Iran | Hackmageddon.com

1-15 March 2013 Cyber Attacks Timeline

March 18, 2013 Paolo Passeri 2 comments

Other troubles for system administrators: March is confirming the 2013 dangerous trend with several high profile breaches against industrial, financial and governmental targets.

The first two weeks of March have begun with the breach to Evernote, and continued with (among the others) the third phase of the infamous Operation Ababil, targeting U.S. Banks and an alleged Chinese attack against the Reserve Bank of Australia.

Additional noticeable events include a wave of DDoS attacks against several Czech Republic’s targets (belonging to media, news and financial sector), a breach suffered by the NIST Vulnerability Database (unfortunately not an isolated example of the attacks against US governmental targets happened in these two weeks) and also the leak of 20,000 records from an Avast! German distributor.

Last but not least, the examined period has also confirmed the role of Twitter as the new mean to make resounding attacks against single individuals or organizations. Qatar Foundation, Saudi Aramco, and France 24 are only several of the organizations fallen victims of accounts hijacking.

Of course, these are only the main events, feel free to scroll down the list to analyze in detail what happened in these two weeks.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Once again, a special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

About these ads

Categories: Cyber Attacks Timeline, Security Tags: #OpIran, 2013, @dw_arabic, @France24_ar, @NullCrew_FTS, @observateurs, @Phr0zenM, @StateSecurityRS, @T3AMM3DU5A, aio.ir, Alladyn2, AngloAmerican, angloplatinum.co.za, angloplatinum.com, Anonymous, Anonymous Italy, Anonymous Philippines, Arnold Schwarzenegger, Ashton Kutcher, Australia, avadas.de, Avast!, Bank of America, BB&T, BCPP, Belgrade, Beyoncé, Bill Gates, Billboard, Bitcoin, BitInstant, Britney Spears, Casapounditalia.org, Ceskatelevize.cz, Chase Bank, Chevron Corporation, chevron.com, China, Colin Poweel, Colin Powell, Constantin Film, cpb.gov, csas.cz, CSOB, csob.cz, Ct24.cz, Cyber Attacks Timeline, Cypher, Czech Republic, denik.cz, Deutsche Welle, Donald Trump, Dpp.cz, drdo.gov.in, E15.cz, Equifax, eri.ir, Evernote, Experian, Facebook, Fifth Third Bank, Fio Banka, fio.cz, France 24 Arabia, France 24 observers, G.O.D., g1arng.army.pentagon.mil, Godzilla, Government, Hacker sTz, herzliyaconference.org, Hillary Clinton, HMP Isis, HSBC, Hulk Hogan, ical.ir, ict.org.il, idnes.cz, ihned.cz, India, Iran, isi.org.pk, Izz ad-Din al Qassam Cyber Fighters, Jay Z, Joe Biden, JPMorgan Chase & Co, karjera.ktu.lt, kb.cz, Kim Kardashian, Komerční Banka, ktu, lidovky.cz, majlis.ir, March, Maxney, Mel Gibson, Michelle Obama, mobilmania.cz, nationaljournal.com, natpdae.gov.bd, nespak.com.pk, Nicholas Webber, NIST, North Korea, novinky.cz, NullCrew, nvd.nist.gov, O2.cz, Oceaneering International, OpBlackSummer. Tunisian Cyber Army Al Qaida Electronic Army, Operation Ababil, Operation Green Rights, OpFuckMohammad, opm.gov, PAKbugs, Pakistan, Paris Hilton, Phr0zenMyst, PNC, Poland, Prague Stock Exchange, Pyongyang, Qatar Foundation, Raiffeisen Bank, Rasberry P, rb.cz, RBA, Reserve Bank of Australia, Robert Mueller, Sarah Palin, Saudi Aramco, seznam.cz, Soneri Bank, South Africa, South Korea, state.gov, supremecourt.gov.bd, Syrian Electronic Army, T-Mobile, T-mobile.cz, TEAM M3DU5A, th3inf1d3l, timewarnercable.com, TransUnion, Twitter, United States, US Bank, Watering Hole Attack, XSS, Zoosk, Živě.cz, Česká spořitelna

16-28 February 2013 Cyber Attacks Timeline

March 4, 2013 Paolo Passeri Leave a comment

It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.

Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.

But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).

Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

Categories: Security, Cyber Attacks Timeline Tags: #BungaBungaBoABoA, #OpLastResort, 2013, @AFPphoto, @Anon_Cental, @DFNTSC, @Hitcher____, @MexicanH, @Phr0zenM, @ThisIsGame0ver, @TN_cyberarmy, ABC, AFP, allaahuakbar.net, American Express, Anonymous, Apple, Aspen Institute, Australia, Bahamas, Bank of America, bible.org, BRBRAITT, Burger King, Cadillac, Canada, Carl Pistorius, Casio, Central Hudson Gas & Electric Corporation, China, Clearforest, cPanel, Crypt0crew, Crysys, Cyber Attacks, Cyprus, Datuk Seri Najib Tun Razak, Defacement, Der Spiegel, Donald Trump, Drone, EADS, Educause, FBI, February, fedcenter.gov, federalagents.gov, Game Over, George K. Baum & Company, H4x0r HuSsY, Hitcher, indiaresults.com, IPD, Iran, Iran's Revolutionary Guards, IRGC, Jay Leno, JEA, Jeep, Jimmy Fallon, Kaspersky Lab, Lebanon, Lil Wayne, lp.gov.lb, LulzEs, makingaustraliahappy.abc.net.au, Malaysia, Maxney, McDonald’s, MexicanH Team, Microsoft, MiniDuke, Mongolia, MVS Comunicaciones, NATO, NBC.com, OneCalais, OpBigBrother, OpBlackSummer, OpFuckMohammad, OpMyanmar, OpWilders, Oscar Pistorius, Phr0zenMyst, police.gov.mn, premiosgoya.academiadecine.com, Psyko, Rustle League, SPVM, Sri Lanka, state.gov, Syria, Syrian Electronic Army, Team Kuwaiti Hackers, TekSystems, Telecom.nz, The People, ThyssenKrupp, Timeline, TunisianCyberArmy1, Turkey, Turkish Ajan Group, Twitter, Viru$ Noir, Xtra, Yahoo!, Zendesk

1-16 February 2013 Cyber Attacks Timeline

February 18, 2013 Paolo Passeri 3 comments

Here is the summary of the Cyber Attacks Timeline for February. A month that will probably be remembered for the “sophisticated” cyber attacks to the two main social networks: Facebook and Twitter.

But the attacks against the two major social networks were not the only remarkable events of this period. Other governmental and industrial high-profile targets have fallen under the blows of (state-sponsored) cyber criminals: the list of the governmental targets is led by the U.S. Department of Energy and the Japan Ministry of Foreign Affairs, while Bit9, a primary security firm, was also targeted, leading the chart of Industrial targets.

Hacktivists have raised the bar and breached the Federal Reserve, leaking the details of 4,000 U.S. Banks executives. Similarly, the Bush family was also targeted, suffering the leak of private emails.

Even if the list is not as long as the one of January, it includes other important targets, so, scroll it down to have an idea of how fragile our data are inside the cyberspace. Also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

