Views: 7,701
Last Updated on January 30, 2017
It’s time to publish the first timeline of this 2017 listing the main cyber attacks occurred between 1 and 15 January 2017. Of course the new infosec year could not start without a mega breach, and ESEA, a video-game community, is the first victim (more than 1.5 million records compromised).
Despite this massive breach, the most important events of this fortnight have been the discovery of a long lasting cyber espionage campaign in Italy dubbed EyePyramid, targeting the political and economical elite, and the massive cyber attack against Barts Health Trust, the largest NHS trust in England.
The chronicles also report yet another cyber attack against SWIFT and multiple ransomware infections (a trend that is becoming increasingly familiar unfortunately). In any case scroll down the list for all the details.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: 
ID | Date | Author | Target | Description | Attack | Target
Class | Attack
Class | Country |
1 | 01/01/2017 | >1 | Several Institutions in the British Government | The British National Cyber Security Centre reveals to have foiled 86 attacks in its first month of activity most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs. Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems. | >1 | Government | CE | GB |
2 | 01/01/2017 | ? | Transmission and electricity producing lines | Sources from the Energy Ministry claim that a major cyber-attack is the cause of the widespread electricity cuts across Istanbul. Turkey sources blame the US | Unknown | Utilities: Electricity and Transmission Lines | CW? | TR |
3 | 01/01/2017 | CyberZeist | fbi.gov | Exploiting a vulnerability of Plone CMS, CyberZeist claim to have hacked fbi.gov and leaks the records of 155 FBI officials on pastebin. Plone denies that a 0-day vulnerability has been exploited to carry on the attack. | Plone CMS vulnerability | Government | CC | US |
4 | 01/01/2017 | ? | Susan M. Hughes Center (hughescenter.net) | The Susan M. Hughes Center notifies a ransomware incident affecting 11,400 patients. | Malware | Healthcare | CC | US |
5 | 03/01/2017 | Anonymous | Victoria’s Human Rights Commission | A group claiming to be part of the Anonymous collective defaces Victoria’s Human Rights Commission website (humanrightscommission.vic.gov.au) with a nonsensical message about its social network AnonPlus. | Defacement | Government | H | GB |
6 | 04/01/2017 | ? | India National Defence Academy (NDA) and National Investigation Agency (NIA) | Indian security forces have been alerted by central intelligence agencies that a WhatsApp virus is threatening to hack into their personal information and banking data. | Malware | Military | CE | IN |
7 | 04/01/2017 | Kuroi’SH | google.com.br | Kuroi’SH hjacks the DNS record of google.com.br and redirects the users to a defaced page. The hacks happens compromising the records held by registro.br. | DNS Hijacking | Industry: internet Services | CC | BR |
8 | 04/01/2017 | ? | Emory Brain Health Center | Emory Healthcare is one of the victims of the MongoDB ransomware attacks and has its database, managed by a third-party and containing 90,000 records encrypted. | Malware | Healthcare | CC | US |
9 | 04/01/2017 | ? | Northside Independent School District | The Northside Independent School District sends letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk after several employees' email accounts have been compromised. | Account Hijacking | Education | CC | US |
10 | 05/01/2017 | DragonOK APT | Several Entities in Japan | Palo Alto reveals the details of DragonOK APT, an operation carried on by a Chinese malicious actor targeting primarily Japan, and other regions such as Taiwan, Tibet, and Russia | Targeted Attack | >1 | CE | >1 |
11 | 05/01/2017 | OilRig APT | Several entities in Israel | ClearSky Security discovers a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The campaign targets at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. | Targeted Attack | >1 | CE | IL |
12 | 05/01/2017 | ? | University of Alberta | The University of Alberta discloses the details of a malware attack, occurred late last year, involving 300 computers and putting over 3,000 students at risk. | Malware | Education | CC | CA |
13 | 06/01/2017 | Cyberwolfgang | Square Enix's European Twitter Account (@SQUARE_ENIX_EU) | Video game giant Square Enix's European Twitter account is hacked by a group of hackers calling themselves the "cyberwolfgang" and posts multiple tweets mocking other companies including rival gaming company EA, media outlet TechCrunch . | Account Hijacking | Industry: Video Games | CC | JP |
14 | 06/01/2017 | ? | Arizona Department of Administration | Arizona officials investigate how and when several computers used by state legislators and their staffs became infected with malware. | Malware | Government | CC | US |
15 | 06/01/2017 | ? | 123-Reg | 123-Reg is the target of a DDoS attack which disrupted the company's services only days into 2017. | DDoS | Industry: Web Hosting | CC | GB |
