Table of Contents
Cost of Cyberattack Statistics (Infographic)
- 45.5% of respondents in a recent survey said that their organization endured between 1 and 5 successful cyber attacks during the past year. (Statista)
- A majority of cyberattacks are motivated by financial gain, nearly 86%. The second leading motivator of a cyberattack includes state espionage. (Verizon)
- By 2024, online payment fraud will cost the e-commerce industry $25 billion in losses annually. (Legal Jobs)
- Forecasts show businesses will lose approximately $10.5 trillion in 2025 at an estimated $19,977,168 per minute due to cybercrime. (Cybercrime Magazine)
- In 2022, the average cost of a data breach globally hit $4.35 million. (Statista)
- Over the next 5 years, global cybercrime costs are predicted to grow by 23% per year, reaching $23.84 trillion annually by 2027. (Statista)
- Public companies lose an estimated 8.6% of their value after a cyber breach. (Comparitech)
Cyber Attacks – Year 2021
December 2021. Hackers targeted multiple Southeast Asian governments over the past 9 months using custom malware linked to Chinese state-sponsored groups. Many of the nations targeted are currently engaged in disputes with China over territorial claims in the South China Sea.
December 2021. A breach of Prime Minster Modi’s Twitter allowed hackers to Tweet from the account that India officially adopted bitcoin as legal tender. The Tweet also included a scam link promising a bitcoin giveaway.
December 2021. A Bloomberg investigation publicly linked an intrusion into Australia’s telecommunications systems in 2012 to malicious code embedded in a software update from Huawei.
December 2021. Cybersecurity firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks.
Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability.
December 2021. Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.
December 2021. A Russian group took responsivity for a ransomware attack on Australian utility company CS energy. This announcement came after Australian media outlets blamed Chinese government hackers for the attack.
November 2021. A Russian-speaking group targeted the personal information of around 3,500 individuals, including government officials, journalists, and human rights activists. The group obtained access to private email accounts and financial details and operated malware on Android and Windows devices.
November 2021. Hackers gained access to the social security and driver’s license numbers of employees after compromising a U.S. defense contractor.
November 2021. Chinese officials claim a foreign intelligence agency hacked into several airlines in China and stole passenger information. The officials stated the hacks are connected due to the use of a custom trojan in all the attacks.
November 2021. After CISA publicly shared details on a vulnerability, Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability.
November 2021. Hackers gained access to the FBI’s Law Enforcement Enterprise Portal—a system used to communicate to state and local officials—and sent a warning of a cyberattack in an email claiming to be from the Department of Homeland Security (DHS).
October 2021. A Chinese-linked hacking group gained access to calling records and text messages from telecommunication carriers across the globe, according to a report from CrowdStrike. The report outlines the group began its cyberattacks in 2016 and infiltrated at least 13 telecommunications networks.
October 2021. A cyberattack targeted the government-issued electronic cards Iranians use to buy subsidized fuel and altered the text of electronic billboards to display anti-regime messages against Supreme Leader Ayatollah Ali Khamenei.
October 2021. A group with ties to Iran attempted to hack over 250 Office 365 accounts. All the targeted accounts were either U.S. and Israeli defense technology companies, had a focus on Persian Gulf ports of entry, or maritime transportation companies with a presence in the Middle East.
October 2021. Brazilian hackers carried out a cyberattack on the National Malware Center website belonging to Indonesia’s State Cyber and Password Agency. The hackers edited the contents of the webpage and indicated that the cyberattack was retribution for an Indonesian hack on the Brazilian state website.
October 2021. An American company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
September 2021. The EU formally blamed Russia for its involvement in the ‘Ghostwriter’ cybercampaign, which targeted the elections and political systems of several member states. Since 2017, Russian operators hacked the social media accounts of government officials and news websites, with the goal of creating distrust in U.S. and NATO forces.
September 2021. The Lithuanian Defense Ministry found hidden features in popular 5G smartphone models manufactured in China, according to its state-run cybersecurity body. The module embedded in the phones detects and censors 449 keywords or groups of keywords that are counter to the message of the Chinese government.
September 2021. Two hours after the vote opened for Hungary’s opposition primary elections, the polling systems in electoral districts nationwide fell victim to a cyberattack. The actor responsible is still unknown, but the cyberattack led to the government extending voting by two days.
September 2021. The U.S. Department of Justice sentenced Ghaleb Alaumary to more than 11 years in prison for aiding North Korean cyber criminals in money laundering. His assistance included ATM cash-out operations, cyber-enabled bank heists, and business email compromise (BEC) schemes. These attacks targeted banks, professional soccer clubs, and other unnamed companies in the U.S. and U.K.
September 2021. A cyberattack against the United Nations occurred in April 2021, targeting users within the UN network to further long-term intelligence gathering. The hacker was able to access their networks through stolen user credentials purchased on the dark web.
September 2021. The Norwegian Government stated a series of cyberattacks against private and state IT infrastructure came from bad actors sponsored by and operating from China. Their investigation of the hacks claims the actors attempted to capture classified information relating to Norway’s national defense and security intelligence.
September 2021. Researchers and cybersecurity experts revealed a mobile espionage campaign against the Kurdish ethnic group. Hackers targeted individuals on Facebook, persuading them to download apps that contain Android backdoors utilized for espionage.
September 2021. In April 2020, Chinese bots swarmed the networks of the Australian government days after Australia called for an independent international probe into the origins of the coronavirus. These bots looked for potential vulnerabilities on the network to exploit in future cyberattacks.
August 2021. A hacking group targeted a high-profile Iranian prison, uncovering documents, videos, and images that displayed the violent treatment of its prisoners. The group claims to be hacktivists demanding the release of political prisoners.
August 2021. A cyber-espionage group linked to one of Russia’s intelligence forces targeted the Slovak government from February to July 2021 through spear-fishing attempts.
August 2021. Russia targeted and blocked content on the “smart voting” app created by Kremlin critic Alexei Navalny and his allies intended to organize voting against the Kremlin in next month’s parliamentary elections.
August 2021. Hacks initially attributed to Iran in 2019 and 2020 were found to be conducted by Chinese operatives. The cyberattack broke into computers across Israel’s government and tech companies.
August 2021. A cyberattack on the Covid-19 vaccine-scheduling website for the Italian region of Lazio forced the website to temporarily shut down. New vaccination appointments were unable to be scheduled for several days after the attack.
August 2021. Various Chinese cyber-espionage groups are responsible for the hacks of at least five major Southeast Asian telecommunication providers beginning in 2017. The attacks were carried out by three different hacking groups and are seemingly unlinked despite all groups having a connection to Chinese espionage efforts.
July 2021. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. Researchers found a total of 100 victims in Myanmar and 1,400 in the Philippines, including many government entities.
July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack in early 2021 and the compromise of more than 100,000 servers worldwide.
July 2021. Transnet Port Terminals (TPT), South Africa’s state-run ports operator and freight rail monopoly, had its rail services disrupted after a hack by unknown actors. Transnet reportedly declared it an act of “force majeure.”
July 2021. Unknown hackers compromised the two-factor authentication system used by the Indian government three times, obtaining access to the emails of government officials.
July 2021. Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating systems, on devices belonging to activists, politicians, and journalists.
July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States.
July 2021. Iran used Facebook accounts to pose as recruiters, journalists, and NGO affiliates, targeting U.S. military personnel. The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites.
July 2021. The Russian defense ministry claimed it was hit with a DDoS attack that caused its website to shut down, stating the attack came from outside the Russian Federation.
July 2021. Norway attributed a March 2021 cyberattack on parliament’s e-mail system to China.
July 2021. Iran’s transport and urbanization ministry was the victim of a cyber attack that impacted display boards at stations throughout the country. The attack caused delays and cancellations of hundreds of trains across Iran.
July 2021. Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment.
July 2021. The Ukrainian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills.
June 2021. Russia claimed that Vladimir Putin’s annual phone-in session was targeted by DDoS attacks.
June 2021. A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. Hackers posed as the Office of the President of Afghanistan and targeted the Afghan National Security Council.
June 2021. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists. The campaign aimed to advance political unrest and distrust in Israel.
June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.
June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government.
June 2021. The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services.
June 2021. A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists.
June 2021. Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil.
June 2021. A spreadsheet was leaked containing classified personal details of the 1,182 United Kingdom Special Forces soldiers on WhatsApp.
June 2021. A ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents.
June 2021. Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.
May 2021. LineStar Integrity Services, a pipeline-focused business, was hit by a ransomware attack at the same time as the Colonial Pipeline, with 70 gigabytes of its internal files being stolen.
May 2021. A North Korean cyberattack on South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) occurred through a vulnerability in a vendor’s VPN.
May 2021. The world’s largest meat processing company, Brazilian-based JBS, was the victim of a ransomware attack. The attack shut down facilities in the United States, Canada and Australia. The attack was attributed to the Russian-speaking cybercrime group, REvil.
