1-15 December 2017 Cyber Attacks Timeline

Last Updated on December 28, 2017

The year is nearly gone, so It’s time to publish the second to last timeline for this troubled 2017 covering the main cyber attacks occurred between December 1st and 15th.

Unsurprisingly, this fortnight the list is quite long and includes some remarkable events like the one that hit TIO Networks, a payment processor owned by PayPal, which had potentially 1.6 million records compromised.

But also the new gold rush for cryptocurrencies left its mark: NiceHash has been forced to suspend the operations after cyber criminals made off with $68 million worth of Bitcoins (at least this is the value of the bounty when the hack occurred, given the volatility of crypto currencies), and obviously this was not the only event targeting, directly or indirectly, cryptocurrency assets in this timeline.

Nothing in comparison with the database containing the data of 19 million California voters left exposed and eventually deleted (and held for ransom) by cyber criminals.

The list also includes multiple massive campaigns (like MoneyTaker targeting multiple U.S. and Russian banks), and also a couple of operations carried on by the Anonymous collective against Brazil and Israel).

So, feel free to scroll down the whole list for all the events happened in this fortnight. And if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). If useful, you can access the timeline in Google Sheet format.

ID	Date	Author	Target	Description	Attack	Target Class	Attack Class	Country
1	01/12/2017	?	TIO Networks	PayPal Holdings suspends the operations of TIO Networks, a publicly traded payment processor PayPal acquired in July 2017, after a review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.	Unknown	Industry: Payment Processor	CC	US
2	01/12/2017	?	Tenafly High School	Tenafly High School informs parents that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after.	Unknown	Education	CC	US
3	02/12/2017	Charming Kittens	Academic researchers, human rights activists, media outlets and political advisors focusing on Iran	Researchers from ClearSky publish a report that reveals a new campaign carried on by the alleged Iran-linked APT Charming Kittens targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran via fake social network profiles or also a fake news site.	Targeted Attack	Single Individuals	CE	IL
4	02/12/2017	Anonymous	Brazil	The Anonymous leak some topology data belonging to Brazilian public sector.	Unknown	Government	H	BR
5	04/12/2017	?	Mecklenburg County	Mecklenburg County, which includes the city of Charlotte and surrounding areas, is hit with ransomware and struggles to get its systems back online ever since. In the meantime, county officials are forced to revert to paper systems.	Malware	Government	CC	US
6	04/12/2017	?	Home and Small-office Routers	Researchers unveil the details of a new variant of the Mirai botnet called Satori. The botnet exploits a recently discovered 0-day vulnerability to infect two widely used lines of home and small-office routers even when they're secured.	0-day vulnerability	Single Individuals	CC	>1
7	04/12/2017	?	WWE wrestler Maria Kanellis	A new batch of explicit photos of WWE wrestler Maria Kanellis is leaked.	Account Hijacking	Single Individual	CC	US
8	04/12/2017	?	Mad River Township Fire and EMS station	Mad River Township Fire and EMS station has all its data encrypted by ransomware.	Malware	Fire Station	CC	US
9	05/12/2017	Dfrank	Netshoes	Data of 500,000 customers of Brazilian retailer Netshoes is dumped on pastebin.	Unknown	Industry: Retail	CC	BR
10	05/12/2017	?	Baptist Health Louisville	Baptist Health Louisville notifies 880 patients of a phishing incident occurred early October.	Account Hijacking	Healthcare	CC	US
11	05/12/2017	?	Warwick Rowers	The website of a naked charity calendar featuring male rowers at Warwick University is taken down by a DDoS attack after having allegedly offended Russia’s “gay propaganda” laws.	DDoS	Org: Charity	H	UK
12	05/12/2017	?	Colorado Center for Reproductive Medicine Minneapolis	Colorado Center for Reproductive Medicine Minneapolis warns customers that, in the wake of a ransomware attack occurred in October 2017, unauthorized third-party may have breached the clinic’s computer security and viewed or accessed patient information that was on the server.	Malware	Healthcare	CC	US