Categories: Cyber Attacks Timeline, Security Tags: 2013, @AnonVoldemort, @Maxn3y, @ThisIsGame0ver, @TN_cyberarmy, acjic.alabama.gov, afse.fr, Al Qaida Electronic Cyber Army, Alabama, AlienVault, Anonymous, archicubes.ens.fr, bahamasdevelopmentbank.com, bankcap.com, Bashas, bcc.lu, Bit9, Bochum, Bush, Business Wire, cats2go.co.nz, Cayman Islands, centralbnk.com, Chile, China, Computer Virus, Cryptome, Cyber Attack Timeline, D35M0ND142, DNS Hijacking, Drone, Facebook, February, Federal Reserve, Foxconn, France, Froedtert Hospital, Geo TV, Gmail, Google, gortons.com, Great Falls, Guccifer, Haaretz, haaretz.com, Hacktivism, Iran, Japan, job.sy, JokerCracker, Kaspersky Lab, KRTV, LAPD, LAPDonline.org, loophole4all.com, Los Angeles Police Department, Los Angeles Times, Maxney, mofa.go.jp, Montana, mot.gov.il, muslimnews.co.uk, Myanmar, nbbl.com.np, ncr-iran.org, Netseer, Nokia, Nuri al-Maliki, opBankUnderAttack, OPBenLadenRevange, OpEgypt, OpFuckMohammad, OpKashmir, OpMali, PAKbugs, Pakistan, Paolo Cirio, pashupatibank.com, pknic.net.pk, pmo.iq, Pympy, Pympy.com, redsalud.gov.cl, Ruhr University, RuXpIn, SaBu ~KrYoGeNiKs, Sky News Arabia, Syrian Electronic Army, Taiwan, Talk Fusion, TeaM KuWaiT HaCkErS, th3inf1d3l, thefriendlyank.com, TunisianCyberArmy1, TurkishAjan Group, Twitter, U.S. Department Of Energy, Union Count Public School, United States, USA, Uyghur, Visa, Walla!, walla.co.il, Watering Hole Attack, ZCompany Hacking Crew, Zombie

16-31 January 2013 Cyber Attacks Timeline

February 7, 2013 Paolo Passeri 1 comment

Two Weeks Living Dangerously! I have no other words to describe this second half of January (first two weeks here) that has shown an unprecedented level of attacks! And if a good day starts with the morning, this will be a very troubled year from an information security perspective.

Not only the peaks of DDoS attacks against the US Banks have reached an unstoppable peak, but, most of all, at the end of the month details have been unveiled about a massive cyber-espionage campaign allegedly orchestrated by Chinese hackers against some major US media including The New York Times, The Wall Street Journal, The Washington Post and Bloomberg News.

A very very long list of targets this month, with some high profile victims such as the U.S. Sentencing Commission, whose web site has been hacked twice and turned into an Asteroid game, but also Renault Argentina that suffered 37,000 accounts leaked.

To summarize this month is really impossible, you just have to scroll down the timeline to realize the hacking spree in this January 2013.

If this trend continues, I will have to decrease the frequency of publication…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