May 2021. On May 24th, hackers gained access to Fujitsu’s systems and stole files belonging to multiple Japanese government entities. So far four government agencies have been impacted.
May 2021. Cybersecurity researchers identified a North Korean hacking group to be responsible for a cyber espionage campaign, targeting high-profile South Korean government officials, utilizing a phishing methodology. The group’s targets were based in South Korea and included: the Korea Internet and Security Agency (KISA), the ROK Ministry of Foreign Affairs, the Ambassador of the Embassy of Sri Lanka to the State (in ROK), the International Atomic Energy Agency Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities.
May 2021. On May 14, Ireland’s national health service, the Health Service Executive (HSE), was the victim of a ransomware attack. Upon discovering the attack, government authorities shut down the HSE system. The attackers utilized the Conti ransomware-as-a-service (RaaS), which is reported to be operated by a Russia-based cybercrime group.
May 2021. The FBI and the Australian Cyber Security Centre warned of an ongoing Avaddon ransomware campaign targeting multiple sectors in various countries. The reported targeted countries are Australia, Belgium, Brazil, Canada, China, Costa Rica, the Czech Republic, France, Germany, India, Indonesia, Italy, Jordan, Peru, Poland, Portugal, Spain, UAE, the UK, and the US. The targeted industries include academia, airlines, construction, energy, equipment, financial, freight, government, health, it, law enforcement, manufacturing, marketing, retail, and pharmaceutical.
May 2021. On May 6, the Colonial Pipeline, the largest fuel pipeline in the United States, was the target of a ransomware attack. The energy company shut down the pipeline and later paid a $5 million ransom. The attack is attributed to DarkSide, a Russian-speaking hacking group.
May 2021. On May 4th and 5th, the Norwegian energy technology company Volue was the victim of a ransomware attack. The attack resulted in the shutdown of water and water treatment facilities in 200 municipalities, affecting approximately 85% of the Norwegian population.
May 2021. A large DDoS attack disabled the ISP used by Belgium’s government, impacting more than 200 organizations and causing the cancellation of multiple Parliamentary meetings
May 2021. A Chinese hacking group compromised a Russian defense contractor involved in designing nuclear submarines for the Russian navy.
April 2021. A hacking group compromised the social media accounts of Polish officials and used them to disseminate narratives critical of NATO. German authorities have reported that the same group has also attempted to compromise members of the Bundestag and state parliament.
April 2021. Hackers linked to the Chinese military conducted an espionage campaign targeting military and government organizations in Southeast Asia beginning in 2019
April 2021. Malware triggered an outage for airline reservation systems that caused the networks of 20 low-cost airlines around the world to crash.
April 2021. Russian hackers targeted Ukrainian government officials with spearphishing attempts as tensions between the two nations rose in early 2021.
April 2021. Hackers linked to Palestinian intelligence conducted a cyber espionage campaign compromising approximately 800 Palestinian reporters, activists, and dissidents both in Palestine and more broadly across the Middle East.
April 2021. Two state-backed hacking groups—one of which works on behalf of the Chinese government—exploited vulnerabilities in a VPN service to target organizations across the U.S. and Europe with a particular focus on U.S. defense contractors.
April 2021. MI5 warned that over 10,000 UK professionals shave been targeted by hostile states over the past five years as part of spearphishing and social engineering campaigns on LinkedIn.
April 2021. Swedish officials disclosed that the Swedish Sports Confederation was hacked by Russian military intelligence in late 2017 and early 2018 in response to accusations of Russian government-sponsored doping of Russian athletes.
April 2021. French security researchers found that the number of attacks hitting critical French businesses increased fourfold in 2020 during the COVID-19 pandemic.
April 2021. The European Commission announced that the EC and multiple other EU organizations were hit by a major cyberattack by unknown hackers.
April 2021. Chinese hackers launched a months-long cyber espionage campaign during the second half of 2020 targeting government agencies in Vietnam with the intent of gathering political intelligence
March 2021. The North Korean hacking group responsible for a set of attacks on cybersecurity researchers in January 2021 launched a new campaign targeting infosec professionals using fake social media profiles and a fake website for a non-existent security service company target.
March 2021. Suspected Iranian hackers targeted medical researchers in Israel and the U.S. to steal the credentials of geneticists, neurologists, and oncologists in the two countries.
March 2021. Suspected Russian hackers stole thousands of emails after breaching the email server of the U.S. State Department.
March 2021. Suspected state hackers targeted the Australian media company Nine Entertainment with a ransomware variant, disrupting live broadcasts and print production systems.
March 2021. Suspected Russian hackers attempted to gain access to the personal email accounts of German parliamentarians in the run-up to Germany’s national elections.
March 2021. U.S. Cyber Command confirmed that it assisted Columbia in responding to election interference and influence operations.
March 2021. The head of U.S. Cyber Command testified that the organization had conducted more than two dozen operations to confront foreign threats ahead of the 2020 U.S. elections, including eleven forward-hunt operations in nine different countries.
March 2021. A group of Chinese hackers used Facebook to send malicious links to Uyghur activists, journalists, and dissidents located abroad.
March 2021. The Indian Computer Emergency Response Team found evidence of Chinese hackers conducting a cyber espionage campaign against the Indian transportation sector.
March 2021. Polish security services announced that suspected Russian hackers briefly took over the websites of Poland’s National Atomic Energy Agency and Health Ministry to spread false alerts of a nonexistent radioactive threat.
March 2021. Both Russian and Chinese intelligence services targeted the European Medicines Agency in 2020 in unrelated campaigns, stealing documents relating to COVID-19 vaccines and medicines.
March 2021. Lithuania’s State Security Department declared that Russian hackers had targeted top Lithuanian officials in 2020 and used the country’s IT infrastructure to carry out attacks against organizations involved in developing a COVID-19 vaccine.
March 2021. Suspected Iranian hackers targeted government agencies, academia, and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia, and the UAE as part of a cyber espionage campaign.
March 2021. Suspected Chinese hackers targeted electricity grid operators in India in an apparent attempt to lay the groundwork for possible future attacks.
February 2021. North Korean hackers targeted defense firms in more than a dozen countries in an espionage campaign starting in early 2020.
February 2021. Hackers associated with the Chinese military conducted a surveillance campaign against Tibetans both in China and abroad.
February 2021. Russian hackers compromised a Ukrainian government file-sharing system and attempted to disseminate malicious documents that would install malware on computers that downloaded the planted files.
February 2021. Ukrainian officials reported that a multi-day distributed denial-of-service attack against the website of the Security Service of Ukraine was part of Russia’s hybrid warfare operations in the country.
February 2021. The US Department of Justice indicted three North Korean hackers for conspiring to steal and extort more than $1.3 billion in cash and cryptocurrencies.
February 2021. Iranian hackers took control of a server in Amsterdam and used it as a command and control center for attacks against political opponents in the Netherlands, Germany, Sweden, and India.
February 2021. North Korean hackers attempted to break into the computer systems of pharmaceutical company Pfizer to gain information about vaccines and treatments for COVID-19.
February 2021. Suspected Iranian hackers targeted government agencies in the UAE as part of a cyber espionage campaign related to the normalization of relations with Israel.
February 2021. The French national cybersecurity agency announced that a four-year campaign against French IT providers was the work of a Russian hacking group.
February 2021. Suspected Indian hackers targeted over 150 individuals in Pakistan, Kazakhstan, and India using mobile malware, including those with links to the Pakistan Atomic Energy Commission, the Pakistan Air Force, and election officials in Kashmir.
February 2021. Ten members of a cybercriminal gang were arrested after a campaign where they tricked telecom companies into assigning celebrities’ phone numbers to new devices, stealing more than $100 million worth of cryptocurrencies.
February 2021. Unknown hackers attempted to raise levels of sodium hydroxide in the water supply of Oldsmar, Florida by a factor of 100 by exploiting a remote access system.
February 2021. Two Iranian hacking groups conducted espionage campaigns against Iranian dissidents in sixteen countries in the Middle East, Europe, South Asia, and North America.
January 2021. North Korean government hackers engaged in a sophisticated social engineering
campaign against cybersecurity researchers that used multiple fake Twitter accounts and a fake blog to drive targets to infected sites or induce them to open infected attachments in emails asking the target to collaborate on a research project.
January 2021. Suspected Indian hackers active since 2012 were attacked businesses and governments across South and East Asia, with a particular emphasis on military and government organizations in Pakistan, China, Nepal, and Afghanistan, and businesses involved in defense technology, scientific research, finance, energy, and mining.
January 2021. Hackers linked to the Chinese government were responsible for ransomware attacks against five major gaming and gambling countries, demanding over $100 million in ransom.
