| 1 | 14/12/2016 | PROMETHIUM and NEODYMIUM APTs | Single Individuals in Europe | Microsoft reveals the details of two APTs (PROMETHIUM and NEODYMIUM) targeting single individuals to obtain intellectual property and other data. | Targeted Attack | Single Individuals | CE | EU |
| 2 | 14/12/2016 | Cryptolulz666 | Russian Embassy of Armenia (embassyru.am) | Cryptolulz666 breaks into the database of the website of Russian Embassy of Armenia (embassyru.am) and leaks the corresponding data. | SQLi | Government | CC | AM |
| 3 | 15/12/2016 | ? | PayAsUGym | Fitness website PayAsUGym confirms one of its servers has been hacked and acknowledges that 300,000 email addresses and passwords of its members has been accessed | Unknown | Industry: Fitness Network | CC | GB |
| 4 | 15/12/2016 | ? | Summit Reinsurance Services Inc. | Personal Information about 1000 Black Hawk College employees and their dependents could have been compromised in a hack of Summit Reinsurance Services Inc., a former insurance provider's server. | Malware | Industry: Insurance Services | CC | US |
| 5 | 16/12/2016 | ? | Home Routers | A new wave of attacks using DNSChanger targets a set of vulnerable home routers. | Malware (DNSChanger) | Single Individuals | CC | >1 |
| 6 | 16/12/2016 | ? | Akbank | News emerges that hackers targeted Turkey's Akbank via the SWIFT global money transfer system in an attack which the bank said had not compromised customer data but would cost it up to $4 million. | Targeted Attack | Finance | CC | TR |
| 7 | 16/12/2016 | ? | Bleacher Report | Bleacher Report reports that an unauthorized user gained access to user information for its website and mobile app. | Unknown | News | CC | US |
| 8 | 16/12/2016 | Cryptolulz666 | italiastartupvisa.mise.gov.it | Cryptolulz666 takes down the website of italiastartupvisa.mise.gov.it. | DDoS | Government | CC | IT |
| 9 | 16/12/2016 | Cryptolulz666 | Russian Federal Drug Control Service Liquidation Commission (fskn.gov.ru) | Cryptolulz666 takes down the website of the Russian Federal Drug Control Service Liquidation Commission (fskn.gov.ru) | DDoS | Government | CC | RU |
| 10 | 16/12/2016 | Phantom Squad | EA Battlefield 1 | The Phantom Squad Collective takes down the servers of EA Battlefield 1. | DDoS | Industry: Video Games | CC | US |
| 11 | 17/12/2016 | ? | Lynda.com | LinkedIn's online learning unit Lynda.com notifies its 9.5 million users of an unauthorised database breach that contained the contact information and courses viewed of around 55,000 users. The company confirms the hack and says it has reset the passwords for all 55,000 accounts as a precautionary measure. | Unknown | Industry: Online Learning | CC | US |
| 12 | 17/12/2016 | Anonymous | Thai Police Office | The Anonymous take down the website of the Thai Police Office following the endorsement of its controversial new Computer Crime Bill. | DDoS | Law Enforcement | H | TH |
| 13 | 17/12/2016 | The Dark Overlord | Precon Products | The Dark Overlord leaks some data from Precon Products including the alleged video of an accident and the Operation Manager's iPhone data. | Unknown | Industry; Contstruction | CC | US |
| 14 | 18/12/2016 | Kelvin Onaghinor | Los Angeles County | Kelvin Onaghinor, a Nigerian national is charged in connection with a hack of Los Angeles County emails that might have exposed personal data from more than 750,000 people who had business with county departments. | Account Hijacking | Government | CC | US |
| 15 | 19/12/2016 | Anonymous | Thai Ministry of Information and Communication Technology and the Ministry of Defence | The Anonymous take down the websites of the Ministry of Information and Communication Technology and the Ministry of Defence. | DDoS | Government | H | TH |
| 16 | 19/12/2016 | Kapustkiy | Slovak Chamber of Commerce, scci.sk | Kapustkiy breaches the Slovak Chamber of Commerce (www.scci.sk) and accesses the data of more than 4,000 users. | SQLi | Org: Chamber of Commerce | CC | SK |
