Last Updated on December 5, 2016
It’s time to publish the second Cyber Attacks Timeline of November (Part I here), showing the main cyber incidents occurred between the 16th and the 30th and published in the news.
The decreasing trend that has characterized the last weeks seems over: this fortnight has seen a sharp rise in the number of attacks, and even if no mega breaches were detected, the list includes some remarkable events. Analyzing the events related to Cyber Crime, the list includes a new massive attack orchestrated via the Mirai botnet, this time against Deutsche Telekom, whose 900,000 customers have been knocked offline. But also the breaches targeting Three Mobile, victim of two hackers ( immediately arrested) able to access the customers’ database, and Gorilla Glue, whose 500Gb database has been leaked by The Dark Overlord, are worth to consider. And let’s not forget the gang dubbed Gobalt, who has attacked cash machines in more then a dozen of countries across Europe using the technique known as ‘jackpotting’. Moving to a different sector (Cyberwar), an important event has been registered in Saudi Arabia (and apparently the outbreak is still ongoing) where a new version of the infamous Shamoon wiper malware (allegedly originating from Iran) has paralyzed eight Governmental institutions including the Central Bank. The chart also includes a massive campaign against Android users dubbed Gooligan, the return of the infamous Fancy Bear APT group (AKA APT8), and another hack against Mark Zuckerberg’ Pinterest Account. In any case, as I said earlier, the list is quite long this time, so feel free to scroll it all for the details of the cyber landscape in November. If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates. Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Class Attack Class Country 1 17/11/2016 ? Three Mobile Three Mobile admits that hackers have successfully accessed its customer upgrade database after using an employee login. 6 million customers' private information is at risk. Account Hijacking Industry Mobile Operator CC GB 2 17/11/2016 Iran Eight Saudi Institutions Eight Saudi institutions are hit by a destructive Cyber Attack allegedly generating from Iran, carried on using a new version of the infamous Shamoon Malware. Malware Government CW SA 3 17/11/2016 The Dark Overlord Gorilla Glue The Dark Overlord claims to have stolen a wealth of company and personal information (500Gb) from US adhesive, glue, and tape company Gorilla Glue Unknown Industry: Adhesive, Glue and Tape CC US 4 17/11/2016 OurMine Mark Zuckerberg's Pinterest Account OurMine hack Mark Zuckerberg's Pinterest Account and post a message suggesting they could help him with his online security. Account Hijacking Single Individual CC US 5 17/11/2016 ? Canadian army’s public recruitment website (forces.ca) The Canadian army’s public recruitment website (forces.ca) is hacked and briefly redirects visitors to the official website of the Chinese government. Unknown Military CC CA 6 18/11/2016 Amn3s1a Team Mega.nz The Amn3s1a Team hacking group releases a data dump containing what the group claims is nearly 2GB of source code stolen from several Mega.nz servers. Unknown File Hosting CC NZ 7 18/11/2016 ? Ask An unknown attacker hijack the update mechanism employed by Ask Partner Network (APN) to download suspicious code onto unsuspecting users' PCs. Malware Industry: Software CC US 8 18/11/2016 ? Michigan State University Michigan State University announces that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by an unauthorised third party. Unknown Education CC US 9 18/11/2016 Kapustkiy mobilita.gov.it Kapustkiy hacks an Italian Government websites (mobilita.gov.it) and dumps 45,000 records. SQLi Government CC IT 10 20/11/2016 Kapustkiy Eastern Indian Regional Council Kapustkiy breaks into the Eastern Indian Regional Council and accesses the data of 17,000 students. SQLi Government CC IN 11 21/11/2016 Cobalt Cash machines in more than a dozen countries across Europe Group IB reveals that cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash. Malware Finance CC EU 12 21/11/2016 Kapustkiy and CyberZeist Hungarian Human Rights Foundation (hhrf.org) The Hungarian Human Rights Foundation website is hacked and the attackers manage to get access to over 20,000 accounts and personal information, including phone numbers and home addresses. SQLi Org: Non-Profit CC HU 13 21/11/2016 ? TheCounter TheCounter, a third party Twitter site was hacked over the weekend and various celebrity and media accounts taken over to promote an “increase Twitter followers” service. Account Hijacking Social Network CC US 14 21/11/2016 ? Atlantis Paradise Island Atlantis, Paradise Island announces a recent security incident that may have compromised the security of payment information between March 9, 2016 and October 22, 2016. PoS Malware Industry: Hotel and Hospitality CC BS 15 21/11/2016 ? USOC (United States Olympic Committee) The U.S. Olympic Committee (USOC) notifies individuals who participated in the 100-Days Out event in April 2016 that their personal information has been acquired by an unauthorized individual who gained access to the email account of a contractor who ran security clearances for the event. Account Hijacking Org: Sport CC US 16 22/11/2016 ? Madison Square Garden Madison Square Garden Co. admits that hackers may have stolen payment card data at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre from Nov. 9, 2015 to Oct. 24, 2016. Malware Industry: Entertainment CC US 17 23/11/2016 ? US Navy Hackers manage to get their hands on personal and sensitive