Cyber Attacks – Year 2020
December 2020. Iranian state hackers used a Christmas theme for a spearphishing campaign targeting think tanks, research organizations, academics, journalists, and activists in the Persian Gulf, EU, and the US.
December 2020. Chinese hackers targeted the Finnish parliament, breaching the email accounts of parliament members and other employees.
December 2020. African Union staff found that Chinese hackers had been siphoning off security footage from cameras installed in the AU headquarters.
December 2020. One Saudi hacking group, One UAE hacking group, and two unknown government-sponsored hacking groups used spyware purchased from the Israeli vendor NSO Group to hack 36 phones belonging to Al Jazeera employees.
December 2020. Facebook found that two groups of Russians and one group of individuals affiliated with the French military were using fake Facebook accounts to conduct dueling political information operations in Africa.
December 2020. Unknown state-sponsored hackers took advantage of territorial disputes between China, India, Nepal, and Pakistan to target government and military organizations across South Asia, including the Nepali Army and Ministries of Defense and Foreign Affairs, the Sri Lankan Ministry of Defense, and the Afghan National security Council and Presidential Palace.
December 2020. Facebook announced that its users had been targeted by two hacking campaigns, one originating from state-sponsored Vietnamese hackers focused on spreading malware, and the other from two non-profit groups in Bangladesh focused on compromising accounts and coordinating the reporting of accounts and pages for removal.
December 2020. A criminal group targeted the Israeli insurance company Shirbit with ransomware, demanding almost $1 million in bitcoin. The hackers published some sensitive personal information after making their demands and threatened to reveal more if they did not receive payment.
December 2020. CISA and the FBI announced that U.S. think tanks focusing on national security and international affairs were being targeted by state-sponsored hacking groups.
December 2020. Suspected state-sponsored hackers from an unknown country conducted a spear phishing campaign against organizations in six countries involved in providing special temperature-controlled environments to support the COVID-19 supply chain.
November 2020. A Mexican facility owned by Foxconn was hit by a ransomware attack that the hackers claim resulted in 1,200 servers being encrypted, 20-30 TB of backups being deleted, and 100 GB of encrypted files being stolen.
November 2020. North Korean hackers targeted COVID-19 vaccine developer AstraZeneca by posing as recruiters and sending the company’s employees fake job offers that included malware.
November 2020. Chinese hackers targeted Japanese organizations in multiple industry sectors located in multiple regions around the globe, including North America, Europe, Asia, and the Middle East.
November 2020. Suspected Chinese government hackers conducted a cyber espionage campaign from 2018 to 2020 targeting government organizations in Southeast Asia.
November 2020. A North Korean hacking group engaged in software supply chain attacks against South Korean internet users by compromising legitimate South Korean security software.
November 2020. One Russian and two North Korean hacking groups launched attacks against seven companies involved in COVID-19 vaccine research.
November 2020. A group of hackers for hire launched attacks against a group of targets in South Asia, and particularly India, Bangladesh, and Singapore. These attacks included the use of a custom backdoor and credential theft.
November 2020. A group of Vietnamese hackers created and maintained a number of fake websites devoted to news and activism in Southeast Asia that were used to profile users, redirect them to phishing pages, and distribute malware.
November 2020. U.S. Cyber Command and the NSA conducted offensive cyber operations against Iran to prevent interference in the upcoming U.S. elections.
November 2020. Hamas used a secret headquarters in Turkey to carry out cyberattacks and counter-intelligence operations.
October 2020. The U.S. government announces that Iranian hackers targeted state election websites in order to download voter registration information and conduct a voter intimidation campaign
October 2020. A spokesperson for China’s Foreign Ministry responded to accusations that Chinese state-sponsored hackers were targeting the U.S. defense industrial base by declaring that the United States was an “empire of hacking,” citing 2013 leaks about the NSA’s Prism program.
October 2020. India’s National Cyber Security Coordinator announced that cyber crimes in India cost almost $17 billion in 2019.
October 2020. A Russian cyber espionage group hacked into an unidentified European government organization
October 2020. Iranian hackers targeted attendees of the Munich Security Conference in order to gather intelligence on foreign policy from the compromised individuals
October 2020. Greek hackers defaced the website of the Turkish Parliament and 150 Azerbaijani government websites in support of Armenia.
October 2020. The FBI, CISA and U.S. Cyber Command announced that a North Korean hacking group had been conducting a cyber espionage campaign against individual experts, think tanks, and government entities in South Korea, Japan, and the United States with the purpose of collecting intelligence on national security issues related to the Korean peninsula, sanctions, and nuclear policy
October 2020. A North Korean hacker group carried out attacks against aerospace and defense companies in Russia.
October 2020. An Iranian hacking group conducted a phishing campaign against universities in Australia, Canada, the UK, the U.S., the Netherlands, Singapore, Denmark, and Sweden.
October 2020. Suspected Iranian hackers targeted government agencies and telecommunications operators in Iraq, Kuwait, Turkey, and the UAE as part of a cyber espionage campaign
October 2020. The NSA warned that Chinese government hackers were targeting the U.S. defense industrial base as part of a wide-ranging espionage campaign
October 2020. The UK’s National Cyber Security Centre found evidence that Russian military intelligence hackers had been planning a disruptive cyber attack on the later-postponed 2020 Tokyo Olympics.
October 2020. The U.S. indicted six Russian GRU officers for their involvement in hacking incidents including the 2015 and 2016 attacks on Ukrainian critical infrastructure, the 2017 NotPetya ransomware outbreak, election interference in the 2017 French elections, and others.
October 2020. Iran announced that the country’s Ports and Maritime Organization and one other unspecified government agency had come under a cyberattack.
October 2020. Microsoft and U.S. Cyber Command both independently undertook operations to take down a Russian botnet ahead of the U.S. election.
October 2020. U.S. government officials revealed that suspected Chinese hackers were behind a series of attacks on entities in Russia, India, Ukraine, Kazakhstan, Kyrgyzstan, and Malaysia
October 2020. A Chinese group targeted diplomatic entities and NGOs in Africa, Asia, and Europe using advanced malware adapted from code leaked by the Italian hacking tool vendor HackingTeam
October 2020. Iranian hackers exploited a serious Windows vulnerability to target Middle Eastern network technology providers and organizations involved in working with refugees.
October 2020. A cyber mercenary group targeted government officials and private organizations in South Asia and the Middle East using a combination of methods including zero-day exploits.
October 2020. In the midst of an escalating conflict between Armenia and Azerbaijan over the territory of Nagorno-Karabakh, an unknown intelligence service conducted a cyber espionage campaign targeting Azerbaijani government institutions.
October 2020. A previously unknown cyber-espionage group was found to have been stealing documents from government agencies and corporations in Eastern Europe and the Balkans since 2011.
October 2020. The UN shipping agency the International Maritime Organization (IMO) reported that its website and networks had been disrupted by a sophisticated cyber-attack.
October 2020. North Korean hackers targeted a ministry of health and a pharmaceutical company involved in COVID-19 research and response.
September 2020. American healthcare firm Universal Health Systems sustained a ransomware attack that caused affected hospitals to revert to manual backups, divert ambulances, and reschedule surgeries
September 2020. French shipping company CMA CGM SA saw two of its subsidiaries in Asia hit with a ransomware attack that caused significant disruptions to IT networks, though did not affect the moving of cargo
September 2020. Russian hackers targeted government agencies in NATO member countries, and nations that cooperate with NATO. The campaign uses NATO training material as bait for a phishing scheme that infects target computers with malware that creates a persistent backdoor.
September 2020. Chinese hackers stole information related to Covid-19 vaccine development from Spanish research centers
September 2020. Iranian hackers targeted Iranian minorities, anti-regime organizations, and resistance members using a combination of malware including an Android backdoor designed to steal two-factor authentication codes from text messages.
September 2020. Three hackers operating at the direction of Iran’s Islamic Revolutionary Guard Corps were indicted by the United States for attacks against workers at aerospace and satellite technology companies, as well as international government organizations.
September 2020. A ransomware attack on a German hospital may have led to the death of a patient who had to be redirected to a more distant hospital for treatment.
September 2020. The U.S. Department of Justice indicted five Chinese hackers with ties to Chinese intelligence services for attacks on more than 100 organizations across government, IT, social media, academia, and more
September 2020. The FBI and CISA announced that Iranian hackers had been exploiting publicly known vulnerabilities to target U.S. organizations in the IT, government, healthcare, finance, and media sectors.
September 2020. CISA revealed that hackers associated with the Chinese Ministry of State Security had been scanning U.S. government and private networks for over a year in search of networking devices that could be compromised using exploits for recently discovered vulnerabilities
September 2020. One government organization in the Middle East and one in North Africa were targeted with possible wiper malware that leveraged a ransomware-as-a-service offering that has recently become popular on cybercrime markets
September 2020. Georgian officials announce that COVID-19 research files at a biomedical research facility in Tbilisi were targeted as part of a cyberespionage campaign
September 2020. Norway announced it had defended against two sets of cyber attacks that targeted the emails of several members and employees of the Norwegian parliament as well as public employees in the Hedmark region. It later blamed Russia for the attack.