Categories: Cyber Attacks Timeline, Security Tags: #FuckTheSystem, #OpLastResort, #OpLeak, #opphillippine, #OpScientology, #TeamGhostShell, 2013, @AnonSquadNo035, @AnonymousMexi, @DarkWebGoons, @irBreShiE, @LulzSecNeuron, @nrtnz, @RexMundi_Anon, @TheLulzWarrior, @TheNeoGod, @ThisIsGameOver, @TN_cyberarmy, @XTnR3v0LT, Aaron Swartz, Africa, Anonymous, Anonymous Mexico, AnonymousSquadNo.035, Argentina, Asteroids, Australia, Azerbaijan, ℕrtn___z, babycareadvice.com, Bank of America, Bank Of The West, bankcapitalinventory.com, BB&T, BBVA, Bloomberg News, Bloomberg Television, BreShiE, Britam Defence, britamdefence.com, buyway.be, cabinet.gov.eg, caci.dz, Canada, Capital One, cci.fr, China, Citibank, Citizens Bank, Comerica, construction.com, Cyber Attacks, Cyber Attacks Timeline, D35M0ND142, Davy Jones, Denial-of-service attack, Digicel Jamaica, dmx.gov.az, DNS Poisoning, Egypt, egyptiancabinet.gov.eg, Egyptological, eportal.adu.ac.ae, eproc.dor.gov.np, ESA, ezycoupons.co.nz, Fédération des Mutuelles de France, Fifth Third Bank, First Citizens Bank, First United Church, Game Over, GhostShell, Github, gorele.gen.tr, Gray Lady, handsontheland.org, Harris Bank, Harvard, Huntington Bank, Ic3.gov, ied.edu.hk, indec.gov.ar, Indonesia, IonCuber, Iran, Izz ad-Din al Qassam Cyber Fighters, January, JAsIrX, JokerCracker, Key Bank, Ladysmith, library.seas.harvard.edu, M&T Bank, Man-In-The-Middle, McGraw-Hill Construction, Mexico, Michigan, Microsoft, miep.uscourts.gov, MIT, mobilephonetrace.com, moiegypt.gov.eg, moinfo.gov.eg, mutuelles-de-france.fr, Nepal, New York Times, NIC.lk, NIC.tm, NullCrew, OfficialNull, OpEgypt, Operation Ababil 2, Operation Last Resort, OperationEgypt, OpMali, partitodemocraticotrentino.it, Patelco, People’s United Bank, Philippine, PNC, ProjectSunRise, Proximus Security, Regions Financial Corporation, Renault, Reporters Without Borders, Rex Mundi, sasonline.com.ph, Scientology, sedena.gob.mx, Sony, Sony Music, sonymusic.com.mx, Spam, SQL Injection, SQLi, Sri Lanka, Stethoscope.com, sulu.gov.ph, Synovus Bank, tbnnetworks.org, th3inf1d3l, Timeline, TNB, Trinity Broadcasting Network, Tunisian Cyber Army, Turkmenistan, Twitter, U.S. Sentencing Commission, UMB Financial Corporation, Umpqua Bank, UN.org, Union Bank, United Nations, United States, United States Sentencing Commission, University Federal Credit Union, University of New South Wales, University of Western Sidney, University Of Wisconsin, UNSW, usatechguide.org, ussc.gov, Wall Street Journal, Wasatchit Software, Washington Post, Watering Hole Attack, Wells Fargo, Wildan Yani Ashari, Wilton Brands LLC, wisc.edu, XL3gi0n, Xl3gi0n hackers, Zions Bank

16-31 December 2012 Cyber Attacks Timeline

January 7, 2013 Paolo Passeri 1 comment

The year is gone, and here it is the last Cyber Attack Timeline for 2012 (first part here).

The most important cyber-events of this second part of December can be considered: the third phase of the operation Ababil carried on by the Izz ad-Din al-Qassam Cyber Fighters against U.S. Banks, the attacks of the Anonymous collective against the Westboro Baptist Church, and, last but not least the Cyberwar echoes coming from Iran.

The wave of DDoS attacks carried on by the Izz ad-Din al-Qassam Cyber Fighters has taken down Six U.S. Banks under the fists of DDoS attacks apparently unstoppable. Instead the Anonymous seem to have changed tactic in their personal fight against the Westboro Baptist Church, they did not limit to DDoS the church’s website, but also performed a couple of Twitter account takeover against some key persons (with the collaboration of UGNazi members).

Instead, on the Cyberwar front, Iran confirms to be a danger zone, with some reports of a new Wiper and a simil-Stuxnet malware (even if this second news has been downplayed in a second moment.

Other noticeable news include an alleged breach to Yahoo!, a massive breach against a Chinese HP domain and a strange, controversial breach against Verizon FiOS (with data apparently leaked six months ago).

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts). To do so, you can use this form.