| 17 | 19/12/2016 | Cryptolulz666 | Indian Institute of Technology Kharagpur (iitkgp.ac.in) | Cryptolulz666 hacks the database of the Indian Institute of Technology Kharagpur, the second of the country and leaks a part of the 12,000 users. | SQLi | Education | CC | IN |
| 18 | 19/12/2016 | ? | Ethereum | Administrators of the Ethereum Project say the platform incurred a breach affecting more than 16,500 users. The attacker used social engineering to gain access to a mobile phone number which allowed them to gain access to other accounts and ultimately compromise usernames, email addresses, profile data, public and private messages, and hashed passwords. | Account Hijacking | Digital Currency | CC | N/A |
| 19 | 20/12/2016 | ? | Drudge Report | Matt Drudge, the founder of popular conservative news aggregation website Drudge Report has claimed the US government may be responsible for launching an unprecedented cyberattack against his publication that caused a 90 minute outage. | DDoS | News Aggregations | CC | US |
| 20 | 20/12/2016 | ? | Bleacher Report | Bleacher Report reports that an unauthorized user gained access to user information for its website and mobile app. | Unknown | News | CC | US |
| 21 | 20/12/2016 | OurMine | Official Twitter account of Netflix US (@netflix) | OurMine hackers strike again and take down the official Twitter accounts of Netflix US (@netflix) | Account Hijacking | Industry: Entertainment | CC | US |
| 22 | 20/12/2016 | Team Pak Cyber Attackers | Official Google Bangladesh Domain (google.bd) | A group of Pakistani hackers going by the online handle of Team Pak Cyber Attackers deface the official Google Bangladesh domain. The group left a deface page along with a message on the targeted domain taunting security measures implemented by Google. | DNS Hjiacking | Industry: Internet Services | CC | BD |
| 23 | 20/12/2016 | ? | Kiev's Power Grid | Ukraine investigates a suspected cyber attack on Kiev's power grid at the weekend, the latest in a series of strikes on its energy and financial infrastructure | Targeted Attack | Utility: Energy | CW | UA |
| 24 | 20/12/2016 | ? | University of Nebraska-Lincoln (UNL) | In a letter sent to approximately 30,000 current and former students, UNL says that an unauthorized breach of a server hosting a math placement exam occurred sometime in the last two years. | Unknown | Education | CC | US |
| 25 | 20/12/2016 | ? | Kia Hyundai | Ynet News report that Dozens of brand new luxury Kia and Hyundai vehicles were stolen in the Jerusalem area after criminals were able to hack into company servers and obtain data on the cars; three east Jerusalem residents have been arrested. | Unknown | Industry: Automotive | CC | IL |
| 26 | 21/12/2016 | OurMine | Official Twitter account of Marvel (@Marvel) | OurMine hackers strike again and take down the Twitter accounts of Marvel (@Marvel) and other official super heros accounts linked via Tweetdeck. | Account Hijacking | Industry: Entertainment | CC | US |
| 27 | 21/12/2016 | OurMine | Official Twitter account of NFL (@NFL) | OurMine hackers take down the Twitter account of NFL (@NFL). | Account Hijacking | Org: Sport | CC | US |
| 28 | 21/12/2016 | ? | Columbia County School District | Columbia County School District in Georgia is hit by a breach that compromised personal data, including Social Security numbers, of staff. | Unknown | Education | CC | US |
| 29 | 21/12/2016 | ? | Columbia County School District | The Columbia County School District reveals that one of their servers suffered a data breach. The attack happened on November 28th. | Unknown | Education | CC | US |
| 30 | 22/12/2016 | Russia? | Lithuania | The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years. | Targeted Attack | Government | CE | LT |
