This post was originally published here: post


It’s time to publish the first timeline of February covering the main cyber attacks between February 1st and February 15th.

Let’s start with the mega breaches, and in particular the 3.2 million credit cards siphoned from Hitachi Payment Systems and the 3.3 million records stolen from FunPlus.

But it’s probably the cyber espionage the sector that reported the most significant events. The list of the targets include: the Norwegian Labour Party (APT29), the Italian Foreign Ministry, the Taiwanese Ministry of Foreign Affairs and many others (by the way the list includes also two possible operations by two old acquaintances like APT28 and Turla).

After one month of rest, hacktivists are also back, having defaced 45 Committee, a PAC supporting Donald Trump.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format: spreadsheets-32

ID Date Author Target Description Attack Target Class Attack Class Country
1 01/02/2017 ? Point of Sale infrastructure in Brazil and other countries Arbor Networks researchers reveal the details of the Flokibot malware family targeting Point of Sale infrastructure in Brazil and other countries. PoS Malware Finance CC BR
2 02/02/2017 Chinese state-sponsored hackers Military and aerospace interests in Russia and Belarus Proofpoint reveals the details of an ongoing cyber-espionage campaign targeting military and aerospace interests in Russia and Belarus via ZeroT and the PlugX RAT. Targeted Attack Industry: Aerospace Military CE RU BY
3 02/02/2017 ? City of Troy The City of Troy computer system is the victim of a ransomware attack. Malware Government CC US
4 03/02/2017 APT29 Norwegian Labour Party Norway’s security service says nine email accounts — including those belonging to the Labour party, the foreign ministry and defense ministry — have been targeted by hackers belonging APT29. Targeted Attack Government CE NO
5 03/02/2017 ? Tiverton Town Council John Vanderwolfe, a town clerk wipes council documents dating back to 2015 after mistakenly opening an email containing a ransomware malware. Malware Government CC GB
6 03/02/2017 Anonymous Freedom Hosting II The Anonymous take down Freedom Hosting II, the largest repository of dark web sites. The hackers are able to steal 75GB worth of files and 2.6 GB of databases Unknown Industry: Web Hosting H N/A
7 03/02/2017 ? Manatee County School District The Manatee County School District is the victim of a phishing scam that compromises the information from almost 8,000 employees. Account Hijacking Education CC US
8 04/02/2017 Berkut PoliceOne Motherboard reveals that a hacker going with the handle of Berkut is selling a database allegedly containing over 700,000 user accounts from PoliceOne, a popular law enforcement forum. Unknown Internet Forum CC US
9 04/02/2017 ? David Beckham David Beckham’s emails are held hostage by hackers, and published after his representatives refuse to pay a ransom of €1 million (£860,000). The ‘Beckileaks’ came as part of a breach on sports and entertainment agency, Doyen Global (18.6 million emails apparently accessed in 2015 and 2016). Unknown Industry: Entertainment CC GB
10 04/02/2017 Stackoverflowin 150,000 online printers A grey-hat hacker going by the name of Stackoverflowin says to have hacked over 150,000 printers that have been left accessible online and starts to send random printing jobs. Online Printers Vulnerability Industry: Electronics CC >1
11 05/02/2017 ? Email accounts of Irish solicitors The Sunday Independent reveals that cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers. Account Hijacking Law CC IE
12 06/02/2017 ? 45 Committee The website of 45 Committee, a PAC supporting President Donald Trump, is defaced. Defacement Org: Politics H US
13 06/02/2017 ? Verity Health System Verity Health System has now issued a statement about a breach reported to HHS on January 11 as affecting 10,164 patients. Unknown Healthcare CC US
14 06/02/2017 Charming Kitten Mac Users Two security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers. Malware Single Individuals CC >1
15 06/02/2017 ? Logic Supply US-based industrial computer supplier Logic Supply resets user passwords following an unauthorized access through the firm’s website, which may have exposed customer/company names, usernames and passwords, and order information. Unknown Industry: Computer Hardware CC US
16 07/02/2017 Turla? Multiple foreign embassies and ministries According to Forcepoint, an unknown actor whose targets and tactics resemble those of Turla, a Russian APT, has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware. Malicious Code Injection Government CE >1
17 07/02/2017 Fallaga Hacker Team Six NHS Websites The Independent reveals that, over the past six weeks, six NHS websites were defaced showing gruesome images of the conflict in Syria with the hashtags: #Op_Russia and #save_aleppo. Defacement Healthcare H GB
18 07/02/2017 Aslan Neferler Tim (ANT), or Lion Soldiers Team Austria’s Parliament Austria’s parliament says that a Turkish hackers’ group dubbed Aslan Neferler Tim (ANT), or Lion Soldiers Team has claimed responsibility for a cyber attack that brought down its website for 20 minutes during the weekend. DDoS Government H AT
19 07/02/2017 ? National Treasury Management Agency The National Treasury Management Agency temporarily suspends access to its website for several hours today after a suspected defacement attack. Defacement Government H IE
20 07/02/2017 ? Darcy Vescio’s Twitter account (@darcyvee) AFL Women’s league player Darcy Vescio Twitter account is hacked. Account Hijacking Single Individuals CC AU