information of over 130,000 US Navy officials after a laptop of an HPE Navy contactor is hacked. The breach was acknowledged on October, 27th. Unknown Military CC US 18 23/11/2016 ? Deliveroo Customers of takeaway food app Deliveroo have their accounts hacked and run up bills for food that they did not order. Unknown Industry: Online Food Ordering CC GB 19 23/11/2016 ? Mailchimp Hackers compromise the Mailchimp database and manage to send out emails containing malicious links to subscribers of various different companies. Unknown Industry: Email Marketing CC US 20 23/11/2016 ? Magento One Coding Sucuri spots a redirect injected into the Magento One coding, which is used by many ecommerce sites, able to redirect the users to phishing pages. JS redirection Single Individuals CC >1 21 23/11/2016 Gh0s7 Instituto de la Función Registral del Estado México (IFREM) Gh0s7 hacks the Instituto de la Función Registral del Estado México (IFREM) and dumps the entire database. Unknown Government CC MX 22 24/11/2016 ? Prominent journalists and professors Google warns prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered over social media. Targeted Attack Single Individuals CE >1 23 24/11/2016 ? Vascular Surgical Associates Vascular Surgical Associates notifies patients of a hack discovered in September when a compromised vendor password was used to access an internal computer. Account Hijacking Healthcare CC US 24 25/11/2016 [email protected] Muni (San Francisco's Transit System) Computer systems at San Francisco’s transit system, Muni, are paralyzed following a malware attack. The author of the attack asks for a ransom of $73,000. Malware Utility CC US 25 25/11/2016 ? Financial and government institutions in Asia and Africa Financial and government institutions in Asia and Africa have been the victims of targeted cyber-attacks that have leveraged a zero-day in the InPage Word processor in attempts to install keyloggers and backdoor trojans on targeted computers. Targeted Attack Finance Government CE >1 26 25/11/2016 APT28 (Fancy Bear) Senior anti-doping officials from WADA and USADA The cyber-espionage group Fancy Bears, strikes again by hacking into the confidential emails of senior anti-doping officials from the World Anti-Doping Agency (Wada) and the United States Anti-Doping Agency (Usada). Unknown Org: Sport CC N/A 27 26/11/2016 ? Deutsche Telekom 900,000 Deutsche Telekom customers are knocked off the internet when their routers are hit by a malware attack launched through the Mirai Botnet exploiting a SOAP Remote Execution Vulnerability. Malware Industry: ISP CC DE 28 26/11/2016 Group_Dmar careers.kna.kw (official website of the Kuwaiti parliament) The official website of the Kuwaiti parliament is defaced by hackers on their parliamentary election day. The hackers deface the main page leaving a message in Arabic accusing Abdul Hamid Dashti, a member of parliament (MP) of being an Iranian agent and urged other MPs to unite against him. Defacement Government H KW 29 26/11/2016 Kapustkiy The High Commission of Ghana and the High Commission of Fiji Kapustkiy breaches the websites of the High Commission of Ghana and the High Commission of Fiji. SQLi Government CC IN 30 26/11/2016 ? [email protected] The miscreant behind this extortion attempt against the San Francisco Muni gets hacked himself. The author is an anonymous security researcher, able to compromise the extortionist’s inbox by guessing the answer to his secret question. Account Hijacking Single Individual N/A RU 31 27/11/2016 ? Valartis Bank Hackers are blackmailing the customers of Valartis Bank, a Liechtenstein bank, asking victims to send 10% of their funds to a Bitcoin address or have their bank accounts details exposed online, Unknown Finance CC LU 32 28/11/2016 ? Japanese Defence Ministry Kyodo News reveals that the network of the Japanese Defence Ministry was the target of a cyber-attack in September this year. Targeted Attack Government CE JP 33 28/11/2016 ? xHamster Leakbase reveals that 380,000 user account details for porn site xHamster are being traded on the digital underground. Unknown Adult Site CC >1 34 29/11/2016 ? Tor Users Tor officials confirm the presence of a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser. Malware (JS Exploit) Single Individuals CC >1 35 29/11/2016 ? European Commission The European Commission (EC) is the target of a distributed denial of service (DDoS) that leads to a breakdown in internet services for hours. DDoS Org: Politics (EU Institution) CC EU 36 29/11/2016 ? The Carleton University The computers of the Carleton University are paralyzed by a ransomware attack. Malware Education CC CA 37 30/11/2016 ? Android 4 and Android 5 Users Researchers at Check Point Software Technologies uncover a new malware variant called Gooligan that to date has hacked one million Google accounts worldwide by rooting the user's Android device, at an alarming rate of some 13,000 devices per day. Malware Single Individuals CC >1 38 30/11/2016 ? Android Users Researchers at Palo Alto Networks reveal the details of a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information. Malware Single Individuals CC >1 39 30/11/2016 ? The National Lottery About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot. However the firm says it does not believe its own systems has been compromised, but rather that the players' login details had been stolen from elsewhere. Unknown Industry: Lottery CC GB 40 30/11/2016 ? Erasmus University The Erasmus University is the victim of a breach affecting 270,000 students, whose personal information is compromised. Unknown Education CC NL