| 31 | 22/12/2016 | Phantom Squad and @cripthepoodle | Steam and Origin Servers | The DDoS attackers from Phantom Squad have claimed responsibility for conducting a series of powerful Distributed Denial of Service (DDoS) on Steam and online gaming platform Origin servers. | DDoS | Industry: Video Games | CC | US |
| 32 | 22/12/2016 | Kapustkiy | Costa Rica Embassy in China (costaricaembassycn.com) | Kapustkiy hacks the Costa Rica Embassy in China (costaricaembassycn.com) and dumps 50 of the 280 login credentials. | SQLi | Government | CC | CN |
| 33 | 22/12/2016 | CyberZeist | fbi.gov | CyberZeist exploits a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI’s website, and leaks some of the information to Pastebin. | Unknown 0Day vulnerability | Government | CC | US |
| 34 | 22/12/2016 | R.I.U. Star Patrol | Tumblr | Tumblr goes down for over two hours as a result of a large-scale DDoS attack. | DDoS | Social Network | CC | US |
| 35 | 22/12/2016 | Anonymous | Thai Ministry of Foreign Affairs | In name of #OpSingleGateway, the Anonymous hack the Thai Ministry of Foreign Affairs and dump more than 3,000 employees' records. | Unknown | Government | H | TH |
| 36 | 22/12/2016 | Anonymous | Thai Navy | As part of the same operation the Anonymous hack the Thai Navy. | Unknown | Military | H | TH |
| 37 | 23/12/2016 | Fancy Bear (APT28) | Ukrainian Artillery Units | Fancy Bear, the hacker group previously linked to the Russian Military Intelligence (GRU), is believed to have deployed malware on Android devices to track and target Ukrainian artillery units over the past two years. | Targeted Attack | Military | CE | UA |
| 38 | 23/12/2016 | Anonymous | Ministry of Tourism and Sports | The Anonymous take down the website of the Thai Ministry of Tourism and Sports. | DDoS | Government | H | TH |
| 39 | 23/12/2016 | ? | Owners of Barnes & Noble’s NOOK | Barnes & Noble’s NOOK is the latest device infected with malware and sending user data to China. | Malware | Single Individuals | CC | US |
| 40 | 24/12/2016 | Cryptolulz666 and EvoIsGod | The Standard Hong Kong (thestandard.com.hk) | The two hackers Cryptolulz666 and EvoIsGod break into The Standard Hong Kong (thestandard.com.hk) and leak a portion of around 12000 users contained in the database. | SQLi | News | CC | HK |
| 41 | 25/12/2016 | Kapustkiy | Russian Visa Center in the US (ils-us.com) | Kapustkiy hacks the Russian Visa Center in the US and accesses information of around 3000 individuals. | SQLi | Government | CC | US |
| 42 | 25/12/2016 | Kapustkiy and Cryptolulz666 | Dutch Chamber of Commerce in Hong Kong (dutchchamber.hk) | The hacker Cryptolulz666, with a little help from the colleague Kapustkiy, break into the website of the Dutch Chamber of Commerce in Hong Kong (http://www.dutchchamber.hk/) and leak the data of around 200 users. | SQLi | Org: Chamber of Commerce | CC | HK |
| 43 | 25/12/2016 | The Dark Overlord | DRI Title & Escrow | The Dark Overlord claims to have hacked DRI Title & Escrow and leaks some internal data. | Unknown | Industry: Financial Services | CC | US |
| 44 | 25/12/2016 | The Dark Overlord | GS Polymers, Inc. | The Dark Overlord claims to have hacked GS Polymers, Inc. and leaks some internal data. | Unknown | Industry: Polymers Manufacturing | CC | US |
| 45 | 26/12/2016 | ? | PakWheels | PakWheels, a famous automotive website in Pakistan reveals that their server was breached by an unknown third party exposing personal data of potentially 674,775 registered users. The breach happened in October 2016 exploiting a known vulnerability in outdated vBulletin forum software. | vBulletin vulnerability | Online Services | CC | PK |
| 46 | 26/12/2016 | OurMine | Official Sony Music Global Twitter Account (@SonyMusicGlobal) | OurMine hack the Official Sony Music Global Twitter account (@SonyMusicGlobal) and Britney Spears joined the ranks of celebrities who have briefly died on the internet | Account Hijacking | Industry: Entertainment | CC | US |