August 2020. A North Korean hacking group targeted 28 UN officials in a spear-phishing campaign, including at least 11 individuals representing six members of the UN Security Council.
August 2020. Hackers for hire suspected of operating on behalf of the Iranian government were found to have been working to gain access to sensitive information held by North American and Israeli entities across a range of sectors, including technology, government, defense, and healthcare.
August 2020. New Zealand’s stock exchange faced several days of disruptions after a severe distributed denial of service attack was launched by unknown actors
August 2020. U.S. officials announced that North Korean government hackers had been operating a campaign focused on stealing money from ATMs around the world.
August 2020. Suspected Pakistani hackers used custom malware to steal files from victims in twenty-seven countries, most prominently in India and Afghanistan.
August 2020. Ukrainian officials announced that a Russian hacking group had begun to conduct a phishing campaign in preparation for operations on Ukraine’s independence day
August 2020. A Chinese cyber espionage group targeted military and financial organizations across Eastern Europe.
August 2020. The Israeli defense ministry announced that it had successfully defended against a cyberattack on Israeli defense manufacturers launched by a suspected North Korean hacking group.
August 2020. An Iranian hacking group was found to be targeting major U.S. companies and government agencies by exploiting recently disclosed vulnerabilities in high-end network equipment to create backdoors for other groups to use
August 2020. Pakistan announced that hackers associated with Indian intelligence agencies had targeted the mobile phones of Pakistani government officials and military personnel
August 2020. Seven semiconductor vendors in Taiwan were the victim of a two-year espionage campaign by suspected Chinese state hackers targeting firms’ source code, software development kits, and chip designs.
August 2020. Russian hackers compromised news sites and replaced legitimate articles with falsified posts that used fabricated quotes from military and political officials to discredit NATO among Polish, Lithuanian, and Latvian audiences.
July 2020. Israel announced that two cyber attacks had been carried out against Israeli water infrastructure, though neither was successful.
July 2020. Chinese state-sponsored hackers broke into the networks of the Vatican to conduct espionage in the lead-up to negotiations about control over the appointment of bishops and the status of churches in China.
July 2020. Canada, the UK, and the U.S. announced that hackers associated with Russian intelligence had attempted to steal information related to COVID-19 vaccine development
July 2020. The UK announced that it believed Russia had attempted to interfere in its 2019 general election by stealing and leaking documents related to the UK-US Free Trade Agreement
July 2020. Media reports say a 2018 Presidential finding authorized the CIA to conduct cyber operations against Iran, North Korea, Russia, and China. The operations included disruption and public leaking of information.
July 2020. President Trump confirmed that he directly authorized a 2019 operation by US Cyber Command to take the Russian Internet Research Agency offline.
June 2020. Uyghur and Tibetan mobile users were targeted by a mobile malware campaign originating in China that had been ongoing since 2013
June 2020. A hacking group affiliated with an unknown government was found to have targeted a range of Kurdish individuals in Turkey and Syria at the same time as Turkey launched its offensive into northeastern Syria.
June 2020. The most popular of the tax reporting software platforms China requires foreign companies to download to operate in the country was discovered to contain a backdoor that could allow malicious actors to conduct network reconnaissance or attempt to take remote control of company systems
June 2020. Nine human rights activists in India were targeted as part of a coordinated spyware campaign that attempted to use malware to log their keystrokes, record audio, and steal credentials
June 2020. A Moroccan journalist was targeted by unknown actors who sent him phishing messages that could have been used to download spyware developed by the Israeli NSO group
June 2020. The Australian Prime Minister announced that an unnamed state actor had been targeting businesses and government agencies in Australia as part of a large-scale cyber attack.
June 2020. In the midst of escalating tensions between China and India over a border dispute in the Galwan Valley, Indian government agencies and banks reported being targeted by DDoS attacks reportedly originating in China
June 2020. Suspected North Korean hackers compromised at least two defense firms in Central Europe by sending false job offers to their employees while posing as representatives from major U.S. defense contractors
May 2020. Businesses in Japan, Italy, Germany, and the UK that supply equipment and software to industrial firms were attacked in a targeted and highly sophisticated campaign by an unknown group of hackers
May 2020. The NSA announced that Russian hackers associated with the GRU had been exploiting a bug that could allow them to take remote control of U.S. servers
May 2020. German officials found that a Russian hacking group associated with the FSB had compromised the networks of energy, water, and power companies in Germany by compromising the firms’ suppliers.
May 2020. Cyber-criminals managed to steal $10 million from Norway’s state investment fund in a business email compromise scam that tricked an employee into transferring money into an account controlled by the hackers
May 2020. Iranian hackers conducted a cyber espionage campaign targeting air transportation and government actors in Kuwait and Saudi Arabia.
May 2020. Chinese hackers accessed the travel records of nine million customers of UK airline group EasyJet
May 2020. Two days before Taiwanese President Tsai Ing-wen was sworn in for her second term in office, the president’s office was hacked, and files were leaked to local media outlets purporting to show infighting within the administration. The president’s office claimed the leaked documents had been doctored.
May 2020. U.S. officials accused hackers linked to the Chinese government of attempting to steal U.S. research into a coronavirus vaccine
May 2020. Suspected Chinese hackers conducted a phishing campaign to compromise Vietnamese government officials involved in ongoing territorial disputes with China in the South China Sea.
May 2020. Suspected Iranian hackers compromised the IT systems of at least three telecom companies in Pakistan, and used their access to monitor targets in the country.
May 2020. Japan’s Defense Ministry announced it was investigating a large-scale cyber attack against Mitsubishi Electric that could have compromised details of new state-of-the-art missile designs.
May 2020. Israeli hackers disrupted operations at an Iranian port for several days, causing massive backups and delays. Officials characterized the attack as a retaliation against a failed Iranian hack in April targeting the command and control systems of Israeli water distribution systems.
May 2020. A suspected PLA hacking group targeted government-owned companies, foreign affairs ministries, and science and technology ministries across Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei.
May 2020. Operations at two Taiwanese petrochemical companies were disrupted by malware attacks. Taiwanese officials speculated that the attacks could have been linked to the upcoming inauguration of Taiwanese President Tsai Ing-wen’s second term.
April 2020. Poland suggested the Russian government was behind a series of cyber attacks on Poland’s War Studies University meant to advance a disinformation campaign undermining U.S.-Polish relations.
April 2020. Suspected Iranian hackers unsuccessfully targeted the command and control systems of water treatment plants, pumping stations, and sewage in Israel.
April 2020. U.S. officials reported seeing a surge of attacks by Chinese hackers against
healthcare providers, pharmaceutical manufacturers, and the U.S. Department of Health and Human Services amidst the COVID-19 pandemic.
April 2020. Suspected Vietnamese hackers targeted the Wuhan government and the Chinese Ministry of Emergency Management to collect information related to China’s COVID-19 response.
April 2020. Government and energy sector entities in Azerbaijan were targeted by an unknown group focused on the SCADA systems of wind turbines
April 2020. A Russian hacking group used forged diplomatic cables and planted articles on social media to undermine the governments of Estonia and the Republic of Georgia
April 2020. Suspected state-sponsored hackers targeted Chinese government agencies and Chinese diplomatic missions abroad by exploiting a zero-day vulnerability in virtual private networks servers
April 2020. Iranian government-backed hackers attempted to break into the accounts of WHO staffers in the midst of the Covid-19 pandemic
March 2020. North Korean hackers targeted individuals involved with North Korean refugees issues as part of a cyber espionage campaign
March 2020. Suspected South Korean hackers were found to have used five previously unreported software vulnerabilities to conduct a wide-ranging espionage campaign against North Korean targets
March 2020. Saudi mobile operators exploited a flaw in global telecommunications infrastructure to track the location of Saudis traveling abroad
March 2020. Chinese hackers targeted over 75 organizations around the world in the manufacturing, media, healthcare, and nonprofit sectors as part of a broad-ranging cyber espionage campaign
March 2020. A suspected nation-state hacking group was discovered to be targeting industrial sector companies in Iran
March 2020. Human rights activists and journalists in Uzbekistan were targeted by suspected state security hackers in a spearphishing campaign intended to install spyware on their devices
March 2020. Chinese cybersecurity firm Qihoo 360 accused the CIA of being involved in an 11- year long hacking campaign against Chinese industry targets, scientific research organizations, and government agencies
February 2020. The U.S. Department of Justice indicted two Chinese nationals for laundering cryptocurrency for North Korean hackers
February 2020. A hacking group of unknown origin was found to be targeting government and diplomatic targets across Southeast Asia as part of a phishing campaign utilizing custom malware
February 2020. Iran announced that it has defended against a DDoS against its communications infrastructure that caused internet outages across the country
January 2020. An Iranian hacking group launched an attack on the U.S.-based research company Wesat as part of a suspected effort to gain access to the firm’s clients in the public and private sectors
January 2020. The UN was revealed to have covered up a hack into its IT systems in Europe conducted by an unknown but sophisticated hacking group.
