C TechnologiesSS&C Technologies, falls victim of China-based hackers who sent a fake emails to company staffers in order to trick them into releasing client money, according to a complaint.Account HijackingIndustry: Financial ServicesCCUS
218/09/2016PoodleCorpBlizzard's Battle.netBlizzard's servers are knocked offline by yet another denial-of-service (DDoS) attack claimed by hacking group PoodleCorp.DDoSIndustry: Video GamesCCUS
319/09/2016FearHundreds of US government servers hosted on .us and .govA teenage hacker going by the pseudonym Fear claimed that he has gained access to hundreds of US government servers hosted on .us and .gov domains and stolen a massive trove of personal information of US citizens (among which 100 million Social Security Numbers).FTP VulnerabilityGovernmentCCUS
419/09/2016Anonymous Italia Antisec-ItaliaFour Italian Healthcare OrganizationsIn name of #OpSafePharma, the Italian hacktivists hack four healthcare organizations and leak data from two.UnknownHealthcareHIT
519/09/2016?Saint Francis Health SystemSaint Francis Health System acknowledges the hack of 6,000 names and addresses.UnknownHealthcareCCUS
620/09/2016?, a UK-based forum dedicated to the the Android operating system is breached, with nearly 800,000 usernames and passwords stolen by hackers. The attack dates back to January 2016UnknownOnline ForumCCUK
720/09/2016?justformen[.]comThe website for Just For Men, a company that sells various products for men is compromised to serve malware to its visitors.Malicious JS injectionIndustry: E-CommerceCCUS
820/09/2016?H&L AustraliaHackers claim to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and offer the database for sale. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.SQLiIndustry: PoS SoftwareCCAU
922/09/2016?Yahoo!Yahoo! Inc. (NASDAQ:YHOO) confirms that a copy of certain user account information was stolen from the company's network in late 2014. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.UnknownIndustry: internet ServicesCCUS
1022/09/2016?EthereumEthereum, a public blockchain-based decentralised computing platform for the cryptocurrency Ether is targeted by a DDoS attack on its network, causing all mining activities to slow down.DDoSCryptocurrency Computing PlatformCCN/A
1122/09/2016Unnamed group of Russian Criminals>1Ed Alexander, a darknet investigator reveals that a group of Russian hackers launched cyberattacks to steal user credentials from at least 85 companies. Targets include Amazon, American Airlines, AT&T, Best Buy, Wells Fargo, DropBox, Dunkin Donuts, Ebay, GoDaddy, Uber,, McDonald’s, Office Depot, PayPal, Pizza Hut, Steam, Apple Pay, and others.Account Hijacking>1CC>1
1222/09/2016?Michelle ObamaAn image purported to be a scanned copy of U.S. first lady Michelle Obama’s passport is leaked online alongside personal emails said to belong to a low-level White House staffer who worked with Hillary Clinton’s presidential campaign.Account HijackingSingle IndividualsCCUS
1322/09/2016?OVHHosting company OVH is subject to the biggest attack DDoS known to date, with peaks of over 1 Tb per second of traffic.DDoSIndustry: HostingCCFR
1422/09/2016Black TeamSeveral IndividualsAn investigation by InfoArmor reveals that Cybercrime syndicate Black Team is spreading its new malicious tool “RAUM” that drops malware on victims’ devices with a torrent file.MalwareSingle IndividualsCC>1
1522/09/2016?floridabar.orghacker or hackers associated with a former Palm Beach County Sheriff’s Office deputy who has a long-standing dispute with Florida law enforcement that appears to have gotten him raided by the FBI managed A hacker manages to access and acquire what appears to be the entire database of Florida Bar Association ( Professional OrderCCUS
1623/09/2016Bundeswehr’s Computer Network Operations Unit (CNO)Unnamed Afghan Mobile OperatorDer Spiegel reveals that the Bundeswehr's (German Armed Forces) special cyber unit is believed to have conducted the nation's first known "offensive" cyber operation in 2015, when it hacked into the network of an Afghan mobile network provider.UnknownIndustry: Mobile TelcoCWAF