Categories: Cyber Attacks Timeline, Security Tags: #GameOverDay, 0-Day, 2012, 2012obama.com, @CosmoTheGod, @DearShirley, @dswdserve, @gsec_, @LulzSecPeru, @Maxn3y, @nrtnz, @ThisIsGameOver, @TibitXimer, Account Hijacking, Aiplex, airport.ch, Al-Qaida, alwayson.hp.com.cn, an0nw3bc0d3r, Anonymous, Argentina, Australia, Bank of America, BB&T, Brazil, btflive.net, Bulgaria, Byron Bay Community School, C4ISR, CECOM, Central Intelligence Agency, CFR, cfr.org, China, CIA, Citi, Citigroup, Council on Foreign Relations, cpd.gov.kw, December, Denial-of-service attack, DiabloAnon, ebuyer.com, Egypt, Eletrobras, eln.gov.br, english.stanford.edu, Fred Phelps Jr., Fred Phelps Sr., Game Over, GameOverVirus, Grey Security, Heroes of Newerth, Hewlett Packard, Hormozgan, HP, ihya.org, India, Indian Express, Internet Explorer, Iran, islaam.net, ISNA, Israel, Izz ad-Din al Qassam Cyber Fighters, Jetro/Restaurant Depo, Jigsawhacker, JokerCracker, Kuwait, Lulz Security Peru, mantrackr.com, marvin.com.mx, Maxney, mindef.gov.ar, minfin.bg, mma.gov.br, MPAA, National University of Bangladesh, nu.edu.bd, Obama Must Go!, Operation Ababil, OpFuckMohammad, OpGreenRights, Philippines, PNC, Raj Musicals, rajmusicals.in, Ransomware, Renault, Renault.bg, Shirley Phelps-Roper, SQLi, Stanford, Stuxnet, th3inf1d3l, The Islamic Network, Tibit, Turkish Ajan Hacker Group, Twitter, ucsd.edu, UGNazi, United States, US Army, US Bank, Verizon FiOS, ViruS_HimA, WBC, Wells Fargo, Westboro Baptist Church, Wiper, Xc0unt3r, XL3gi0n, Yhaoo!, Zensis, zensis.com, zunal.com

Another Wiper Malware Discovered in Iran?

December 16, 2012 Paolo Passeri Leave a comment

Yet another Sunday, yet another attack in Middle East.

Maher Center, the Iranian Computer Emergency Response Team / Coordination Center has just released a scant report concerning another (alleged) cyber attack targeting Iran.

Few information is available so far regarding this new targeted attack. The malware, simple in design and hence apparently unrelated to the other sophisticated cyber attacks targeting the same area, seems to have an efficient design and wiping features. According to the statement, the malware “wipes files on different drives in various predefined times. Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software“. However, it is not considered to be widely distributed. The report also publishes the MD5s of the five identitified components.

Wiper malware samples are becoming increasingly common in Middle East. Of course the most known example so far is the massive cyber attack targeting Saudi Aramco, occurred in August 2012 and targeting 30,000 internal workstations. Few days ago, the final results of the investigations were unveiled, suggesting that the attack was carried on by organized foreign hackers, and aimed “to stop pumping oil and gas to domestic and international markets” with huge impacts on the national economy of the kingdom.

The next hours will tell us if we are in front of a similar scenario, or the statement is rather an attempt of propaganda aimed to emphasize Iranian defensive capabilities.

Categories: Cyberwar, Security Tags: Cyberwar, Iran, Maher Center, Middle East, Saudi Aramco, Targeted Attack, Wiper

16-30 November 2012 Cyber Attacks Timeline

December 4, 2012 Paolo Passeri 1 comment

November has gone and it’s time to review this month’s cyber landscape.

From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.

Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.

The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.

Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 November 2012 Cyber Attacks Statistics (hackmageddon.com)
Timeline of Opisrael (hackmageddon.com)