January 2020. Turkish government hackers targeted at least 30 organizations across Europe and the Middle East, including government ministries, embassies, security services, and companies.
January 2020. The FBI announced that nation-state hackers had breached the networks of two U.S. municipalities in 2019, exfiltrating user information and establishing backdoor access for future compromise
January 2020. A Russian hacking group infiltrated a Ukrainian energy company where Hunter Biden was previously a board member, and which has featured prominently in the U.S. impeachment debate.
January 2020. More than two dozen Pakistani government officials had their mobile phones infected with spyware developed by the Israeli NSO Group
January 2020. A suspected nation-state targeted the Austrian foreign ministry as part of a cyber attack lasting several weeks.
Cyber Attacks – Year 2019
December 2019. Iranian wiper malware was deployed against the network of Bapco, the national oil company of Bahrain.
December 2019. Microsoft won a legal battle to take control of 50 web domains used by a North Korean hacking group to target government employees, think tank experts, university staff, and others involved in nuclear proliferation issues
December 2019. An alleged Chinese state-sponsored hacking group attacked government entities and managed service providers by bypassing the two-factor authentication used by their targets
December 2019. Chinese hackers used custom malware to target a Cambodian government organization
December 2019. Unknown hackers stole login credentials from government agencies in 22 nations across North America, Europe, and Asia
December 2019. Iran announced that it had foiled a major cyber attack by a foreign government targeting the country’s e-government infrastructure
December 2019. A suspected Vietnamese state-sponsored hacking group attacked BMW and Hyundai networks
December 2019. Russian government hackers targeted Ukrainian diplomats, government officials, military officers, law enforcement, journalists, and nongovernmental organizations in a spear phishing campaign
November 2019. A Russian-speaking hacking group targeted a wide range of Kazakh individuals and organizations including government agencies, military personnel, foreign diplomats, journalists, dissidents, and others through a combination of spear phishing and physical device compromise.
November 2019. Microsoft security researchers found that in the last year, an Iranian hacker group carried out “password-spraying attacks” on thousands of organizations, but since October, have focused on the employees of dozens of manufacturers, suppliers, or maintainers of industrial control system equipment and software.
November 2019. An alleged non-state actor targeted the UK Labour party with a major DDoS attack that temporarily took the party’s computer systems offline.
October 2019. An Israeli cybersecurity firm was found to have sold spyware used to target senior government and military officials in at least 20 countries by exploiting a vulnerability in WhatsApp.
October 2019. Suspected North Korean hackers attempted to steal credentials from individuals working on North Korea-related issues at the UN and other NGOs.
October 2019. The NSA and GCHQ found that a Russian cyberespionage campaign had used an Iranian hacking group’s tools and infrastructure to spy on Middle Eastern targets.
October 2019. Russian hackers engaged in a campaign since 2013 targeting embassies and foreign affairs ministries in several European countries.
October 2019. Chinese hackers engaged in a multi-year campaign between 2010 and 2015 to acquire intellectual property from foreign companies to support the development of the Chinese C919 airliner.
October 2019. The Moroccan government targeted two human rights activists using spyware purchased from Israel.
October 2019. A state-sponsored hacking group targeted diplomats and high-profile Russian-speaking users in Eastern Europe.
October 2019. Chinese hackers targeted entities in Germany, Mongolia, Myanmar, Pakistan, and Vietnam, individuals involved in UN Security Council resolutions regarding ISIS, and members of religious groups and cultural exchange nonprofits in Asia.
October 2019. Iranian hackers conducted a series of attacks against the Trump campaign, as well as current and former U.S. government officials, journalists, and Iranians living abroad.
October 2019. State-sponsored Chinese hackers were revealed to have conducted at least six espionage campaigns since 2013 against targets in Myanmar, Taiwan, Vietnam, Indonesia, Mongolia, Tibet, and Xinjiang.
October 2019. The Egyptian government conducted a series of cyberattacks against journalists, academics, lawyers, human rights activists, and opposition politicians.
October 2019. Chinese hackers were found to have targeted government agencies, embassies, and other government-related embassies across Southeast Asia in the first half of 2019.
September 2019. The United States carried out cyber operations against Iran in retaliation for Iran’s attacks on Saudi Arabia’s oil facilities. The operation affected physical hardware and had the goal of disrupting Iran’s ability to spread propaganda.
September 2019. Airbus revealed that hackers targeting commercial secrets engaged in a series of supply chain attacks targeting four of the company’s subcontractors.
September 2019. A Chinese state-sponsored hacking group responsible for attacks against three U.S. utility companies in July 2019 was found to have subsequently targeted seventeen others.
September 2019. Hackers with ties to the Russian government conducted a phishing campaign against the embassies and foreign affairs ministries of countries across Eastern Europe and Central Asia.
September 2019. Alleged Chinese hackers used mobile malware to target senior Tibetan lawmakers and individuals with ties to the Dalai Lama.
September 2019. North Korean hackers were revealed to have conducted a phishing campaign over the summer of 2019 that targeted U.S. entities researching the North Korean nuclear program and economic sanctions against North Korea.
September 2019. Iranian hackers targeted more than 60 universities in the U.S., Australia, UK, Canada, Hong Kong, and Switzerland in an attempt to steal intellectual property.
September 2019. Huawei accused the U.S. government of hacking into its intranet and internal information systems to disrupt its business operations.
August 2019. China used compromised websites to distribute malware to Uyghur populations using previously undisclosed exploits for Apple, Google, and Windows phones.
August 2019. Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer institutes to take information relating to cutting-edge cancer research.
August 2019. North Korean hackers conducted a phishing campaign against foreign affairs officials in at least three countries, with a focus on those studying North Korean nuclear efforts and related international sanctions.
August 2019. Huawei technicians helped government officials in two African countries track political rivals and access encrypted communications.
August 2019. The Czech Republic announced that the country’s Foreign Ministry had been the victim of a cyberattack by an unspecified foreign state, later identified as Russia
August 2019. A suspected Indian cyber espionage group conducted a phishing campaign targeting Chinese government agencies and state-owned enterprises for information related to economic trade, defense issues, and foreign relations.
August 2019. Networks at several Bahraini government agencies and critical infrastructure providers were infiltrated by hackers linked to Iran
August 2019. Russian hackers were observed using vulnerable IoT devices like a printer, VOIP phones, and video decoders to break into high-value corporate networks
August 2019. A seven-year campaign by an unidentified Spanish-language espionage group was revealed to have resulted in the theft of sensitive mapping files from senior officials in the Venezuelan Army
July 2019. State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major U.S. utility companies
July 2019. Encrypted email service provider ProtonMail was hacked by a state-sponsored group looking to gain access to accounts held by reporters and former intelligence officials conducting investigations of Russian intelligence activities.
July 2019. Several major German industrial firms including BASF, Siemens, and Henkel announced that they had been the victim of a state-sponsored hacking campaign reported being linked to the Chinese government
July 2019. A Chinese hacking group was discovered to have targeted government agencies across East Asia involved in information technology, foreign affairs, and economic development.
July 2019. The U.S. Coast Guard issued a warning after it received a report that a merchant’s vessel had its networks disrupted by malware while traveling through international waters
July 2019. An Iranian hacking group targeted LinkedIn users associated with financial, energy, and government entities operating in the Middle East
July 2019. Microsoft revealed that it had detected almost 800 cyberattacks over the past year targeting think tanks, NGOs, and other political organizations around the world, with the majority of attacks originating in Iran, North Korea, and Russia.
July 2019. Libya arrested two men who were accused of working with a Russian troll farm to influence the elections in several African countries.
July 2019. Croatian government agencies were targeted in a series of attacks by unidentified state-sponsored hackers
July 2019. U.S. Cybercommand issued an alert warning that government networks were being targeted with malware associated with a known Iran-linked hacking group
June 2019. Western intelligence services were alleged to have hacked into Russian internet search company Yandex in late 2018 to spy on user accounts
June 2019. Over the course of seven years, a Chinese espionage group hacked into ten international cellphone providers operating across thirty countries to track dissidents, officials, and suspected spies.
June 2019. The U.S. announced it had launched offensive cyber operations against Iranian computer systems used to control missile and rocket launches.
