Last Updated on January 30, 2017
It’s time to publish the first timeline of this 2017 listing the main cyber attacks occurred between 1 and 15 January 2017. Of course the new infosec year could not start without a mega breach, and ESEA, a video-game community, is the first victim (more than 1.5 million records compromised).
Despite this massive breach, the most important events of this fortnight have been the discovery of a long lasting cyber espionage campaign in Italy dubbed EyePyramid, targeting the political and economical elite, and the massive cyber attack against Barts Health Trust, the largest NHS trust in England. The chronicles also report yet another cyber attack against SWIFT and multiple ransomware infections (a trend that is becoming increasingly familiar unfortunately). In any case scroll down the list for all the details. If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates. Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:
ID Date Author Target Description Attack Target Class Attack Class Country 1 01/01/2017 >1 Several Institutions in the British Government The British National Cyber Security Centre reveals to have foiled 86 attacks in its first month of activity most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs. Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems. >1 Government CE GB 2 01/01/2017 ? Transmission and electricity producing lines Sources from the Energy Ministry claim that a major cyber-attack is the cause of the widespread electricity cuts across Istanbul. Turkey sources blame the US Unknown Utilities: Electricity and Transmission Lines CW? TR 3 01/01/2017 CyberZeist fbi.gov Exploiting a vulnerability of Plone CMS, CyberZeist claim to have hacked fbi.gov and leaks the records of 155 FBI officials on pastebin. Plone denies that a 0-day vulnerability has been exploited to carry on the attack. Plone CMS vulnerability Government CC US 4 01/01/2017 ? Susan M. Hughes Center (hughescenter.net) The Susan M. Hughes Center notifies a ransomware incident affecting 11,400 patients. Malware Healthcare CC US 5 03/01/2017 Anonymous Victoria’s Human Rights Commission A group claiming to be part of the Anonymous collective defaces Victoria’s Human Rights Commission website (humanrightscommission.vic.gov.au) with a nonsensical message about its social network AnonPlus. Defacement Government H GB 6 04/01/2017 ? India National Defence Academy (NDA) and National Investigation Agency (NIA) Indian security forces have been alerted by central intelligence agencies that a WhatsApp virus is threatening to hack into their personal information and banking data. Malware Military CE IN 7 04/01/2017 Kuroi’SH google.com.br Kuroi’SH hjacks the DNS record of google.com.br and redirects the users to a defaced page. The hacks happens compromising the records held by registro.br. DNS Hijacking Industry: internet Services CC BR 8 04/01/2017 ? Emory Brain Health Center Emory Healthcare is one of the victims of the MongoDB ransomware attacks and has its database, managed by a third-party and containing 90,000 records encrypted. Malware Healthcare CC US 9 04/01/2017 ? Northside Independent School District The Northside Independent School District sends letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk after several employees' email accounts have been compromised. Account Hijacking Education CC US 10 05/01/2017 DragonOK APT Several Entities in Japan Palo Alto reveals the details of DragonOK APT, an operation carried on by a Chinese malicious actor targeting primarily Japan, and other regions such as Taiwan, Tibet, and Russia Targeted Attack >1 CE >1 11 05/01/2017 OilRig APT Several entities in Israel ClearSky Security discovers a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The campaign targets at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. Targeted Attack >1 CE IL 12 05/01/2017 ? University of Alberta The University of Alberta discloses the details of a malware attack, occurred late last year, involving 300 computers and putting over 3,000 students at risk. Malware Education CC CA 13 06/01/2017 Cyberwolfgang Square Enix's European Twitter Account (@SQUARE_ENIX_EU) Video game giant Square Enix's European Twitter account is hacked by a group of hackers calling themselves the "cyberwolfgang" and posts multiple tweets mocking other companies including rival gaming company EA, media outlet TechCrunch . Account Hijacking Industry: Video Games CC JP 14 06/01/2017 ? Arizona Department of Administration Arizona officials investigate how and when several computers used by state legislators and their staffs became infected with malware. Malware Government CC US 15 06/01/2017 ? 