Last Updated on January 3, 2017
It’s time to publish the first cyber attack timeline of December, covering the main cyber attacks occurred between the 1st and the 15th.
With regards to Cyber Crime, the most important events of this fortnight are probably the news related to the alleged hack against the Central Bank of Russia, happened in an unspecified date of 2016, and ensuring a bounty of the equivalent of $31 million to the attackers, and the mega breach affecting the 82.5 million users of Dailymotion. Other “minor” breaches impacted Shiseido (420,000 customers involved), Health Solutions (35,000 records), Quest Diagnostic (34,000 records), and Kagoya (50,000 users affected). And while SWIFT revealed that it is still warning banks of a new wave of attacks, the Mirai botnet was also quite active: thousands of customers from TalkTalk, the UK Post Office and Eircom have lost their internet in the wake of yet another attack carried on by this IoT-powered botnet. ThyssenKrupp was also on the spot, when the news emerged of a sophisticated attack starting earlier in February 2016 and discovered only in April of the same year. This was not the only important event in Germany, since the domestic intelligence agency reported an increase in targeted cyber attacks against political parties. If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates. Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Class Attack Class Country 1 01/12/2016 Legion Rahul Gandhi Twitter account The Twitter account of Rahul Gandhi, the heir of the Indian National Congress Party, India's oldest political party, is hacked. Account Hijacking Single Individuals CC IN 2 01/12/2016 ? TalkTalk Thousands of TalkTalk customers have their internet access cut by an attack targeting their internet routers. Malware Single Individuals CC GB 3 01/12/2016 ? Post Office Thousands of TalkTalk and Post Office customers have had their internet access cut by an attack targeting certain types of internet routers. Malware Single Individuals CC GB 4 01/12/2016 ? Channel 2 and Channel 10 Two main news channels in Israel were hacked and the attackers broadcasted a 30-second clip showing images of Muslim holy sites and Quranic scriptures. Unknown Industry: TV Broadcast CC IL 5 02/12/2016 ? Central Bank of Russia The Central Bank of Russia confirms that in 2016 unknown hackers stole 2 billion rubles, equivalent to $31 million from accounts of the Central Bank. Account Hijacking Government CC RU 6 02/12/2016 Football Leaks Professional Football Player A group called Football Leaks dumps 1.9 terabytes of data, covering 18.6 million private documents, related to professional football player. The documents are handed over to the German publication Der Spiegel. Unknown Single Individuals CC EU 7 02/12/2016 ? Shiseido Co. Japanese cosmetics maker Shiseido Co. says that the online store run by subsidiary IPSA Co. has suffered illegal access and that personal information on about 420,000 customers may have leaked as a result. Malware Industry: Cosmetics CC JP 8 02/12/2016 ? Health Solutions The website of Health Solutions, one of the largest diagnostic laboratories in India, is breached, with hackers accessing a database that included no less than 35,000 medical records, including HIV reports for registered patients. Unknown Healthcare CC IN 9 02/12/2016 Kapustkiy catropaejb.com.ve Kapustkiy hacks a website belonging to the Venezuelan army (catropaejb.com.ve) and exposes a total of 3,000 accounts. Unknown Military CC VE 10 03/12/2016 AppState Leaks Appalachian State University A group called AppState Leaks releases the data of 1,768 student from Appalachian State University Unknown Education CC US 11 04/12/2016 ? Intercom Wireless Frequency System of McDonald’s at the New Bern, N.C The Intercom Wireless Frequency System of McDonald’s at the New Bern, N.C is hacked and broadcast unexpected messages to customers. Unknown Industry: Restaurant CC US 12 04/12/2016 Kapustkiy National Assembly of Ecuador (asambleanacional.gob.ec) Kapustkiy breaches the National Assembly of Ecuador and leaks the data via PasteBin SQLi Government CC EC 13 05/12/2016 ? Dailymotion An unknown hacker extracts 85.2 million unique email addresses and usernames from video-sharing site Dailymotion, one of the biggest video platforms in the world. Unknown Video Hosting CC FR 14 05/12/2016 ? Eir Telecom Eir warns customers that 2000 of its modems have been compromised by the Mirai botnet. Malware Single Individuals CC IE 15 05/12/2016 Jonathan Ly (Expedia senior IT technician) Expedia A former Expedia IT professional admits to illegally trading on secrets he discovered by hacking his own company's senior executives. Account Hijacking Industry: Travel Technology CC US 16 05/12/2016 ? Scottish Football Association The Scottish Football Association issues a warning to fans after supporters received an email supposedly from the Scotland Supporters Club with an invoice for £170. Unknown (third party DB Hacked?) Org: Sport CC SCOT 17 06/12/2016 ? Bo Shen An unknown hacker steals at least $300,000 in Augur and Ether cryptocurrency from Bo Shen, the founder of venture capital firm Fenbushi Capital, and one of the early adopters of many of today's cryptocurrencies. Account Hijacking Single Individuals CC CN 18 06/12/2016 ? State Treasury Service of Ukraine (treasury.gov.ua) and Ministry of Finance The Website of the State Treasury Service of Ukraine redirects the users to www.whoismrrobot.com. Also, the website of the Ministry of Finance of Ukraine experiences a service disruption. DNS Hijacking Government CC UA 19 06/12/2016 North Korea South Korea North Korea appears to have hacked South Korea's cyber command in what could be the latest cyberattack against Seoul. Targeted Attack Government CE KR 20 06/12/2016 AdGholas Popular news websites ESET reveals the details of a massive malvertising campaign using the Stegano Exploit Kit carried on by a group dubbed AdGholas. Malvertising Single Individuals CC >1 21 06/12/2016 ? VTB State-Owned Russian Bank VTB reveals to have been targeted by hackers with a DDoS attack. DDoS Finance CC RU 22 06/12/2016 ? University of Wisconsin-Madison Law School The University of Wisconsin-Madison Law School reveals that a database containing Social Security numbers and name pairs od 1,213 Law School applicants for 2005-’06 was hacked last month Unknown Education CC US 23 07/12/2016 China US Law Firms A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune. Targeted Attack Law Firms CC US 24 07/12/2016 Kapustkiy and Kasimierz L Argentinian Ministry of Industry (Ministerio de Produccion, produccion.gob.ar) Kapustkiy and Kasimierz L, hack the website of the Argentinian Ministry of Industry (Ministerio de Produccion) and expose 18,000 accounts. SQLi Government CC AR 25 08/12/2016 ? ThyssenKrupp ThyssenKrupp reveals that in February of this year, hackers infiltrated its computer systems and stealthily carried out an espionage operation that reportedly managed to avoid detection until April. Targeted Attack Industry: Steel CE DE 26 08/12/2016 Russia? Germany Germany's domestic intelligence agency reports a striking increase in Russian propaganda and disinformation campaigns aimed at destabilizing German society, and targeted cyber attacks against political parties. Targeted Attack Government CE DE 27 08/12/2016 ? Kagoya Kagoya, a famous hosting service provider in Japan suffers a security breach in which personal and financial data of its customers is stolen. In an email to their customers, Kagoya states that the attack affected about 50,000 customers who used their credit cards between April 1, 2015, to September 21, 2016. Command Injection Industry: Hosting Provider CC JP 28 09/12/2016 Legion Vijay Mallya Indian tycoon Vijay Mallya's Twitter account appears to have been hacked. The alleged hackers hijack Mallya's account and are currently leaking the industrialist's personal and sensitive information Account Hijacking Single Individuals CC IN 29 09/12/2016 Legion Barkha Dutt and Ravish Kuma Twitter Accounts The Legion collective hack the Twitter accounts of Barkha Dutt and Ravish Kumar, two prominent journalists with Indian NDTV news channel. Account Hijacking Single Individuals CC IN 30 09/12/2016 Carbanak Gang Global hospitality industry The infamous Carbanak Gang resurfaces with renewed vigour. The cybergang now goes after the global hospitality industry. Targeted Attack Industry: Hospitality CC >1 31 12/12/2016 ? SWIFT Reuters reveals that SWIFT is still warning banks of the escalating threat to their systems, which is becoming "persistent, adaptive and sophisticated". Targeted Attack Finance CC N/A 32 12/12/2016 Kapustkiy ambru.nl Kapustkiy claims to have stolen thousands of passport numbers and other pieces of personal information from the website of a Russian consular department (ambru.nl) SQLi Government CC RU 33 12/12/2016 ? Quest Diagnostics Quest Diagnostics says it is investigating a recent hack that exposed the personal health information of about 34,000 people. An “unauthorized third party” gained access to names, dates of birth, lab results and, in some cases, telephone numbers on Nov. 26 through the mobile health app MyQuest. Mobile App Vulnerability Healthcare CC US 34 12/12/2016 ? KFC KFC warns its 1.2 million Colonel's Club loyalty scheme members that their data may have been breached after its website was hacked. Apparently only 30 users have been affected. Unknown Industry: Restaurant CC UK 35 12/12/2016 Legion Several targets in India In an interview to the Washington Post, Legion declares to be in possession of several terabytes of raw data. Unknown >1 CC IN 36 13/12/2016 ? Ukraine's defence ministry Ukraine's defence ministry says that its website is down due to cyber attacks that appeared aimed at disrupting it giving updates on the pro-Russian separatist conflict in eastern regions. DDoS Government CW UA 37 13/12/2016 ? Owners of 26 low-end Android Smartphones Security researchers from Dr. Web have found malware hidden in the firmware of 26 low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users. Malware Single Individuals CC >1 38 13/12/2016 ? Frederick County Public Schools Data on about 1,000 former students in Frederick County Public Schools in Maryland was likely exposed in a data breach that occurred prior to 2010 but which was only discovered in September of this year. Unknown Education CC US 39 15/12/2016 ? Yahoo! The White House declares that the FBI is investigating a new attack that compromised at least 1bn Yahoo! user accounts and happened in 2013. Unknown Industry: Internet CC US 40 15/12/2016 Russian Hackers Pentagon Russian hackers reportedly launched a targeted cyberattack on Pentagon in August 2015, which saw the unclassified email system used by the Joint Chiefs of Staff hijacked, leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure. Targeted Attack Government CW US 41 15/12/2016 ? Election Assistance Commission The Election Assistance Commission. The U.S. agency charged with ensuring that voting machines meet security standards, was itself penetrated by a hacker after the November elections, according to security firm Recorded Future, working with law enforcement on the matter. Targeted Attack Government CE US 42 15/12/2016 ? Home Internet Routers Proofpoint reveals the details of a new exploit kit called DNSChanger able to infect internet routers in order to redirect users to malicious ads. DNSChanger EK Single Individuals CC >1 43 15/12/2016 BlackEnergy Ukrainian Banks ESET reports that BlackEnergy, the same group who targeted Ukrainian utilities last December has been using the TeleBots malware against Ukrainian banks in the last month. Targeted Attack Finance CE UA 44 15/12/2016 Kapustkiy Official website of the Russian National Visa Bureau in the Netherlands (rnvb.nl) The official website of the Russian National Visa Bureau in the Netherlands (rnvb.nl) is hacked with information of thousands of people exposed. SQLi Government CC RU