June 2019. Iran announced that it had exposed and helped dismantle an alleged CIA-backed cyber espionage network across multiple countries
June 2019. U.S. officials reveal ongoing efforts to deploy hacking tools against Russian grid systems as a deterrent and warning to Russia
June 2019. U.S. grid regulator NERC issued a warning that a major hacking group with suspected Russian ties was conducting reconnaissance into the networks of electrical utilities.
June 2019. China conducted a denial-of-service attack on the encrypted messaging service Telegram in order to disrupt communications among Hong Kong protestors
June 2019. A suspected Iranian group was found to have hacked into telecommunications services in Iraq, Pakistan, and Tajikistan
May 2019. Government organizations in two different Middle Eastern countries were targeted by Chinese state-sponsored hackers.
May 2019. A Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines.
May 2019. Iran developed a network of websites and accounts that were being used to spread false information about the U.S., Israel, and Saudi Arabia.
May 2019. The Israeli Defense Forces launched an airstrike on Hamas after they unsuccessfully attempted to hack Israeli targets.
May 2019. Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.
April 2019. Amnesty International’s Hong Kong office announced it had been the victim of an attack by Chinese hackers who accessed the personal information of the office’s supporters.
April 2019. Ukrainian military and government organizations had been targeted as part of a campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared independence from Ukraine in 2014.
April 2019. Chinese hackers stole General Electric’s trade secrets concerning jet engine turbine technologies.
April 2019. Hackers used spoofed email addresses to conduct a disinformation campaign in Lithuania to discredit the Defense Minister by spreading rumors of corruption.
April 2019. The Finnish police probed a denial-of-service attack against the web service used to publish the vote tallies from Finland’s elections.
April 2019. Iranian hackers reportedly undertook a hacking campaign against banks, local government networks, and other public agencies in the UK.
April 2019. Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.
March 2019. Chinese hackers targeted Israeli defense firms that had connections to the U.S. military
March 2019. The U.S. Department of Energy reported that grid operators in Los Angeles County, California and Salt Lake County, Utah, suffered a DDoS attack that disrupted their operations but did not cause any outages
March 2019. The Australian Signals Directorate revealed that it had conducted cyber attacks against ISIS targets in the Middle East to disrupt their communications in coordination with coalition forces.
March 2019. An Iranian cyber espionage group targeted government and industry digital infrastructure in Saudi Arabia and the U.S.
March 2019. State-supported Vietnamese hackers targeted foreign automotive companies to acquire IP.
March 2019. Iran’s intelligence service hacked into former IDF Chief and Israeli opposition leader Benny Gantz’s cellphone ahead of Israel’s April elections.
March 2019. North Korean hackers targeted an Israeli security firm as part of an industrial espionage campaign.
March 2019. Russian hackers targeted a number of European government agencies ahead of EU elections in May.
March 2019. Civil liberties organizations claimed that government-backed hackers targeted Egyptian human rights activists, media, and civil society organizations throughout 2019.
March 2019. The UN Security Council reported that North Korea has used state-sponsored hacking to evade international sanctions, stealing $670 million in foreign currency and cryptocurrency between 2015 and 2018.
March 2019. Following an attack on Indian military forces in Kashmir, Pakistani hackers targeted almost 100 Indian government websites and critical systems. Indian officials reported that they engaged in offensive cyber measures to counter the attacks.
March 2019. U.S. officials reported that at least 27 universities in the U.S. had been targeted by Chinese hackers as part of a campaign to steal research on naval technologies.
February 2019. The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.
February 2019. Prior to the Vietnam summit of Kim Jong Un and Donald Trump, North Korean hackers were found to have targeted South Korean institutions in a phishing campaign using documents related to the diplomatic event as bait.
February 2019. U.S. Cybercommand revealed that during the 2018 U.S. midterm elections, it had blocked internet access to the Internet Research Agency, a Russian company involved in information operations against the U.S. during the 2016 presidential election.
February 2019. A hacking campaign targeted Russian companies linked to state-sponsored North Korean hackers.
February 2019. Hackers associated with the Russian intelligence services had targeted more than 100 individuals in Europe at civil society groups working on election security and democracy promotion.
February 2019. State-sponsored hackers were caught in the early stages of gaining access to the computer systems of several political parties as well as the Australian Federal Parliament.
February 2019. European aerospace company Airbus reveals it was targeted by Chinese hackers who stole the personal and IT identification information of some of its European employees.
February 2019. Norwegian software firm Visma revealed that it had been targeted by hackers from the Chinese Ministry of State Security who were attempting to steal trade secrets from the firm’s clients.
January 2019. Hackers associated with the Russian intelligence services were found to have targeted the Center for Strategic and International Studies.
January 2019. The U.S. Department of Justice announced an operation to disrupt a North Korean botnet that had been used to target companies in the media, aerospace, financial, and critical infrastructure sectors.
January 2019. France attributed a cyberattack targeting the Ministry of Defense to a Russian- based hacking group. The attack targeted the mailboxes of nineteen executives of the ministry.
January 2019. Former U.S. intelligence personnel were revealed to be working for the UAE to help the country hack into the phones of activists, diplomats, and foreign government officials
January 2019. U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng Wanzhou alleging crimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets.
January 2019. Security researchers reveal that Iranian hackers have been targeting the telecom and travel industries since at least 2014 in an attempt to surveil and collect the personal information of individuals in the Middle East, the U.S., Europe, and Australia
January 2019. The U.S. Democratic National Committee revealed that it had been targeted by Russian hackers in the weeks after the 2018 midterm elections
January 2019. South Korea’s Ministry of National Defense announced that unknown hackers had compromised computer systems at the ministry’s procurement office
January 2019. Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers as well as government entities in the Middle East, Europe, and North America.
January 2019. Hackers release the personal details, private communications, and financial information of hundreds of German politicians, with targets representing every political party except the far-right AfD.
Cyber Attacks – Year 2018
December 2018. Chinese hackers stole IP and confidential business and technological information from managed service providers – companies that manage IT infrastructure for other businesses and governments
December 2018. North Korean hackers targeted the Chilean interbank network after tricking an employee into installing malware over the course of a fake job interview
December 2018. Chinese hackers were found to have compromised the EU’s communications systems, maintaining access to sensitive diplomatic cables for several years
December 2018. North Korean hackers stole the personal information of almost 1,000 North Korean defectors living in South Korea
December 2018. The United States, in coordination with Australia, Canada, the UK, and New Zealand, accused China of conducting a 12-year campaign of cyber espionage targeting the IP and trade secrets of companies across 12 countries. The announcement was tied to the indictment of two Chinese hackers associated with the campaign.
December 2018. Security researchers discover a cyber campaign carried out by a Russia-linked group targeting the government agencies of Ukraine as well as multiple NATO members
December 2018. Researchers report that a state-sponsored Middle Eastern hacking group had targeted telecommunications companies, government embassies, and a Russian oil company located across Pakistan, Russia, Saudi Arabia, Turkey, and North America
December 2018. Italian oil company Saipem was targeted by hackers utilizing a modified version of the Shamoon virus, taking down hundreds of the company’s servers and personal computers in the UAE, Saudi Arabia, Scotland, and India
December 2018. North Korean hackers have reportedly targeted universities in the U.S. since May, with a particular focus on individuals with expertise in biomedical engineering
December 2018. The Security Service of Ukraine blocked an attempt by the Russian special services to disrupt the information systems of Ukraine’s judicial authority
December 2018. The Czech security service announced that Russian intelligence services were discovered to have been behind attacks against the Czech foreign ministry in 2017
November 2018. German security officials announced that a Russia-linked group had targeted the email accounts of several members of the German parliament, as well as the German military and several embassies
November 2018. Security researchers report that Russia launched coordinated cyber attacks against the Ukrainian government and military targets before and during the attack on Ukrainian ships in late November
November 2018. Researchers reveal that a Mexican government-linked group used spyware to target the colleagues of a slain journalist investigating drug cartels
November 2018. Security researchers discover a cyberespionage campaign targeting government websites of Lebanon and the UAE
November 2018. The U.S. Justice Department indicted two Iranians for the ransomware attack affecting Atlanta’s government earlier in 2018
November 2018. Chinese state media reports that the country had been the victim of multiple attacks by foreign hackers in 2018, including the theft of confidential emails, utility design plans, lists of army units, and more
November 2018. North Korean hackers were found to have used malware to steal tens of millions of dollars from ATMs across Asia and Africa.
