1-15 September 2017 Cyber Attacks Timeline

Last Updated on October 4, 2017

It’s time to publish the first timeline of this autumn, covering the main cyber attacks occurred between September 1st and 15th.

There have been two events characterizing this fortnight: the cyber attack targeting Equifax, and the discovery of DragonFly 2.0, a nation-sponsored operation compromising multiple US and European energy companies. Other noticeable events include the breach targeting Taringa, the South American version of Instagram, potentially compromising nearly 28 million users; and the one against Canoe.ca, a Canadian news portal targeting potentially one million users.

As usual scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.

ID	Date	Author	Target	Description	Attack	Target Class	Attack Class	Country
1	01/09/2017	?	TrueStresser	A dissatisfied customer breaches the server of TrueStresser, a DDoS-for-hire service, pilfering its database, and leaking some of the content online.	Unknown	Online Services	CC	US
2	01/09/2017	?	Google Chrome Users	Security Expert Brad Duncan spot a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware.	Malware	Single individuals	CC	>1
3	01/09/2017	?	Alaska Department of Health and Social Services (dhss.alaska.gov)	The Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services.	Malware	Government	CC	US
4	01/09/2017	The Dark Overlord	Hand Rehabilitation Specialists	Hand Rehabilitation Specialists notifies patients of a possible hack by The Dark Overlord occurred back in July.	Unknown	Healthcare	CC	US
5	01/09/2017	?	Single Individuals in Cambodia	Researchers from Palo Alto observe activity involving the Remote Access Trojan KHRAT used by threat actors to target the citizens of Cambodia.	Targeted Attack	Government	CE	KH
6	01/09/2017	?	The Young Illustrator Award site administered by Meridian Secondary School	The Young Illustrator Award site administered by Meridian Secondary School is taken down after being hacked.	Unknown	Education	CC	SG
7	02/09/2017	?	Victoria Police	A pirate broadcaster posing as a police officer interfere in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers.	Radio Frequency Hijacking	Law Enforcement	CC	AU
8	02/09/2017	?	Canoe.ca	The free news and entertainment portal Canoe.ca, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, wishes to inform users that some of its databases containing records from the period of 1996 to 2008 have been breached.	Unknown	News	CC	CA
9	04/09/2017	?	Taringa	LeakBase, a breach notification service, obtains a copy of the hacked database of Taringa, a social network popular in Latin America, containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords.	Unknown	Social Network	CC	AR
10	04/09/2017	?	Verrit	Verrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton.	DDoS	News	CC	US
11	04/09/2017	?	cpjobs.com	Online jobs platform cpjobs.com reports an unauthorised third-party attack on the website, compromising the security of user data. Impacted pages are shut down and all users’ passwords are deactivated.	Unknown	Online Services	CC	HK
12	04/09/2017	cru3lty@safe-mail.net wolsec@secmail.pro mongodb@tfwno.gf	Unprotected MongoDB instances	Security researchers Dylan Katz and Victor Gevers reveal a new wave of attacks aimed to wipe unprotected MongoDB instances and asking for a ransom to have the data back. This wave, carried on by three different groups, targets 26,000 database instances.	MongoDB Vulnerability	>1	CC	>1
13	04/09/2017	Russia?	Julia Kloeckner Website	Julia Kloeckner, a top leader of German Chancellor Angela Merkel’s conservative party says her website has been hit by thousands of cyber attacks -- many from Russian IP addresses -- ahead of the television election debate between Merkel and her Social Democratic rival Martin Schulz.	Unknown	Org: Political Party	CW	DE
14	05/09/2017	China?	Multiple Political Groups	Researchers from LookOut discover a new cyberespionage tool, dubbed xRAT, suspected to have been developed and used by Chinese hackers, and used to target political groups.	Targeted Attack	Org: Political Party	CE	>1
15	05/09/2017	?	West Australian TAFE	An attacker infiltrates the systems of a West Australian TAFE on August 28 and September 5 and accesses the sensitive personal details of staff and more than 13,000 students.	Unknown	Education	CC	AU
16	05/09/2017	?	Community Memorial Health System	The Community Memorial Health System sends out a notice regarding a data security breach involving patient information after a phishing attack happened on June 23.	Account Hijacking	Healthcare	CC	US
17	06/09/2017	DragonFly 2.0	Multiple US and European energy companies	Symantec reveals that nation-sponsored hackers have penetrated the operational networks that multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people	Targeted Attack	Utility: Energy	CE	>1
18	07/09/2017	?	Equifax	Equifax, reveals to have been hit by a data breach could potentially affect 143 million consumers in the United States. The breach has been discovered on July 29th.	Apache Struts Vulnerability (CVE-2017-5638)	Industry: Credit Risk Assessment	CC	US