Categories: Cyber Attacks Timeline, Security Tags: #OpLeak, 2012, @DARWINWARE, @gsec_, @opindia_revenge, @ur0b0r0x, @XTnR3v0LT, Acer, aldf.org, Animal Legal Defense Fund, AnonOpsIndia, Anonymous, Arenabg, Banega, BitSoup, Blackhole Expoit Kit, Cesc Fàbregas, China, Colombia, Computer crime, Cool EK, Cristian Tello, Cristiano Ronaldo, Cyber Attacks, Cyberwarfare, D35M0ND142, David Navarro, Debka.com, DEBKAfile, DNS Poisoning, Ducat, E.J. Phair brewing Company, Ebay, Fabio Coentrao, First Security Insurance, Flame, France, FreeBSD, Fuel Up to Play 60, fueluptoplay60.com, Game Over AKA @ThisIsGameOver, Gerard Pique, gobhs.ch, GoDaddy, Google, Greenspun Media Group, Grey Security AKA, Hacktivism, IAEA, Iker Casillas, International Atomic Energy Agency, Iran, Japan Aerospace Exploration Agency, JAXA, Johns Hopkins University and Moscow University, Jordi Alba, Kapil Sibal, kapilsibalmp.com, kOS, lasvegassun.com, lasvegasweekly.com, leadenhall-market.co.uk, Liga, Maxney, MCA-CRB, MeTV. metvnetwork.com, Microsoft, Middle East, Minnesota United States Bankruptcy Court, mnb.uscourts.gov, mofa.gov.sy, Mourinho, myWoWArmory.com, Narkop, Nationwide, New York University, NISD, North-side Independent School District, November, OpBigBrother, OpIsrael, OpSyria, Pakistan, Parastoo, PayPal, PCMDI, Pinto, Piwik.org, PKNIC, policija.lt, Roberto Soldado, royalquaysoutlet.co.uk, Secreterìa De Educaciòn Pùblica, sep.gob.mx, SlixMe, SSH, Stanford University, Stanley-Boyd School District, svuonline.org, Symantec, Syria, thaitravelcenter.com, Timeline, Torrent, Twitter, United States, Universidad Veracruzana, uv.mx, vegasdeluxe.com, vegasinc.com, verifi-cctv.com, Vicente del Bosque, Visa, W32.Narilam, World of Warcraft, www-pcmdi.llnl.gov, Yahoo!, YEIZETA, Zacatecas, zacatecas.gob.mx

1-15 October 2012 Cyber Attacks Timeline

October 17, 2012 Paolo Passeri Leave a comment

Apparently October has shown a decrease in the number of Cyber Attacks. At least from a mere numerical perspective. It is not a coincidence that I used the term “Apparently” since if we consider the most important event of the month: the massive leak from Worldwide universities executed by Team GhostShell inside their ProjectWestWind operation, things are well different.

The one carried on by Team Ghost Shell (approximately 120k accounts leaked) is for sure the most important operation of the current month which has also shown the first virtual hacking operation (at least as far as I remember): the massive death of avatars inside World of Warcraft.

Other remarkable events in the first half of October concern the attack to Playspan (possibly millions of users affected), the new waves of DDoS cyber attacks against US banks, and an alleged hijacking to the Irish domains of Google and Yahoo!.

It worth to mention also the breach of University of Georgia (8,500 users affected) and the 400,000 bucks stolen by unknown hackers to the City of Burlington.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Categories: Cyber Attacks Timeline, Security Tags: Google, Iran, Anonymous, SQL Injection, University Of Georgia, Venezuela, World of Warcraft, Greece, Burlington, SLYHACKER, Interpol, PrivateX, Team GhostShell, Kosova Hacker’s Security, #DoktorBass, XL3gi0n, NullCrew, Blizzard Entertainment, OfficialNull, ProjectWestWind, Maxney, YEIZETA, Izz ad-Din al Qassam Cyber Fighters, Mohammad Reza Golshani, Korn/Ferry International, Dufferin-Peel School, San Mateo Union High School District, Goatse Security, @GoatseSec, Oprah Winfrey, @PribadoX, live-co.com, TZ, India Today, NSW, PeriQ Networks AB, PRQ, Roni bomber, presidencia.gov.co, aquiagora.net, Orange, Turkish Agent Group, Pepsi, Angela Merkel, Yhaoo!, Operation Ababil, One Financial, mga.gr, presidency.gr, hellenicpolice.gr, government.gov.gr, Northwest Florida State College, SunTrust Banks, PlaySpan, infoinformaticos.com, Regions Financial, University of Georiga, Comision de Administracion de Divisas, Superphone.bg, realvision.bg, pazaruvai-lesno.bg, policia.gov.co, #OpJubilee, policeuk.com, policespecials.com