November 2018. Security researchers report that Russian hackers impersonating U.S. State Department officials attempted to gain access to the computer systems of military and law enforcement agencies, defense contractors, and media companies
November 2018. Ukraine’s CERT discovered malware in the computer systems of Ukraine state agencies believed to be implanted as a precursor for a future large-scale cyber attack
November 2018. Researchers discover that a Chinese cyberespionage group targeted a UK engineering company using techniques associated with Russia-linked groups in an attempt to avoid attribution
November 2018. The Pakistani Air Force was revealed to have been targeted by nation-state hackers with access to zero-day exploits
November 2018. Security researchers identify an Iranian domestic surveillance campaign to monitor dissent targeting Telegram and Instagram users
November 2018. Australian defense shipbuilder Austal announced it had been the victim of a hack resulting in the theft of unclassified ship designs which were later sold online
October 2018. The head of Iran’s civil defense agency announced that the country had recently neutralized a new, more sophisticated version of Stuxnet
October 2018. The U.S. Department of Justice indicted Chinese intelligence officers and hackers working for them for engaging in a campaign to hack into U.S. aerospace companies and steal information
October 2018. Security researchers link the malware used to attack a petrochemical plant in Saudi Arabia to a research institute run by the Russian government.
October 2018. U.S. defense officials announced that Cyber Command had begun targeting individual Russian operatives to deter them from interfering in the 2018 midterm elections.
October 2018. U.S. agencies warned President Trump that China and Russia eavesdropped on calls he made from an unsecured phone.
October 2018. News reports reveal that the Israel Defense Force requested that cybersecurity companies develop proposals for monitoring the personal correspondence of social media users.
October 2018. The U.S. Department of Homeland Security announces that it has detected a growing volume of cyber activity targeting election infrastructure in the U.S. ahead of the 2018 midterm elections.
October 2018. The Security Service of Ukraine announced that a Russian group had carried out an attempted hack on the information and telecommunication systems of Ukrainian government groups
October 2018. The U.S. Justice Department announces criminal charges against seven GRU officers for multiple instances of hacking against organizations including FIFA, Westinghouse Electric Company, the Organisation for the Prohibition of Chemical Weapons, and the U.S. and World Anti-Doping Agencies.
September 2018. Security researchers found that a Russian hacking group had used malware to target the firmware of computers at government institutions in the Balkans and in Central and Eastern Europe.
September 2018. In a letter to Senate leaders, Sen. Ron Wyden revealed that a major technology company had alerted multiple Senate offices of attempts by foreign government hackers to gain access to the email accounts of Senators and their staff
September 2018. Researchers report that 36 different governments deployed Pegasus spyware against targets in at least 45 countries, including the U.S., France, Canada, and the UK.
September 2018. Swiss officials reveal that two Russian spies caught in the Netherlands had been preparing to use cyber tools to sabotage the Swiss defense lab analyzing the nerve agent used to poison former Russian Agent Sergei Skripal.
September 2018. Security researchers find that Iranian hackers have been surveilling Iranian citizens since 2016 as part of a mobile spyware campaign directed at ISIS supporters and members of the Kurdish ethnic group.
September 2018. Russian hackers targeted the email inboxes of religious leaders connected to Ukraine amid efforts to disassociate Ukraine’s Orthodox church from its association with Russia.
September 2018. The U.S. Department of Justice announces the indictment of Park Jin Hyok, a North Korean Hacker allegedly involved in the 2014 Sony hack, the 2016 theft of $81 million from a Bangladeshi bank, and the WannaCry ransomware attacks.
September 2018. Researchers reveal a new cyber espionage campaign linked to attacks against Vietnamese defense, energy, and government organizations in 2013 and 2014.
August 2018. North Korean hackers stole $13.5 million from India’s Cosmos Bank after breaking into the bank’s system and authorizing thousands of unauthorized ATM withdrawals, as well as several illegal money transfers through the SWIFT financial network.
August 2018. Security researchers report that Iranian hackers had targeted the websites and login pages of 76 universities in 14 countries. The attackers stole the credentials of users who attempted to sign in, gaining access to library resources for the purposes of intellectual property theft.
August 2018. Facebook identified multiple new disinformation campaigns on its platform sponsored by groups in Russia and Iran. The campaigns targeted users in the U.S., Latin America, Britain, and the Middle East, and involved 652 fake accounts, pages, and groups.
August 2018. Microsoft announced that Russian hackers had targeted U.S. Senators and conservative think tanks critical of Russia.
July 2018. Security researchers report that an Iranian hacking group had been targeting the industrial control systems of electric utility companies in the U.S., Europe, East Asia, and the Middle East.
July 2018. The Department of Homeland Security reveal that a campaign by Russian hackers in 2017 had compromised the networks of multiple U.S. electric utilities and put attackers in a position where they could have caused blackouts.
July 2018. Senator Claire McCaskill reveals that her 2018 re-election campaign was targeted by hackers affiliated with Russia’s GRU intelligence agency. Attackers unsuccessfully targeted staffers in the Senator’s office with phishing emails designed to harvest their passwords.
July 2018. Researchers report that a hacking group linked to Iran has been active since early 2017 targeting energy, government, finance, and telecommunications entities in the Middle East.
July 2018. Microsoft reveals that Russian hackers had targeted the campaigns of three Democratic candidates running for the 2018 midterm elections.
July 2018. Russian hackers were found to have targeted the Italian navy with malware designed to insert a backdoor into infected networks.
July 2018. Security researchers detected a spike in hacking attempts against IoT devices in Finland during the run-up to President Trump’s summit with Vladimir Putin in Helsinki. The majority of attacks originated in China.
July 2018. Singapore’s largest healthcare institution was targeted by state-sponsored hackers, leading to the leakage of personal information for 1.5 million patients, along with prescription details for 160,000 others.
July 2018. Ukrainian intelligence officials claim to have thwarted a Russian attack on the network equipment of a chlorine plant in central Ukraine. The virus used in the attack is the same malware responsible for the infection of 500,000 routers worldwide in a campaign the FBI linked to state-sponsored Russian hackers.
July 2018. The U.S. Department of Justice announced the indictments of 12 Russian intelligence officers for carrying out large-scale cyber operations against the Democratic Party in advance of the 2016 Presidential election. The officers’ alleged crimes included the theft and subsequent leakage of emails from the Democratic National Committee and Hillary Clinton campaign, and the targeting of election infrastructure and local election officials in an attempt to interfere with the election.
July 2018. Security researchers report that Chinese hackers had been actively spying on political actors on both sides of the upcoming Cambodian elections. Targets include the country’s National Election Commission, several government ministries, the Cambodian Senate, at least one Member of Parliament, and multiple media outlets and human rights activists.
July 2018. Hackers targeted the campaigns of at least two local Democratic candidates during 2018’s primary season, reportedly using DDoS attacks to disrupt campaign websites during periods of active fundraising and positive news publicity.
June 2018. Ukraine police claim that Russian hackers have been systematically targeting Ukrainian banks, energy companies, and other organizations to establish backdoors in preparation for a wide-scale strike against the country.
June 2018. A Russian hacking group linked to disrupting the Pyeongchang Olympics targeted individuals in France, Germany, Switzerland, Russia, and Ukraine linked to a biochemical threat conference organized by a company involved in the investigation of the poisoning of Sergei Skripal in March 2018.
June 2018. Researchers reveal that North Korean hackers targeted a South Korean think tank focused on national security issues. The hackers used a zero-day exploit to compromise the organization’s website and insert a backdoor for injecting code.
June 2018. The U.S. Treasury Department announced sanctions against five Russian companies and three individuals for enabling Russian intelligence and military units to conduct cyberattacks against the U.S.
May 2018. Cyber security researchers reported that North Korean hackers had been targeting defectors through compromised Android apps hosted through the Google Play market, stealing device information and allowing the insertion of executable code stealing photos, contact lists, and text messages.
May 2018. Security researchers reveal that the Pakistani military used Facebook Messenger to distribute spyware to targets in the Middle East, Afghanistan, and India in an attempt to compromise government officials, medical professionals, and others.
May 2018. Turkish government hackers were discovered to be using surveillance software FinFisher to infect Turkish dissidents and protesters.
May 2018. An unknown group of hackers stole between $18 and $20 million dollars from Mexican banks by exploiting the SWIFT transfer system, submitting a series of false transfer orders to phantom accounts in other banks and emptying the accounts in dozens of branches.
May 2018. Within 24 hours of President Trump’s announcement that the US would withdraw from the Iran nuclear agreement, security firms reported increases in Iranian hacking activity, including the sending of emails containing malware to diplomats in the Foreign Affairs ministries of US allies, as well as global telecommunication companies.
May 2018. Researchers reveal that a hacking group connected to Russian intelligence services had been conducting reconnaissance on the business and ICS networks of electric utilities in the US and UK since May 2017.
April 2018. Security researchers report that an Indian hacking group had been targeting government agencies and research institutions in China and Pakistan since 2013.
April 2018. Cyber security researchers reveal that North Korean hackers targeted critical infrastructure, finance, healthcare, and other industries in 17 countries using malware resembling the code used in the 2014 Sony Pictures attack.