1723/09/2016"Crafty Cockney" (Nathan Wyatt?)Pippa MiddletonPippa Middleton falls fallen victim to an iCloud hacker after an anonymous seller calling himself 'Crafty Cockney' offers to sell 3,000 private photographs of her and fiance James Matthews to the press for £50,000. A 35-year-old man Nathan Wyatt is arrested shortly after.Account HijackingSingle IndividualsCCUK
1823/09/2016Guccifer 2.0DCCC (Democratic Congressional Campaign Committee)Guccifer 2.0 releases a new cache of documents from the DCCC (Democratic Congressional Campaign Committee).UnknownOrg: Political PartyCCUS
1923/09/2016?JiveSoftware house Jive resets customers passwords after the company discovered a data breach.UnknownIndustry: SoftwareCCUS
2023/09/2016?apple.afsmith.bmOffice supplies firm AF Smith suspends sales on its Apple website amid fears over credit-card hacking.UnknownIndustry: E-CommerceCCUS
2125/09/2016Monte Melkonian Cyber Army (MMCA)Several Azeri embassies and government websitesArmenian hackers from Monte Melkonian Cyber Army (MMCA) leak personal details of several Azeri government officials and also deface several Azeri embassy and government sites to celebrate 25 years of Armenian independence.UnknownGovernmentCWAZ
2226/09/2016Fancy Bear, APT28Several TargetsResearchers from Palo Alto reveals the details of Komplex, a sophisticated piece of malware designed to infect computer systems running Apple OSX.Targeted Attack>1CE>1
2326/09/2016?i-dressup.comUn unknown hacker downloads more than 2.2 million of improperly stored account credentials from, a social hangout website for teenage girls.SQLiSocial NetworkCCUS
2426/09/2016Libyan ScorpionHigh Profile LibyansA cyber-espionage actor dubbed Libyan Scorpion is targeting high-profile Libyans, infecting their Android smartphones with a remote access trojan (RAT) known as AlienSpy.Targeted AttackSingle IndividualsCELY
2527/09/2016The Dark OverlordWestPark CapitalThe Dark Overlord leak around 20 internal files online from Los Angeles-based WestPark Capital, as retaliation for the bank's CEO not accepting their "handsome proposal".RDP VulnerabilityIndustry: Financial ServicesCCUS
2627/09/2016?Over 100 US UniversitiesAn investigation reveals that over 100 top US universities have been hacked and injected with SEO spam with the purpose of boosting the search engine ranking of an online gambling site.SEO PoisoningEducationCCUS
2729/09/2016Hackers from Russia?NewsweekNewsweek suspects that Russian hackers are to blame for the crash of its website, after it published an article about Donald Trump’s company secretly conducting business in Cuba in the 1990s.DDoSNewsCCUS
2829/09/2016Fancy Bear, APT28BellingcatThreatConnect reveals that Investigative journalism group Bellingcat, that helped to investigate the downing of the MH17 flight over eastern Ukraine in 2014 have been targeted in a series of sophisticated attacks by pro-Russia group Fancy Bear.Targeted AttackNewsCCUK
2929/09/2016Vendetta BrothersPoS systems and ATMs across the US and Scandinavian countriesA small, yet very sophisticated group of cyber-criminals named the Vendetta Brothers is behind numerous attacks on PoS systems and ATMs across the US and Scandinavian countries.Account HijackingIndustry: PoS SoftwareCC>1
3029/09/2016pr0jekktfeverclan.compr0jekkt hacks and dumps the data of 50,000 users.SQLiOnline ServicesCCUS
3130/09/2016?Large LED video screen billboard in South JakartaAn unknown hacker or a group of hackers hack into the computer system of a large LED video screen billboard in the Kebayoran Baru district of South Jakarta and replace the advertisement on the screen with pornographic content for a short period of time.UnknownBillboardCCID
3230/09/2016Websites Hunternewseasims.comA hacker going by the handle of “Websites Hunter” hacks, a website that offers custom content for Sims video games from Electronic Arts, and leaks personal details of 118,000 customers/users.SQLiOnline ServicesCCUS
3330/09/2016RedHackPersonal email accounts of Turkey’s Energy Minister and President Erdoğan’s son-in-law, Berat AlbayrakThe RedHack collective claims to have hacked personal email accounts of Turkey’s Energy Minister and President Erdoğan’s son-in-law, Berat Albayrak.UnknownGovernmentHTR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.