1-15 October 2017 Cyber Attacks Timeline

Last Updated on November 6, 2017

It’s time to publish the first timeline of October covering the main cyber attacks occurred between October 1st and October 15th, 2017.

There have been multiple events in this fortnight, but probably the one that will be remembered for a long time is the alleged hack to the NSA, allegedly carried on via a backdoor in the popular Kaspersky AV software. The attack per se is quite remarkable, but if it’s true that it was discovered because of an intrusion of Israeli attackers inside the Kaspersky Network, this makes things much more intriguing.

Other important events recorded in this period include the breaches suffered by Forrester, a primary market research firm, the one suffered by Disqus (17.5 million accounts possibly compromised), and also the one suffered by We Heart It (“only” 8 million accounts).

And while yet another Bitcoin Exchanged (OKEx) has allegedly suffered a loss 3 million USD worth, malware implanted on SWIFT has been used to pilfer 60 million USD from a Taiwanese Bank (but the two attackers have been busted).

As usual scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

ID	Date	Author	Target	Description	Attack	Target Class	Attack Class	Country
1	01/10/2017	?	Etherparty.io	Hackers disrupt the Etherparty ICO (Initial Coin Offering) after hijacking the platform's website, displaying their own Ethereum address, tricking 59 ICO participants into sending funds to the wrong wallets.	Unknown	Cryptocurrency Exchange	CC	US
2	01/10/2017	?	OKEx	After victims reported losing a collective of over 600 Bitcoin, worth around 20 million Chinese yuan, at the time of the thefts, or around 3 million USD, OKEx, a Bitcoin exchange based in China, issues a statement, denying it was hacked earlier in August, and blaming recent thefts on careless users who didn't secure their accounts.	Account Hijacking	Cryptocurrency Exchange	CC	CN
3	04/10/2017	?	4,000 NATO Soldiers	The Wall Street Journal reports that Russian hackers have so far accessed the phones of 4,000 NATO troops in Europe	Unknown	Military	CE	INT
4	05/10/2017	Russia?	National Security Agency	The Wall Street Journal reveals that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. It appears that a backdoor in the Kaspersky Antivirus software played a role in the attack.	Targeted Attack
5	05/10/2017	?	Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea	Researchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea	Targeted Attack	Industry: >1	CE	US KR
6	05/10/2017	?	Movimento 5 Stelle	A new attack takes down Rousseau, the online voting platform used by the Italian Movimento 5 Stelle. Some internal screenshots are also posted online.	DDoS	Org: Political Party	CC	IT
7	05/10/2017	?	John Kelly's personal cellphone	White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.	Account Hijacking	Single Individual	CE	US
8	06/10/2017	?	A bank based in Middle East, a trademark and intellectual property service companies based in Europe, an international sporting organization, and individuals with indirect ties to a country in North East Asia.	Researchers from Palo Alto Networks reveal the details of Operation FreeMilk, a campaign targeting a bank based in the Middle East, a trademark and intellectual property service company based in Europe, an international sporting organization, and even lone individuals with indirect ties to a country in North East Asia.	Targeted Attack	>1	CE	>1
9	06/10/2017	?	Disqus	Disqus confirms a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts.	Unknown	Industry: Internet Services	CC	US
10	06/10/2017	?	Forrester Research	Forrester, one of the world's leading market research and investment advisory firms, admits that a security breach took place during the past week. An unidentified attacker (or attackers) has gained access to the infrastructure hosting its website stealing valid credentials.	Unknown	Industry: Market Research	CC	US
11	06/10/2017	KovCoreG group	PornHub users	Proofpoint researchers detect a large-scale malvertising attack by the so-called KovCoreG group, targeting PornHub users.	Malvertising	Single Individuals	CC	>1
12	06/10/2017	?	Office 365 Accounts	Researchers from Skyhigh Networks discover a new attack with a stealthy technique, dubbed KnockKnock, that targets Office 365 accounts.	Account Hijacking	Single Individuals	CC	>1
13	08/10/2017	FIN7	Multiple Targets	Researchers from security company Iceberg reveal the details of a new campaign carried on by the financial motivated threat actor FIN7 (AKA Carbanak) exploiting new evasion techniques.	Targeted Attack	Finance	CC	>1
14	09/10/2017	?	Taiwanese Bank	A hacking gang abuses the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. Two arrests are made in Sri Lanka related to the attack.	Malware	Finance	CC	TW
15	09/10/2017	OilRig	Unnamed UAE Government Organization	Researchers from Palo Alto Networks spot a new campaign launched by the notorious APT group OilRig against an organization within the government of the United Arab Emirates (UAE).	Targeted Attack	Government	CE	UAE