16 | 06/01/2017 | Kapustkiy | esguarnacpuntademata.mil.ve | One of the websites belonging to Venezuela’s ministry of defense (esguarnacpuntademata.mil.ve) is hacked by Kapustkiy in protest of what the attacker described as the dictatorship of President Nicolas Maduro in the country. The attacker leaks 2,100 records. | SQLi | Military | H | VE |
17 | 07/01/2017 | ? | MJ Freeway | MJ Freeway, a Denver company whose tracking software is used by hundreds of marijuana companies to comply with state regulations, says its main servers and backup system are down after a "targeted cyber attack". | Targeted Attack | Industry: Software | CC | US |
18 | 07/01/2017 | ? | Princeton University | Princeton University is one of the 27,000 victims that have their data wiped by attackers leveraging a vulnerable MongoDB. | Malware | Education | CC | US |
19 | 08/01/2017 | ? | esea.net | Over 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, are leaked online after being hijacked by hackers in late December last year. | Unknown | Online Forum | CC | US |
20 | 09/01/2017 | ? | Netflix Users in the US | FireEye Labs discovers a sophisticated phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States. | Account Hijacking | Single Individuals | CC | US |
21 | 09/01/2017 | ? | http://forumserver.twoplustwo.com | The operators of the world’s largest online poker discussion forum, TwoPlusTwo, confirm that the forum was hacked at some point late in 2016, with the personal data then being offered for sale. | Unknown | Online Forum | CC | US |
22 | 10/01/2017 | ? | The Los Angeles Valley College (LAVC) | The Los Angeles Valley College (LAVC) is forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware. | Malware | Education | CC | US |
23 | 10/01/2017 | Anonymous | Multiple Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | Government | H | TH |
24 | 11/01/2017 | Giulio Occhionero and Francesca Maria Occhionero | leading Italian politicians, businessmen and Masons | Italian siblings Giulio and Francesca Maria Occhionero are arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons using a variant of the malware family EyePyramid | Targeted Attack | Single Individuals | CE | IT |
25 | 11/01/2017 | ? | Jabbim | The Jabbim Instant Messaging service is hacked and the database (8gb) is dumped in the dark web. | Unknown | Online Services | CC | CZ |
26 | 11/01/2017 | The Dark Overlord? | littlereddooreci.org | The Dark Overlord hacks the computers of an Indiana-based cancer agency and asks for a large payment of 50 Bitcoin ($44,800) not to release the data. Initially the attack seemed to have been caused by ransomware. | Malware | Org: Non-Profit | CC | US |
27 | 11/01/2017 | ? | Kanawha County Schools | Kanawha County Schools tells that their internal documents have been restored after a ransomware attack. | Malware | Education | CC | US |
28 | 12/01/2017 | ? | Cellebrite | Motherboard obtains 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. | Unknown | Industry: Data Extraction | CC | IL |
29 | 12/01/2017 | ? | General Motors | Reports come out claiming that GM employees’ names and social security numbers might have been exposed during a breach. | Unknown | Industry: Automotive | CC | US |
30 | 13/01/2017 | Anonymous | Multiple Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | Government | H | TH |
31 | 13/01/2017 | ? | Barts health trust, which runs five hospitals in east London: the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham | The largest NHS trust in England is hit by malware. Unlike early reports suggest, ransomware is ruled out as the cause of the outage. | Malware | Healthcare | CC | GB |
32 | 13/01/2017 | Anonymous | Multiple Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | Government | H | TH |
33 | 13/01/2017 | ? | University of Maryland School of Medicine | A doctor’s practice plan affiliated with the University of Maryland School of Medicine notifies patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. 1500 patients are affected. | Unknown | Healthcare | CC | US |
34 | 14/01/2017 | Kapustkiy | gdc.gob.ve | In a form of protest against President Nicolas Maduro, Kapustkiy hacks a website of a local government and dumps around 900 records on pastebin. | LFI/SQLi | Government | H | VE |
35 | 14/01/2017 | ? | MrExcel.com | MrExcel.com reveals that its forum has been compromised on the morning of December 6, 2016. | vBulletin Vulnerability | Online Services | CC | US |
36 | 14/01/2017 | ? | Dracut Public Schools | Current and former employees’ personal information, including SSN, is acquired by a hacker after an employee falls for what the district describes as a “sophisticated phishing scheme.” | Account Hijacking | Education | CC | US |
37 | 15/01/2017 | ? | Several Indian Banks | Several Indian Banks discover that their SWIFT systems have been compromised to create fake documents. | Unknown | Finance | CC | IN |
Like this:
Like Loading...