The Middle East Flame is Far from Being Extinguished

October 15, 2012 Paolo Passeri Leave a comment

Flame

Another day, another revelation inside the (in)visible Cyber War going on Middle East. Today Kaspersky Lab has announced the discovery of another strain of malware derived from the infamous Tilded-Platform family: the little brother of Flame, the so-called miniFlame (or “John”, as named by the corresponding Gauss configuration).

The malware has been discovered while looking closer at the protocol handlers of the Flame C2 Infrastructure. An analysis that had previously revealed four different types of malware clients codenamed SP, SPE, FL and IP, and hence the fragmented evidence of a new family of cyber weapons, where one only element were known at the time the FL client corresponding to Flame.

Exactly one month later, another member of the family has been given a proper name: the SPE element corresponding to miniFlame.

Unlike its elder brother Flame (and its cousin Gauss) miniFlame does not appear to be the element of a massive spy operation, infecting thousands of users, but rather resembles more a small, fully functional espionage module designed for data theft and direct access to infected systems. In few words: a high precision, surgical attack tool created to complement its most devastating relatives for high-profile targeted campaigns. The main purpose of miniFlame is to act as a backdoor on infected systems, allowing direct control by the attackers.

Researchers discovered that miniFlame is based on the Flame platform but is implemented as an independent module. This means that it can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame.

Furthermore, miniFlame can be used in conjunction Gauss. It has been assumed that Flame and Gauss were parallel projects without any modules or C&C servers in common. The discovery of miniFlame, and the evidence that it can works with both cyber espionage tools, proves that were products of the same ‘cyber-weapon factory’: miniFlame can work as a stand-alone program, or as a Flame or event Gauss plugin.

Although researchers believe that miniFlame is on the wild since 2007, it has infected a significantly smaller number of hosts (~50-60 vs. more than 10,000 systems affected by the Flame/Gauss couple). The distribution of the infections depends on the SPE variant, and spans a heterogeneous sample of countries: from Lebanon and Palestine, to Iran, Kuwait and Qatar; with Lebanon and Iran that appear to concentrate the bigger number of infected hosts.

Another evidence of the ongoing (since 2007) silent Cyber War in Middle East.

Categories: Cyberwar, Security Tags: Cyber War, Flame, Gauss, Iran, Kaspersky Lab, Lebanon, Middle East, miniFlame

New Waves of Cyber Attacks in Middle East

October 9, 2012 Paolo Passeri Leave a comment

The infosec chronicle has offered many interesting events in this first part of October. Upon all, the massive leak against top 100 universities by the infamous Team GhostShell, the Skype worm, and, last but not least, the U.S. congressional report accusing China’s leading telecom equipment makers, Huawei and ZTE, of being a potential security risk.

Inevitably these events are obfuscating what’s going on in Middle East where Iran, on one hand, is facing the latest wave of Cyber Attacks against its internal assets, and on the other hand, claims to have infiltrated the “most sensitive enemy cyber data”.

This hot autumn for the Middle East has begun on September 30 (approximately one week after Iran connected all its government agencies to its secure autarchic domestic internet service). In that circumstance Iranian Rear Admiral Ali Fadavi announced a clamorous cyber strike of his navy’s cyber corps, being able to “infiltrate the enemy’s most sensitive information” and successfully promote “cyberwar code,” i.e. decrypt highly classified data.

Ali Fadavi did not specify the name of any particular enemy, but simply referred to “imperialistic domination,” a clear reference to Iran’s “enmity with America.”