16	10/10/2017	?	South Korea-US Operational Plan	Korean News Agency Yonhap News reveals that North Korean hackers are believed to have stolen Operational Plan 5015 a large amount of classified military documents (235 GB), including the latest South Korea-U.S. wartime operational plan, last year.	Targeted Attack	Military	CE	US KR
17	10/10/2017	North Korea	U.S. Electric Power Companies	FireEye says in a new report to private clients that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails.	Targeted Attack	Utility: Electric Power	CC	US
18	10/10/2017	?	Several targets in the financial sector	Security researchers at Kaspersky Lab reveal the details of a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista.	Malware	Finance	CC	>1
19	10/10/2017	Israel	Kaspersky	The New York Times reveals that Israeli hackers broke into the Kaspersky network back in 2014 and advised the US about the NSA breach previously reported.	Targeted Attack	Industry: Software	CE	RU
20	10/10/2017	?	Musgrave Group	Musgrave Group, the owner of Ireland’s most popular supermarket is hit by a cyber attack, with criminals trying to get shoppers’ credit and debit card details.	Unknown	Industry: Wholesale	CC	IE
21	10/10/2017	?	Unnamed banks in several former Soviet Union states.	Trustwave discovers a new campaign targeting banks om several former Soviet states. Trustwave investigation accounted for about $40 million in fraudulent withdrawals.	Unknown	Finance	CC	>1
22	10/10/2017	?	Single Individuals	Google removes a malicious extension from its Chrome Web Store that poses as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users.	Malware	Single Individuals	CC	>1
23	10/10/2017	?	Rivermend Health	Rivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised.	Account Hijacking	Healthcare	CC	US
24	10/10/2017	?	Netflix Users	PhishMe reveals the details of a phishing campaign aimed to compromise business accounts of Netflix users.	Account Hijacking	Sing	CC	>1
25	11/10/2017	Unknown attacker codenamed "Alf"	Australian Signals Directorate (ASD)	Australia's foreign intelligence collection agency, the Australian Signals Directorate (ASD), says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships. The breach occurred at an unnamed Department of Defence contractor. Stolen data includes details on the new F-35 Joint Strike Fighter jet, the Boeing P-8 Poseidon submarine-hunting airplane, Lockheed-Marting C-130 transport aircrafts, JDAM guided bombs, and data on "some naval ships."	Account Hijacking	Government	CE	AU
26	11/10/2017	?	Sweden Transport Administration (Trafikverket)	A DDoS attack targets the Sweden Transport Administration (Trafikverket)	DDoS	Government	CC	SE
27	11/10/2017	?	Multiple Targets	Researchers from Cisco Talos reveal a new wave of attacks carried on via an evolved version of DNSMessenger distributed by mean of a targeted spear phishing email mimicking fake SEC emails, and also leveraging compromised U.S. state government servers	Targeted Attack	>1	CC	>1
28	11/10/2017	?	Single Individuals	Researchers at Akamai identify a botnet of over 14,000 IP addresses used in malware distribution operations.	Malware	Single Individuals	CC	>1
29	11/10/2017	?	Victory Phones	Victory Phones, a phone polling firm is hacked, exposing several database files, one of which totaled 223 gigabytes in size and amounted to about two billion lines. The data was stolen in January.	Unknown	Industry: Phone services	CC	US
30	12/10/2017	?	Hyatt Hotels Corp.	Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017	PoS Malware	Industry: Hotel and Hospitality	CC	US
31	12/10/2017	?	Equifax	Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.	Malware	Industry: Credit risk assessment	CC	US
32	12/10/2017	?	Sweden Transport Agency (Transportstyrelsen) Public Transport Operator Västtrafik	The Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik are hit by a DDOS attack.	DDoS	Government	CC	SE
33	12/10/2017	Bronze Butler	Various Japanese Organizations	SecureWorks reveals the details of several intrusions carried out by the Bronze Butler threat group at various Japanese organizations.	Targeted Attack	>1	CE	JP
34	12/10/2017	?	Multiple Websites	A study by AdGuard reveals a growing number of websites using cryptocurrency mining as a source of revenues.	Malware	Single Individuals	CC	>1
35	13/10/2017	?	We Heart It	We Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.	Unknown	Image Sharing	CC	US
36	13/10/2017	?	Politifact	Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive.	Malware	News	CC	US
37	15/10/2017	?	Pizza Hut	Pizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.	Unknown	Industry: Restaurants	CC	US
38	15/10/2017	?	Namaste Health Care	Namaste Health notifies about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13, when, when the file server was targeted by Ransomware.	Malware	Healthcare	CC	US

Related Posts

Like this:

Leave a Reply Cancel reply