Views: 7,204
Last Updated on December 5, 2016
It’s time to publish the second Cyber Attacks Timeline of November (Part I here), showing the main cyber incidents occurred between the 16th and the 30th and published in the news.
The decreasing trend that has characterized the last weeks seems over: this fortnight has seen a sharp rise in the number of attacks, and even if no mega breaches were detected, the list includes some remarkable events.
Analyzing the events related to Cyber Crime, the list includes a new massive attack orchestrated via the Mirai botnet, this time against Deutsche Telekom, whose 900,000 customers have been knocked offline. But also the breaches targeting Three Mobile, victim of two hackers (immediately arrested) able to access the customers’ database, and Gorilla Glue, whose 500Gb database has been leaked by The Dark Overlord, are worth to consider. And let’s not forget the gang dubbed Gobalt, who has attacked cash machines in more then a dozen of countries across Europe using the technique known as ‘jackpotting’.
Moving to a different sector (Cyberwar), an important event has been registered in Saudi Arabia (and apparently the outbreak is still ongoing) where a new version of the infamous Shamoon wiper malware (allegedly originating from Iran) has paralyzed eight Governmental institutions including the Central Bank.
The chart also includes a massive campaign against Android users dubbed Gooligan, the return of the infamous Fancy Bear APT group (AKA APT8), and another hack against Mark Zuckerberg’ Pinterest Account.
In any case, as I said earlier, the list is quite long this time, so feel free to scroll it all for the details of the cyber landscape in November.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and, in a bit, 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: 
ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country |
1 | 17/11/2016 | ? | Three Mobile | Three Mobile admits that hackers have successfully accessed its customer upgrade database after using an employee login. 6 million customers' private information is at risk. | Account Hijacking | Industry Mobile Operator | CC | GB |
2 | 17/11/2016 | Iran | Eight Saudi Institutions | Eight Saudi institutions are hit by a destructive Cyber Attack allegedly generating from Iran, carried on using a new version of the infamous Shamoon Malware. | Malware | Government | CW | SA |
3 | 17/11/2016 | The Dark Overlord | Gorilla Glue | The Dark Overlord claims to have stolen a wealth of company and personal information (500Gb) from US adhesive, glue, and tape company Gorilla Glue | Unknown | Industry: Adhesive, Glue and Tape | CC | US |
4 | 17/11/2016 | OurMine | Mark Zuckerberg's Pinterest Account | OurMine hack Mark Zuckerberg's Pinterest Account and post a message suggesting they could help him with his online security. | Account Hijacking | Single Individual | CC | US |
5 | 17/11/2016 | ? | Canadian army’s public recruitment website (forces.ca) | The Canadian army’s public recruitment website (forces.ca) is hacked and briefly redirects visitors to the official website of the Chinese government. | Unknown | Military | CC | CA |
6 | 18/11/2016 | Amn3s1a Team | Mega.nz | The Amn3s1a Team hacking group releases a data dump containing what the group claims is nearly 2GB of source code stolen from several Mega.nz servers. | Unknown | File Hosting | CC | NZ |
7 | 18/11/2016 | ? | Ask | An unknown attacker hijack the update mechanism employed by Ask Partner Network (APN) to download suspicious code onto unsuspecting users' PCs. | Malware | Industry: Software | CC | US |
8 | 18/11/2016 | ? | Michigan State University | Michigan State University announces that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by an unauthorised third party. | Unknown | Education | CC | US |
9 | 18/11/2016 | Kapustkiy | mobilita.gov.it | Kapustkiy hacks an Italian Government websites (mobilita.gov.it) and dumps 45,000 records. | SQLi | Government | CC | IT |
10 | 20/11/2016 | Kapustkiy | Eastern Indian Regional Council | Kapustkiy breaks into the Eastern Indian Regional Council and accesses the data of 17,000 students. | SQLi | Government | CC | IN |
11 | 21/11/2016 | Cobalt | Cash machines in more than a dozen countries across Europe | Group IB reveals that cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash. | Malware | Finance | CC | EU |
12 | 21/11/2016 | Kapustkiy and CyberZeist | Hungarian Human Rights Foundation (hhrf.org) | The Hungarian Human Rights Foundation website is hacked and the attackers manage to get access to over 20,000 accounts and personal information, including phone numbers and home addresses. | SQLi | Org: Non-Profit | CC | HU |
13 | 21/11/2016 | ? | TheCounter | TheCounter, a third party Twitter site was hacked over the weekend and various celebrity and media accounts taken over to promote an “increase Twitter followers” service. | Account Hijacking | Social Network | CC | US |
14 | 21/11/2016 | ? | Atlantis Paradise Island | Atlantis, Paradise Island announces a recent security incident that may have compromised the security of payment information between March 9, 2016 and October 22, 2016. | PoS Malware | Industry: Hotel and Hospitality | CC | BS |
15 | 21/11/2016 | ? | USOC (United States Olympic Committee) | The U.S. Olympic Committee (USOC) notifies individuals who participated in the 100-Days Out event in April 2016 that their personal information has been acquired by an unauthorized individual who gained access to the email account of a contractor who ran security clearances for the event. | Account Hijacking | Org: Sport | CC | US |
16 | 22/11/2016 | ? | Madison Square Garden | Madison Square Garden Co. admits that hackers may have stolen payment card data at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre from Nov. 9, 2015 to Oct. 24, 2016. | Malware | Industry: Entertainment | CC | US |
17 | 23/11/2016 | ? | US Navy | Hackers manage to get their hands on personal and sensitive information of over 130,000 US Navy officials after a laptop of an HPE Navy contactor is hacked. The breach was acknowledged on October, 27th. | Unknown | Military | CC | US |
