This post was originally published here: post


It’s time to publish the second timeline of February (Part I here).

A new timeline, a new megabreach. This fortnight, the unwelcome prize for the most massive breach goes to Coachella, the music festival whose web site has been allegedly hacked with the consequent sell of nearly one million accounts in the dark web. In the same time, a massive trove of 150 million logins has popped up in the dark web in the wake of the cloudbleed vulnerability, and, last but not least, not to mention Yahoo! that has sent out another round of notifications to some users whose account has been compromised by forged cookies.

But Yahoo! has not been the only entity targeted by a state-sponsored actor… This fortnight has reported multiple other operations motivated by cyberespionage; the victims include: the Singapore Ministry of Defence, a campaign against Japanese companies and individuals (dubbed Snake Wine), another campaign against the Ukrainian Government (Gamaredon), and a malware campaign against South Korea, allegedly orchestrated by their Northern neighbors.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format:

ID Date Author Target Description Attack Target
1 10/02/2017 ? Texas Department of Transportation The Texas Department of Transportation says some personal information of employees was compromised last week due to a “security incident.” Unknown Government CC US
2 14/02/2017 ? Unnamed Oklahoma Agency The Office of Management and Enterprise Services confirms that an unnamed agency has been targeted by ransomware. Malware Government CC US
3 15/02/2017 ? Yahoo! Yahoo sends out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo’s mail service that allowed an attacker—most likely a “state actor,” according to Yahoo—to use a forged “cookie” created by software stolen from within Yahoo’s internal systems to gain access to user accounts without a password. Forged Cookie Industry: Internet Services CE US
4 15/02/2017 ? Multiple Targets in Saudi Arabia Security researchers reveal the details of a cyber espionage operation dubbed Magic Hound linked to Iran and the recent Shamoon 2 attacks. Malware >1 CC SA
5 16/02/2017 ? Israeli Defense Force Two separate papers from Kaspersky and Lookout reveal the details of ViperRAT, an active APT targeting the Israeli Defense Force. Targeted Attack Military CE IL
6 16/02/2017 ? Islamic State Supporters Islamic State supporters are targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit. Targeted Attack Single Individuals CE N/A
7 17/02/2017 ? Zcoin A simple one-digit typo within the source code of a cryptocurrency called Zcoin has allowed a hacker to make a profit of over $400,000 worth of cryptocurrency. Coding Error Cryptocurrency CC N/A
8 17/02/2017 ? Bingham County Hackers demand $25K-$30K after ransomware attack takes down Bingham County servers Malware Government CC US
9 17/02/2017 ? Lexington Medical Center Lexington Medical Center notifies employees of breach affecting its database. Unknown Healthcare CC US
10 18/02/2017 ? Family Service Rochester Family Services Rochester notifies individuals that portions of its computer systems that contained personal information has been compromised by ransomware. Malware Org: Family Counselor CC US
11 19/02/2017 Pro_Mast3r A hacked dubbed Pro_Mast3r defaces a server associated with President Donald Trump’s presidential campaign donations. Defacement Org: Political Party CC US
12 19/02/2017 Kuroi’SH Asiana Airlines Kuroi’SH defaces the official website of Asiana Airlines, one of the major airlines in South Korea. Defacement Industry: Airline H KR
13 20/02/2017 ? Airsoft GI Forum ( A hacker claims to have hacked the official web forum of a gun retailer Airsoft GI ( and uploaded its data on Dropbox. SQLi Industry: Retail CC US
14 21/02/2017 ? Several industries, including critical infrastructure and news media. Researchers at CyberX discover a cyber espionage campaign called Bugdrop, that siphoned more than 600 gigabytes from about 70 targets in several industries, including critical infrastructure and news media. Targeted Attack Industry: >1 CE >1
15 21/02/2017 ? Bitfinex Top Bitcoin trading platform Bitfinex is hit by a “severe DDoS attack.” DDoS Cryptocurrency CC N/A
16 22/02/2017 Berkut Coachella Music Festival Nearly one million Coachella accounts are reportedly currently up for sale on the dark web. Unknown Org: Music Festival CC US
17 22/02/2017 ? Montenegrin government and several state institutions The websites of the Montenegrin government and several state institutions, as well as some pro-government media, are targeted with multiple cyberattacks started since February, 15th. Unknown Government CW ME
18 22/02/2017 RTM Remote Banking Systems (RBS). Experts at software firm ESET reveal the details of the activity of a cybercrime group tracked as RTM using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The Remote Banking Systems are business software used to make bulk financial transfers. Malware Finance CC >1
19 22/02/2017 ? South Washington County School District The South Washington County school district tightens security after a high school student hacks into the district’s server and takes names, Social Security numbers and some addresses. Unknown Education CC US
20 23/02/2017 North Korea? South Korea? Talos reveals the details of a malware campaign against South Korean users, active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document (HWP), a popular alternative to Microsoft Office for South Korean users developed by Hancom. Targeted Attack Government CE KR
21 23/02/2017 ? Apple A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, after malware-infected firmware was reportedly detected in an internal development environment for Apple’s App Store, as well as some production servers handling queries through Apple’s Siri service. Malware Industry: HW and SW CC US
22 24/02/2017 ? Multiple Targets The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber obtained by exploiting the recently discovered Cloudbleed. Cloudbleed >1 CC >1
23 24/02/2017 ? 1,500 organizations from 100 countries Kaspersky Lab exposes the details of a new wave of attacks carried on via the Adwind Remote Access Tool targeting 1,500 organizations from 100 countries. Malware (Adwind) >1 CC >1
24 25/02/2017 ? Roberts Hawaii The tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016 Malicious Code Industry: Tourism CC US
25 25/02/2017 National Hackers Agency (NHA) 605 Websites hosted by DomainMonster A hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster. Defacement >1 CC GB
26 27/02/2017 ? Luxembourg Government’s servers The Luxembourg government’s servers are hit in a massive DDoS attack that lasts over 24 hours. The attack is believed to have affected over a hundred websites hosted by the government’s servers. DDoS Government CC LU
27 27/02/2017 Gamaredon Ukrainian government, military and law enforcement officials. According to the experts from Palo Alto Networks, a Russian state-actor dubbed Gamaredon is using a custom-developed malware in cyber espionage campaigns against the Ukrainian government, military and law enforcement officials. Targeted Attack Government CE UA
28 27/02/2017 CrimeAgency 126 vBulletin Forum A hacker going by the online handle of “CrimeAgency” claims to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. vBulletin Vulnerability Internet Forum CC >1
29 27/02/2017 ? Japanese Companies and Individuals Cylance discovers Snake Wine another prolonged campaign that appears to exclusively target Japanese companies and individuals. Targeted Attack >1 CE JP
30 27/02/2017 ? Amalgamated Sugar Nearly 3,000 workers at Amalgamated Sugar receive notifications of an intruder accessing the company’s network and their personal information being disclosed. Unknown Industry: Sugar Beet Refining CC US
31 28/02/2017 ? Singapore’s Ministry of Defence (Mindef) Singapore’s Ministry of Defence (Mindef) confirms that the personal details more than 850 national servicemen and employees were stolen in a “targeted and well-planned” cyberattack earlier this month. Targeted Attack Government CE SG
32 28/02/2017 ? Aptos Shoppers of 40 online stores have had their bank card numbers and addresses stolen by a malware infection at backend provider Aptos occurred late last year Malware Industry: Retail Services CC US

Related Posts