123-Reg 123-Reg is the target of a DDoS attack which disrupted the company's services only days into 2017. DDoS Industry: Web Hosting CC GB 16 06/01/2017 Kapustkiy esguarnacpuntademata.mil.ve One of the websites belonging to Venezuela’s ministry of defense (esguarnacpuntademata.mil.ve) is hacked by Kapustkiy in protest of what the attacker described as the dictatorship of President Nicolas Maduro in the country. The attacker leaks 2,100 records. SQLi Military H VE 17 07/01/2017 ? MJ Freeway MJ Freeway, a Denver company whose tracking software is used by hundreds of marijuana companies to comply with state regulations, says its main servers and backup system are down after a "targeted cyber attack". Targeted Attack Industry: Software CC US 18 07/01/2017 ? Princeton University Princeton University is one of the 27,000 victims that have their data wiped by attackers leveraging a vulnerable MongoDB. Malware Education CC US 19 08/01/2017 ? esea.net Over 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, are leaked online after being hijacked by hackers in late December last year. Unknown Online Forum CC US 20 09/01/2017 ? Netflix Users in the US FireEye Labs discovers a sophisticated phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States. Account Hijacking Single Individuals CC US 21 09/01/2017 ? http://forumserver.twoplustwo.com The operators of the world’s largest online poker discussion forum, TwoPlusTwo, confirm that the forum was hacked at some point late in 2016, with the personal data then being offered for sale. Unknown Online Forum CC US 22 10/01/2017 ? The Los Angeles Valley College (LAVC) The Los Angeles Valley College (LAVC) is forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware. Malware Education CC US 23 10/01/2017 Anonymous Multiple Thai Governmantal job portals The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. Unknown Government H TH 24 11/01/2017 Giulio Occhionero and Francesca Maria Occhionero leading Italian politicians, businessmen and Masons Italian siblings Giulio and Francesca Maria Occhionero are arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons using a variant of the malware family EyePyramid Targeted Attack Single Individuals CE IT 25 11/01/2017 ? Jabbim The Jabbim Instant Messaging service is hacked and the database (8gb) is dumped in the dark web. Unknown Online Services CC CZ 26 11/01/2017 The Dark Overlord? littlereddooreci.org The Dark Overlord hacks the computers of an Indiana-based cancer agency and asks for a large payment of 50 Bitcoin ($44,800) not to release the data. Initially the attack seemed to have been caused by ransomware. Malware Org: Non-Profit CC US 27 11/01/2017 ? Kanawha County Schools Kanawha County Schools tells that their internal documents have been restored after a ransomware attack. Malware Education CC US 28 12/01/2017 ? Cellebrite Motherboard obtains 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. Unknown Industry: Data Extraction CC IL 29 12/01/2017 ? General Motors Reports come out claiming that GM employees’ names and social security numbers might have been exposed during a breach. Unknown Industry: Automotive CC US 30 13/01/2017 Anonymous Multiple Thai Governmantal job portals The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. Unknown Government H TH 31 13/01/2017 ? Barts health trust, which runs five hospitals in east London: the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham The largest NHS trust in England is hit by malware. Unlike early reports suggest, ransomware is ruled out as the cause of the outage. Malware Healthcare CC GB 32 13/01/2017 Anonymous Multiple Thai Governmantal job portals The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. Unknown Government H TH 33 13/01/2017 ? University of Maryland School of Medicine A doctor’s practice plan affiliated with the University of Maryland School of Medicine notifies patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. 1500 patients are affected. Unknown Healthcare CC US 34 14/01/2017 Kapustkiy gdc.gob.ve In a form of protest against President Nicolas Maduro, Kapustkiy hacks a website of a local government and dumps around 900 records on pastebin. LFI/SQLi Government H VE 35 14/01/2017 ? MrExcel.com MrExcel.com reveals that its forum has been compromised on the morning of December 6, 2016. vBulletin Vulnerability Online Services CC US 36 14/01/2017 ? Dracut Public Schools Current and former employees’ personal information, including SSN, is acquired by a hacker after an employee falls for what the district describes as a “sophisticated phishing scheme.” Account Hijacking Education CC US 37 15/01/2017 ? Several Indian Banks Several Indian Banks discover that their SWIFT systems have been compromised to create fake documents. Unknown Finance CC IN