| 47 | 27/12/2016 | Anonymous | Thai LA consulate (thaiconsulatela.org) | Anonymous hacks the official website of Thai LA consulate (thaiconsulatela.org) and defaces its homepage with a brief message against the arrest of 9 suspects. The group also leaks the data of 900 records. | Defacement | Government | CC | US |
| 48 | 28/12/2016 | Fancy Bear (APT28)? | OSCE (Organization for Security and Co-operation in Europe) | The Organization for Security and Co-operation in Europe has recently confirmed a successful hack attack that occurred in November and which was launched by what are believed to be Russian hackers. | Targeted Attack | Org: Intergovernmental | CE | EU |
| 49 | 28/12/2016 | ? | ExtraTorrent | ExtraTorrent, one of the largest torrent sites on the internet suffered several major DDoS (Distributed Denial of Service) attacks over the past few days primarily because the site recently banned 'unofficial' proxy services. | DDoS | Bit Torrent | CC | US |
| 50 | 28/12/2016 | ? | Intercontinental Hotel Group (IHG) | InterContinental Hotels Group (IHG), the parent company for more than 5,000 hotels worldwide including Holiday Inn, says it is investigating claims of a possible credit card breach at some U.S. locations. | PoS Malware | Industry: Hotel and Hospitality | CC | US |
| 51 | 28/12/2016 | ? | State's Division of Public Behavioral Health (DPBH) | The state's Division of Public Behavioral Health (DPBH) said it is investigating a compromise of its Medical Marijuana Program database | Unknown | Government | CC | US |
| 52 | 28/12/2016 | ? | Southcentral Foundation (southcentralfoundation.com) | Southcentral Foundation (SCF) in Alaska notifies 14,719 individuals after two employees’ email accounts containing protected health information were hacked in October. | Account Hijacking | Healthcare | CC | US |
| 53 | 29/12/2016 | APT28 APT29 | DNC (Democratic National Committee) | The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) reval the details of "Grizzly Steppe", the operation through which two alleged Russian APTs (APT28 and APT29) hacked the Democratic National Committee since Summer 2015. | Targeted Attack | Org: Politics | CW | US |
| 54 | 30/12/2016 | ? | Topps | Topps, the maker of iconic collectable trading cards reveals that hackers could have stolen customers' credit and debit card numbers along with their associated security codes in a recent breach. | Unknown | Industry: Collectibles | CC | US |
| 55 | 30/12/2016 | Anonymous & HackBack | Bilderberg Group | The official website of the Bilderberg Group was compromised today, with attackers posting a message warning that future hacks would be possible unless members start working for the benefit of humanity. | Defacement | Org: Conferencing | H | N/A |
| 56 | 30/12/2016 | OurMine | Nat Geo Photography Twitter Account (@NatGeoPhotos) | The OurMine hacking group hacks the official Twitter account of Nat Geo Photography (@NatGeoPhotos) and starts a series of Tweets to its 2.71 million followers. | Account Hijacking | Org: Non-Profit (Science and Nature) | CC | US |
| 57 | 30/12/2016 | Shin0bi_H4x0r | Philippine Military (army.mil.ph) | A hacker going by the online handle of Shin0bi_H4x0r hacked and defaced the official website of the Philippine Military (army.mil.ph) | Defacement | Military | CC | PH |
| 58 | 31/12/2016 | Gh0s7 | Thailand’s National Statistical Office (nso.go.th) | In name of #OpSingleGateway Gh0s7 hacks the Thailand’s National Statistical Office (nso.go.th) and dumps the leaked data. | Unknown | Government | H | TH |
| 59 | 31/12/2016 | ? | KeepKey | KeepKey, a hardware bitcoin wallet, discloses how a brief compromise of the company phone and email enabled the attacker to reset some account passwords. | Account Hijacking | Digital Currency | CC | US |