21 07/02/2017 ? Canadian Tire Canadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website. Unknown Industry: Retail CC CA
22 08/02/2017 ? Several Organizations Worldwide Kaspersky Lab reveals the details of a fileless malware targeting several organizations worldwide. Malware >1 CC >1
23 08/02/2017 ? Sports Direct Sports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened on September 2016. CMS Vulnerability (DNN) Industry: Retail CC GB
24 08/02/2017 ? UK magazine publisher Future’s FileSilo website ( is raided by hackers, who make off with, among other information, unencrypted user account passwords. Unknown Online Magazine CC GB
25 08/02/2017 zerodark70 zerodark70 sells a database supposedly containing 83,000 compromised accounts from, the website of the 110-year-old American news agency United Press International. Unknown Industry: Journalism CC US
26 08/02/2017 ? Alton Steel, Inc. A security breach at Alton Steel, Inc. has left its employees open to identity theft, and more than one employee has already this year had fraudulent tax returns filed in their name. Account Hijacking Industry: Steel Manufacturing CC US
27 09/02/2017 ? Arby’s The fast food restaurant chain Arby’s has suffered a breach involving the payment card systems in up to 1,100 of its locations. PoS Malware Industry: Restaurant CC US
28 09/02/2017 ? Hitachi Payment Services Hitachi Payments Services confirms that its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected. Malware Industry: Payment Services CC IN
29 09/02/2017 ? Loblaws Loblaw warns PC Plus rewards collectors to reset their passwords after points were stolen from some members’ accounts. Account Hijacking Industry: Retail CC CA
30 09/02/2017 ? Taiwanese Ministry of Foreign Affairs’ Bureau of Consular Affairs (BOCA) 15,000 data files of Taiwanese nationals could have been hacked due to an intrusion in the email system. Unknown Government CE TW
31 10/02/2017 Russian Hackers? Italian Foreign Ministry Russia is suspected by Italian officials of being behind a sustained hacking attack against the Italian foreign ministry last year that compromised email communications and lasted for many months before it was detected Targeted Attack Government CE IT
32 10/02/2017 ? Mazagon Dock Shipbuilders Limited Mazagon Dock Shipbuilders Limited is the victim of a targeted attack. Targeted Attack Industry: Shipbuilding CE IN
33 11/02/2017 ? Mexican researchers and public health activists supporting the Mexican soda tax The New York Times reveals that Mexican researchers and public health activists supporting the Mexican soda tax were reportedly targeted by hackers using Israeli-based cyberweapons manufacturer, NSO Group’s, spyware dubbed Pegasus. Targeted Attack Org: Health CE MX
34 12/02/2017 >1 Great Britain In his first key interview, Ciaran Martin, head of GCHQ’s new National Cyber Security Centre (NCSC), warns that Britain is being hit by 60 significant cyber-attacks a month, including attempts by Russian state-sponsored hackers to steal defence and foreign policy secrets from government departments. >1 Government CW GB
35 13/02/2017 Lazarus APT Several Banks Worldwide Symantec reveals the details of a new malware campaign targeting 100 banks and other financial institutions in 31 countries. Malware Finance CC >1
36 14/02/2017 Russian Hackers? Emmanuel Macron French front-runner Emmanuel Macron calls for the European Union to stand firm against Russia as his French election campaign is targeted by computer hackers. The Kremlin denies any allegations. Unknown Single Individuals CW FR
37 14/02/2017 ? Activists and journalists in Qatar and Nepal Amnesty International reveals the details of Operation Kingphish: a Campaign of Cyber Attacks against activists and journalists in Qatar and Nepal. Targeted Attack Single Individuals CE QA NP
38 14/02/2017 ? FunPlus An unknown hacker steals user account information (3.3 million records) and alleged product source code from FunPlus, the company that makes highly popular free-to-play mobile game Family Farm Seaside. Unknown Industry: Video Games CC CN
39 14/02/2017 APT28 Macbook Users Bitdefender Lab reveals the details of Xagent, a malware designed for victims running Mac OS X to steal passwords, grab screenshots and steal iPhone backups Malware Single Individuals CE >1
40 14/02/2017 ? Citizens Memorial Hospital Citizens Memorial Hospital employee data are compromised by a W-2 phishing scam. Account Hijacking Healthcare CC US
41 14/02/2017 ? San Antonio Symphony Computer hackers break into the computer network for the San Antonio Symphony, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees. Unknown Symphony orchestra CC US
42 15/02/2017 Russia Ukraine Ukraine accuses Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country. Targeted Attack Government CW UA
43 15/02/2017 Rasputin Over 60 global organisations, including US government agencies and international universities. Recorded Future reveals the details of a massive campaign carried on by a Russian hacker called Rasputin, and targeting multiple organizations worldwide, including the Cornell University, New York University, University of Washington, University of Oxford, University of Cambridge, US National Oceanic and Atmospheric Administration and US Department of Housing and Urban Development. SQLi >1 CC >1
44 15/02/2017 ? PharmaNet The personal information of approximately 7,500 British Columbians may have been compromised through the provincial government’s PharmaNet system, when an “unknown/unauthorized person obtained and used a physician’s login to access PharmaNet.” Account Hijacking Government CC CA

Related Posts