19	07/09/2017	?	AXA Insurance	AXA Insurance sends out an email to some customers informing that the personal data of 5,400 customers in Singapore has been stolen due to a cyber attack.	Unknown	Industry: Financial Services	CC	SG
20	07/09/2017	?	Tettegouche State Park	The popular Tettegouche State Park says its computer systems have been infected with malware, authorities on 25 August and warns visitors to check their credit cards.	PoS Malware	Industry: Entertainment	CC	US
21	07/09/2017	The Dark Overlord	Adult Internal Medicine of North Scottsdale	Adult Internal Medicine of North Scottsdale notifies an incident affecting 11,798 patients.	Unknown	Healthcare	CC	US
22	08/09/2017	?	Schuyler County Sheriff’s Department	Schuyler County Sheriff’s Department is disrupted by a hacking attack.	Brute Force	Law Enforcement	CE	US
23	08/09/2017	?	Children’s Hospital Colorado	Children’s Hospital Colorado notifies 3,400 families after employee’s email account was improperly accessed on July 11, 2017.	Account Hijacking	Healthcare	CC	US
24	09/09/2017	?	Brazilian Users	Security researchers spot a malware group using Facebook's CDN servers to store malicious files used to infect users with banking trojans.	Malware	Single individuals	CC	BR
25	10/09/2017	?	Road Sign in Modesto	An electronic road sign in the city of Modesto, California is hacked and defaced with a message against President Donald Trump	Unknown	Road Sign	CC	US
26	11/09/2017	North Korea	South Korea	A new report from security firm FireEye reveals that hackers from Kim Jong Un’s regime are increasing their attacks on cryptocurrency exchanges in South Korea and related sites.	>1	Cryptocurrency Exchange	CC	>1
27	11/09/2017	?	Android Users	Researchers at Kaspersky Lab detect a new Android malware dubbed Xafecopy aiming at stealing personal and financial information of unsuspecting users around the world.	Malware	Single individuals	CC	>1
28	12/09/2017	?	LinkedIn Users	Researchers from Malwarebytes warn of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.	Account Hijacking	Single individuals	CC	>1
29	12/09/2017	?	Wordpress Websites	Wordfence reveals that the popular Wordpress plugin Display Widgets, installed on approximately 200,000 installations, is infected with a backdoor and advises users to uninstall it.	Malware	>1	CC	>1
30	12/09/2017	?	4,000 Elasticsearch servers	Researchers from MacKeeper find over 4,000 Elasticsearch servers hosting PoS malware strains AlinaPoS and JackPoS.	PoS Malware	Elasticsearch servers	CC	>1
31	13/09/2017	?	Netgear WNR2000 Routers	A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that turns infected devices into SOCKS proxies and carry out credential stuffing attacks. According to Forkbombus Labs, the US cyber-security firm that uncovered this new threat, the hacker is using CVE-2016-10176, a vulnerability targeting Netgear WNR2000 routers.	Malware	Single individuals	CC	>1
32	13/09/2017	?	Android Users	Security researchers from Trend Micro discover more apps carrying the malicious BankBot Android banking malware.	Malware	Single individuals	CC	>1
33	13/09/2017	?	Russian-Speaking Users	Security Firm FireEye reveals that the 0-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malware	Targeted Attack	Single individuals	CC	RU
34	14/09/2017	OurMine	Vevo	Vevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. is hacked by OurMine. Roughly 3.12TB worth of internal files are posted online	Account Hijacking	Industry: Entertainment	CC	US
35	14/09/2017	?	Android Users	Researchers from Check Point find at least 50 apps in the official Google Play market, infected with a malware dubbed ExpensiveWall, that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times.	Malware	Single individuals	CC	>1
36	14/09/2017	?	Single Individuals	Researchers from ESET discover a malvertising campaign delivering JavaScript code (a variant of MineCrunch AKA Web Miner) able to mine multiple cryptocurrencies inside the browser.	Malvertising	Single individuals	CC	>1
37	14/09/2017	?	Users in South Korea	Researchers from Trend Micro spot a new campaign leveraging the Hangul Word Processor (HWP) to target users in South Korea.	Targeted Attack	Single individuals	CE	KR
38	15/09/2017	?	Unidentified public organisation in Singapore	According to a report released by the Cyber Security Agency of Singapore (CSA), an unidentified public organisation in Singapore faced a foreign "state-sponsored" cyberattack late last year.	Targeted Attack	Government	CE	SG
39	15/09/2017	Turla	Swiss Defence Ministry	Switzerland’s defence ministry reveals to have detected a Cyber Attack carried on by the infamous Turla APT.	Targeted Attack	Government	CE	CH
40	15/09/2017	?	Augusta Medical Center	Nearly five months after it happened, Augusta Medical Center announces that some patients may have had their personal information compromised by an attack on faculty email accounts.	Account Hijacking	Healthcare	CC	US
41	15/09/3017	?	Morehead Memorial Hospital	Morehead Memorial says that a data breach due to a phishing attack has potentially exposed patient and employee information.	Account Hijacking	Healthcare	CC	US

Related Posts

Like this:

Leave a Reply Cancel reply