13	06/12/2017	?	NiceHash	Bitcoin mining platform and exchange NiceHash is hacked and forced to suspend the operations for 24 hours after cyber criminals make off with $68 million worth in BTC.	Unknown	Cryptocurrency Exchange	CC	US
14	06/12/2017	?	Royal National Institute for the Blind (RNIB)	Police launch an investigation after 817 people report fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store occurred on November 16th.	Unknown	Org: Charity	CC	UK
15	06/12/2017	?	5,500 WordPress sites	Sucuri unveils the details of a new attack affecting 5,500 WordPress sites, infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.	Malicious Script	Single Individuals	CC	>1
16	06/12/2017	?	Henry Ford Health System	Roughly 18,500 patients at Henry Ford Health System have possibly had their personal information stolen in a data breach occurred in early October after the email credentials of a group of employees were stolen.	Account Hijacking	Healthcare	CC	US
17	07/12/2017	?	Sinai Health System	At least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people.	Account Hijacking	Healthcare	CC	US
18	07/12/2017	?	Bitcoin Investors	Researchers at Fortinet spot a new phishing campaign targeting bitcoin investors serving an Orcus RAT malware in disguise of a trading app.	Targeted Attack	Single Individuals	CC	>1
19	07/12/2017	?	Village of Nashotah	The Village of Nashotah pays an unidentified hacker a $2,000 ransom to decrypt its computer system after a hack in late November.	Malware	Government	CC	US
20	07/12/2017	?	Clarion University	Clarion University employees are notified after two employees fall victim of a phishing attack.	Account Hijacking	Education	CC	US
21	07/12/2017	APT34	Government organization in the Middle East	FireEye reveals the details of a new campaign carried on by the suspected Iranian threat group APT34 exploiting the recently patched CVE-2017-11882 exploit.	Targeted Attack	Government	CE	N/A
22	08/12/2017	?	Single Individuals	While scanning the deep and dark web for stolen, leaked or lost data, security company 4iQ discovers a single file with a database of 1.4 billion clear text credentials, the largest aggregate database found in the dark web to date.	Unknown	Single Individual	CC	>1
23	08/12/2017	Anonymous	Israel	In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.	Unknown	Government	H	IL US
24	08/12/2017	?	Single Individuals	Researchers from ESET reveal that the cybergang behind the now defunct FinFisher man–in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 distributed via watering hole attacks.	Malware	Single Individuals	CE	>1
25	08/12/2017	?	Road Sign near North Central Expressway in Dallas	A traffic sign near North Central Expressway in Dallas is hacked and defaced with an obscene message against the President of United States Donald Trump and his voters.	Unknown	Road Sign	CC	US
26	10/12/2017	Le Duc Hoang Hai	Perth Airport	A Vietnamese man, Le Duc Hoang Hai, is arrested for stealing sensitive security details and building plans from Perth Airport after breaking into its computer systems. The hack happened in March last year, and was carried on using the credentials of a third-party contractor,	Account Hijacking	Airport	CC	AU
27	10/12/2017	?	Jeffree Star	Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.	Account Hijacking	Single Individual	CC	US
28	11/12/2017	MoneyTaker	U.S and Russian Banks	Security firm Group-IB reveals the details of a previously unknown ring of Russian-speaking hackers, allegedly able to have stolen as much as $10 million from U.S. and Russian banks in the last 18 months. The gang of criminals is dubbed MoneyTaker.	Malware	Finance	CC	RU US
29	11/12/2017	?	Polish Banks	Researchers from ESET discover a malicious banking app hidden in the Google Play store in disguise of a Crypto Monitor.	Malware	Finance	CC	PL
30	11/12/2017	?	Jerome School District	Jerome School District falls victim to ransomware.	Malware	Education	CC	US
31	11/12/2017	?	National Capital Poison Center	National Capital Poison Center reports a ransomware incident.	Malware	Org: Non-Profit	CC	US
32	11/12/2017	?	Rose McGowan	Another round of "The Fappening". Hackers leak alleged nude pics and sex tape of “Charmed” star Rose McGowan.	Unknown	Single Individual	CC	US