18 | 23/11/2016 | ? | Deliveroo | Customers of takeaway food app Deliveroo have their accounts hacked and run up bills for food that they did not order. | Unknown | Industry: Online Food Ordering | CC | GB |
19 | 23/11/2016 | ? | Mailchimp | Hackers compromise the Mailchimp database and manage to send out emails containing malicious links to subscribers of various different companies. | Unknown | Industry: Email Marketing | CC | US |
20 | 23/11/2016 | ? | Magento One Coding | Sucuri spots a redirect injected into the Magento One coding, which is used by many ecommerce sites, able to redirect the users to phishing pages. | JS redirection | Single Individuals | CC | >1 |
21 | 23/11/2016 | Gh0s7 | Instituto de la Función Registral del Estado México (IFREM) | Gh0s7 hacks the Instituto de la Función Registral del Estado México (IFREM) and dumps the entire database. | Unknown | Government | CC | MX |
22 | 24/11/2016 | ? | Prominent journalists and professors | Google warns prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered over social media. | Targeted Attack | Single Individuals | CE | >1 |
23 | 24/11/2016 | ? | Vascular Surgical Associates | Vascular Surgical Associates notifies patients of a hack discovered in September when a compromised vendor password was used to access an internal computer. | Account Hijacking | Healthcare | CC | US |
24 | 25/11/2016 | cryptom27@yandex.com | Muni (San Francisco's Transit System) | Computer systems at San Francisco’s transit system, Muni, are paralyzed following a malware attack. The author of the attack asks for a ransom of $73,000. | Malware | Utility | CC | US |
25 | 25/11/2016 | ? | Financial and government institutions in Asia and Africa | Financial and government institutions in Asia and Africa have been the victims of targeted cyber-attacks that have leveraged a zero-day in the InPage Word processor in attempts to install keyloggers and backdoor trojans on targeted computers. | Targeted Attack | Finance Government | CE | >1 |
26 | 25/11/2016 | APT28 (Fancy Bear) | Senior anti-doping officials from WADA and USADA | The cyber-espionage group Fancy Bears, strikes again by hacking into the confidential emails of senior anti-doping officials from the World Anti-Doping Agency (Wada) and the United States Anti-Doping Agency (Usada). | Unknown | Org: Sport | CC | N/A |
27 | 26/11/2016 | ? | Deutsche Telekom | 900,000 Deutsche Telekom customers are knocked off the internet when their routers are hit by a malware attack launched through the Mirai Botnet exploiting a SOAP Remote Execution Vulnerability. | Malware | Industry: ISP | CC | DE |
28 | 26/11/2016 | Group_Dmar | careers.kna.kw (official website of the Kuwaiti parliament) | The official website of the Kuwaiti parliament is defaced by hackers on their parliamentary election day. The hackers deface the main page leaving a message in Arabic accusing Abdul Hamid Dashti, a member of parliament (MP) of being an Iranian agent and urged other MPs to unite against him. | Defacement | Government | H | KW |
29 | 26/11/2016 | Kapustkiy | The High Commission of Ghana and the High Commission of Fiji | Kapustkiy breaches the websites of the High Commission of Ghana and the High Commission of Fiji. | SQLi | Government | CC | IN |
30 | 26/11/2016 | ? | cryptom27@yandex.com | The miscreant behind this extortion attempt against the San Francisco Muni gets hacked himself. The author is an anonymous security researcher, able to compromise the extortionist’s inbox by guessing the answer to his secret question. | Account Hijacking | Single Individual | N/A | RU |
31 | 27/11/2016 | ? | Valartis Bank | Hackers are blackmailing the customers of Valartis Bank, a Liechtenstein bank, asking victims to send 10% of their funds to a Bitcoin address or have their bank accounts details exposed online, | Unknown | Finance | CC | LU |
32 | 28/11/2016 | ? | Japanese Defence Ministry | Kyodo News reveals that the network of the Japanese Defence Ministry was the target of a cyber-attack in September this year. | Targeted Attack | Government | CE | JP |
33 | 28/11/2016 | ? | xHamster | Leakbase reveals that 380,000 user account details for porn site xHamster are being traded on the digital underground. | Unknown | Adult Site | CC | >1 |
34 | 29/11/2016 | ? | Tor Users | Tor officials confirm the presence of a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser. | Malware (JS Exploit) | Single Individuals | CC | >1 |
35 | 29/11/2016 | ? | European Commission | The European Commission (EC) is the target of a distributed denial of service (DDoS) that leads to a breakdown in internet services for hours. | DDoS | Org: Politics (EU Institution) | CC | EU |
36 | 29/11/2016 | ? | The Carleton University | The computers of the Carleton University are paralyzed by a ransomware attack. | Malware | Education | CC | CA |
37 | 30/11/2016 | ? | Android 4 and Android 5 Users | Researchers at Check Point Software Technologies uncover a new malware variant called Gooligan that to date has hacked one million Google accounts worldwide by rooting the user's Android device, at an alarming rate of some 13,000 devices per day. | Malware | Single Individuals | CC | >1 |
38 | 30/11/2016 | ? | Android Users | Researchers at Palo Alto Networks reveal the details of a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information. | Malware | Single Individuals | CC | >1 |
39 | 30/11/2016 | ? | The National Lottery | About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot. However the firm says it does not believe its own systems has been compromised, but rather that the players' login details had been stolen from elsewhere. | Unknown | Industry: Lottery | CC | GB |
40 | 30/11/2016 | ? | Erasmus University | The Erasmus University is the victim of a breach affecting 270,000 students, whose personal information is compromised. | Unknown | Education | CC | NL |
Like this:
Like Loading...