Maybe is a coincidence, or maybe not, but on October 3 Iran has suffered a massive outage of its Internet infrastructure, at least according to what Mehdi Akhavan Behabadi, secretary of the High Council of Cyberspace, has declared to the Iranian Labour News Agency. An outage that the Iranian official has attributed to a heavy organized attack against the country’s nuclear, oil, and information networks, which forced to limit the usage of the Internet.

The latest (?) episode a couple of days ago, on October 8, when Mohammad Reza Golshani, head of information technology for the Iranian Offshore Oil Company, told Iran’s Mehr news agency that an unsuccessful (i.e. repelled by Iranian Experts) cyber attack had targeted the company platforms’ information networks in the past few weeks. I wonder if we are in front of a new Flame. In any case, according to Mr. Golshani there were few doubts about the authors of the attack.

“This attack was planned by the regime occupying Jerusalem (Israel) and a few other countries”.

Few hours later Iran has officially blamed Israel and China for planning and operating the attack.

It is not a mystery that the Stuxnet attack forced Iran to tighten its cyber security, a strategy culminating on the creation of a domestic Internet separated from the outer world (a way to control the access to the Web according to many observers).

For sure it is not a coincidence that the same network separation is the main reason why Iran was able to repel the latest attacks.

My sixth sense (and half) tells me that other occasions to test the cyber security of the Iranian domestic Internet will come soon!

Categories: Cyberwar, Security Tags: Ali Fadavi, China, Cyber Attack, Flame, Internet, Iran, Iranian Offshore Oil Company, Israel, Mehdi Akhavan Behabadi, Middle East, Mohammad Reza Golshani, Outage, Stuxnet

Older Entries

About these ads

May 2013
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Twitter

RT @LastlineLabs: Marco Cova from Lastline talking about hacktivism on Italian TV ow.ly/l8Az6 - 8 hours ago
RT @lastlineinc: Malware can make itself invisible: in the case of RSA security's breach, malware went undetected for 1/2 year http://t.co/… - 20 hours ago
RT @gianlucaSB: SMS-based command and control protocols are here ow.ly/l47Ye - 2 days ago
Skype with care Microsoft is reading everything you write h-online.com/security/news/… - 3 days ago
How the Syrian Electronic Army Hacked The Onion - Onion Inc.'s Tech Blog theonion.github.com/blog/2013/05/0… - 1 week ago
@Xyri3 sorry I forgot :) Done! - 1 week ago
@Xyri3 sure when you want. - 1 week ago
RT @LastlineLabs: NPR story about new Pentagon report on Chinese intellectual property theft ow.ly/kNdew - 1 week ago
An interesting novel approach to detect compromised accounts on Social Networks: seclab.cs.ucsb.edu/media/uploads/… - 1 week ago
16-30 April 2013 Cyber Attacks Timeline wp.me/p14J6X-2oH - 1 week ago

Follow @paulsparrows

Hackmageddon.com

Archive

1-15 March 2013 Cyber Attacks Timeline

16-28 February 2013 Cyber Attacks Timeline

1-16 February 2013 Cyber Attacks Timeline

16-31 January 2013 Cyber Attacks Timeline

16-31 December 2012 Cyber Attacks Timeline

Another Wiper Malware Discovered in Iran?

16-30 November 2012 Cyber Attacks Timeline

1-15 October 2012 Cyber Attacks Timeline

The Middle East Flame is Far from Being Extinguished

New Waves of Cyber Attacks in Middle East

About The Author

Stats

Support My Work!

Share:

Stay Tuned!

Interesting Links

News

About This Blog

Calendar

Archive

Tag

Recent Posts

Top Posts & Pages

Visitors from…

Twitter

Follow “Hackmageddon.com”

Archive

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

Related articles

Share:

Like this:

Share:

Like this:

Share:

Like this:

Share:

Like this:

About The Author

Stats

Support My Work!

Share:

Stay Tuned!

Interesting Links

News

About This Blog

Calendar

Archive

Tag

Recent Posts

Top Posts & Pages

Visitors from…

Follow “Hackmageddon.com”