33	12/12/2017	?	Bitfinex	Bitfinex is forced to shut down its ongoing operations after suffering a series of non-stop DDoS attacks.	DDoS	Cryptocurrency Exchange	CC	VG
34	12/12/2017	?	Midland Memorial Hospital	Midland Memorial Hospital announces a data security incident involving a limited number of patients’ personal information after an unauthorized third party may have obtained access to an employee’s e-mail account on or about Oct. 10.	Account Hijacking	Healthcare	CC	US
35	13/12/2017	?	Google, Facebook, Apple, and Microsoft users	According to internet monitoring service BGPMon, traffic sent to and from Google, Facebook, Apple, and Microsoft is briefly routed through a previously unknown Russian Internet provider. The hijack lasts a total of six minutes and affects 80 separate address blocks.	BGP Hijacking	Single Individuals	CC	>1
36	13/12/2017	?	Osaka University	Osaka University says that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers.	Account Hijacking	Education	CC	JP
37	13/12/2017	?	Anderson Cooper's Twitter account (@andersoncooper)	CNN says Anderson Cooper's Twitter account was hacked after a since-removed tweet from his handle called the president a "tool" and a "pathetic loser" following Democrat Doug Jones win in Alabama's Senate election.	Account Hijacking	Single Individual	CC	US
38	13/12/2017	?	Android Users	Google removes more than 80 malicious Android apps from Google's official Play Store, which were designed to hijack credentials for VK, Russia's Facebook-like social network.	Malware	Single Individuals	CC	RU
39	14/12/2017	?	Undisclosed Oil Plant in Saudi Arabia	Security firm FireEye and Schneider Electric SE reveal the details of a new operation. targeting Triconex industrial safety technology widely used inside nuclear, oil and gas plants. The first victim is allegedly located in Saudi Arabia. The malware is dubbed Triton.	Targeted Attack	Industry: Oil and Gas	CW	SA
40	14/12/2017	?	John Kahlbetzer	John Kahlbetzer, one of Australia’s richest men suffers a $1m loss after his assistant is taken in by a classic Business Email Compromise (BEC) scam.	Account Hijacking	Single Individual	CC	AU
41	14/12/2017	?	Fox-IT	Dutch security firm Fox-IT reveals to have fallen victim of a DNS Hijacking attack on September 19th 2017. The attacker modifies a DNS record for one particular server to point to a server in their possession and to intercept and forward the traffic to the original server that belongs to Fox-IT.	DNS Hijacking	Industry: Information Security	CE	NL
42	14/12/2017	?	Unnamed Brazilian Bank	Researchers from Trend Micro unveil the details of Prilex, a new ATM malware used for targeted attacks against a Brazilian bank.	Targeted Attack	Finance	CC	BR
43	14/12/2017	?	Proctor School District	The Proctor school district is hit by ransomware.	Malware	Education	CC	US
44	15/12/2017	The Lazarus Group	Bitcoin Insiders in London	Secureworks reveals a new spearphishing campaign circulating across bitcoin industry insiders in London, carried on via a fake job opening, and aimed to steal their online credentials. The fingers are pointed to the North Korean hackers of the Lazarus Group	Targeted Attack	Finance	CE	UK
45	15/12/2017	?	Transneft	Transneft reveals that its computers have been used for the unauthorized manufacture, or “mining”, of the cryptocurrency Monero.	Malware	Industry: Oil and Gas	CC	RU
46	15/12/2017	?	California voters	Researchers at Kromtech discover an unprotected instance of MongoDB database that appear to have contained 19 million California voters data. The database has been deleted by Cyber Criminals and held for ransom with the attackers demanding 0.2 BTC ($ 3,000 at the time of writing).	Unsecure MongoDB database	Government	CC	US
47	15/12/2017	?	Stanislaus County's Mental Health Department	500 computers from Stanislaus County's Mental Health Department are quarantined after ransomware is detected in the network.	Malware	Government	CC	US
48	15/12/2017	?	39 East Texas School Districts	Students from 39 East Texas School Districts have their information compromised by an October hack.	Unknown	Education	CC	US
49	15/12/2017	?	OSX Users	Security firm Cybereason discovers an invasive adware variant dubbed OSX.Pirrit. The malware targets macOS users adding spyware capabilities.	Malware	Single Individuals	CC	>1

Related Posts

Like this:

Leave a ReplyCancel reply