April 2018. Israeli cyber researchers revealed that Hamas had planted spyware in mobile phones owned by members of Fatah, a rival Palestinian faction
April 2018. Reports from cyber security researchers indicate that Chinese state-sponsored hacking groups have targeted Japanese defense companies in an attempt to gain information on Tokyo’s policies toward North Korea
April 2018. US and UK officials issued a joint warning that Russia was deliberately targeting western critical infrastructure by compromising home and business routers
April 2018. The director of the UK’s Government Communications Headquarters (GCHQ) announced that the organization had been conducting offensive cyber operations against ISIS to suppress their propaganda, disrupt their coordination, and protect deployed military personnel
April 2018. The chief of Germany’s domestic intelligence services accused Russia of being behind the December 2017 attack on the government’s computer networks
April 2018. The UK’s National Cyber Security Centre released an advisory note warning that Russian state actors were targeting UK critical infrastructure by infiltrating supply chains
April 2018. All government services of Sint. Maarten, a Caribbean island and constituting country of the Netherlands, was taken offline for a week after a cyber attack. According to local authorities, this is the third cyber attack the country has faced in just over a year.
April 2018. The North Korean hacking group responsible for the SWIFT attacks was found to have targeted a Central American online casino in an attempt to siphon funds
March 2018. Online services for the city of Atlanta were disrupted after a ransomware attack struck the city’s networks, demanding $55,000 worth of bitcoin in payment. The city would eventually spend approximately $2.6 million recovering from the attack.
March 2018. Baltimore’s 911 dispatch system was taken down for 17 hours after a ransomware attack, forcing the city to revert to manual dispatching of emergency services
March 2018. The US Departments of Justice and Treasury accused Iran in an indictment of stealing intellectual property from more than 300 universities, as well as government agencies and financial services companies.
March 2018. The FBI and Department of Homeland Security issued a joint technical alert to warn of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water, aviation, and manufacturing facilities.
March 2018. Columbian authorities reported more than 50,000 attacks on the web platform of Columbia’s national voter registry during the run-up to national elections.
March 2018. Cybersecurity researchers reveal that a Chinese hacking group used malware to attack the service provider for the UK government in an attempt to gain access to contractors at various UK government departments and military organizations
March 2018. Cybersecurity researchers announce evidence that the same North Korean hacking group linked to the SWIFT financial network attacks has been targeting several major Turkish banks and government finance agencies.
March 2018. A UN report details an attempt by North Korean hackers to compromise the email accounts of the members of a UN panel enforcing trade sanctions against North Korea.
February 2018. The Justice Department indicted 13 Russians and three companies for their online efforts to interfere in the 2016 US presidential elections.
February 2018. The US and UK formally blame Russia for the June 2017 NotPetya ransomware attack that caused billions of dollars in damages across the world.
February 2018. A cyberattack on the Pyeongchang Olympic Games attributed to Russia took the official Olympic website offline for 12 hours and disrupted wifi and televisions at the Pyeongchang Olympic stadium.
February 2018. Officials at the Department of Homeland Security confirmed that Russian hackers successfully penetrated the voter registration rolls of several US states prior to the 2016 election.
January 2018. Chinese hackers infiltrated a U.S. Navy contractor working for the Naval Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for use on U.S. submarines were taken, along with submarine radio room information relating to cryptographic systems and the Navy submarine development unit’s electronic warfare library
January 2018. China denied that the computer network it supplied to the African Union allowed it to access the AU’s confidential information and transfer it to China, or that it had bugged offices in the AU headquarters that it had built.
January 2018. A Japan-based cryptocurrency exchange reveals that it lost $530 million worth of the cryptocurrency NEM in a hack, in what amounts to possibly the largest cryptocurrency heist of all time.
January 2018. A hacking group with ties to the Lebanese General Directorate of General Security was revealed to have been involved in a six-year campaign to steal text messages, call logs, and files from journalists, military officers, corporations, and other targets in 21 countries worldwide.
Cyber Attacks – Year 2017
December 2017. French company Schneider Electric was forced to shut down operations of a power plant in the Middle East after malware compromised its industrial control systems. Analysis by security researchers indicated that the attack was sponsored by a nation-state.
December 2017. Iranian hackers used fake social network profiles and a fake news site to target academic researchers, human rights activists, media outlets, and political advisors
November 2017. Three Chinese nationals employed at a China-based Internet security firm are indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.
November 2017. Cybersecurity researchers report a cyberespionage campaign targeting government organizations in South America and Southeast Asia. The group, deemed to have nation-state capabilities, aimed to acquire foreign policy information from diplomatic and government entities.
November 2017. Cybersecurity researchers report a sophisticated Vietnamese hacking group responsible for cyber espionage campaigns targeting the ASEAN organization, foreign corporations with an interest in Vietnamese industries, and media, human rights, and civil society organizations.
October 2017. Russian hackers reported targeting potential attendees of CyCon, a cybersecurity conference organized by the US Army and the NATO CCD COE
October 2017. DHS and FBI reports warn of Russia-linked hackers targeting industrial control systems at US energy companies and other critical infrastructure organizations
October 2017. Poland’s Defense Minister reports that the country repelled a third Russian hacking attempt against companies in Poland, reportedly part of a larger campaign against Eastern European corporations.
October 2017. North Korean hackers were found to have targeted US electric companies in a spear-phishing campaign meant to probe utilities’ defenses.
October 2017. China allegedly carried out a cyberattack against a U.S. think tank and law firm, both involved with fugitive Chinese tycoon Guo Wengui.
October 2017. Reports surface that Russian government-backed hackers stole NSA hacking secrets from a contractor in 2015 by exploiting the Kaspersky antivirus software on the contractor’s home computer
September 2017. An Iranian hacking group was responsible for an espionage campaign targeting the aerospace industry in the U.S. and Saudi Arabia, as well as petrochemical firms in South Korea and Saudi Arabia.
September 2017. Russia compromised the personal smartphones of NATO soldiers deployed to Poland and the Baltic states.
September 2017. Press reports say that the US Cyber Command targeted North Korea’s Reconnaissance General Bureau for denial-of-service attacks.
September 2017. China allegedly inserted malware into widely used PC management tools. The malware targeted at least 20 major international technology firms.
September 2017. The SEC reported that cybercriminals accessed the agency’s files in 2016 and used the information gathered for illicit trading
September 2017. Researchers report malware infections in Cambodia designed to surveil dissidents and disrupt domestic political activity.
August 2017. Researchers inform the Estonian Information System Authority of a vulnerability potentially affecting the use of 750,000 Estonian e-ID cards. The government replaced the compromised cards in late 2017 but claims that no cards were ever hacked.
August 2017. South Korea’s Cyber Warfare Research Center reports that North Korea has been targeting South Korean Bitcoin exchanges.
August 2017. A state-sponsored spyware campaign targeted Indian and Pakistani government security and military organizations.
August 2017. The Scottish Parliament suffered from a brute force cyberattack similar to the one that compromised the British Parliament in June.
July 2017. Security researchers revealed details of a wide-ranging malware campaign linked to China which used over 600 strains of malware to conduct espionage operations on Southeast Asian military and government organizations
July 2017. GCHQ issued a warning saying that state-sponsored hackers had likely broken into the Industrial Control Systems of UK energy companies
July 2017. Security researchers revealed an Iran-linked cyber-espionage group active since 2013 that had used spear phishing and watering hole attacks to target government institutions, defense companies, IT firms and more in Israel, Saudi Arabia, the US, Germany, Jordan, and Turkey.
July 2017. The FBI and DHS announced that hackers had been targeting US energy facilities including the Wolf Creek Nuclear Operating Corporation in a campaign bearing resemblance to the operations of a known Russian hacking group
July 2017. Cyber research firms reported a new malware campaign launched the day after North Korea’s July missile tests. The identified family of malware featured a command and control infrastructure with links to South Korea and had previously been used in three other campaigns linked to North Korea.
July 2017. Russian hackers used leaked NSA tools to compromise Wi-Fi servers in European and Middle Eastern hotels in a campaign targeting top diplomats and industrial leaders.
July 2017. The Qatari government accused hackers in the United Arab Emirates of posting fake news and attacking Qatari state-run media websites in a campaign designed to widen a rift between Gulf states.
June 2017. The New York Times revealed that spyware sold to the Mexican government was being used to target human rights lawyers, journalists, and anti-corruption activists
June 2017. US-CERT identified the North Korean government as being behind a DDoS botnet infrastructure used to target media, financial, aerospace, and critical infrastructure organizations worldwide
June 2017. A Russia-linked hacking group was found to have launched a spear-phishing campaign against Montenegro after the country announced its decision to join NATO
June 2017. A NotPetya ransomware attack shut down the port terminals of Danish shipping giant Maersk for two days, causing an estimated $300 million in associated costs
June 2017. Russian hackers used an updated ransomware program to target Ukrainian infrastructure, including power companies, airports, and public transit.
June 2017. A brute-force attack alleged to have been carried out by Iranian state actors compromised nearly 90 British members of parliament, whose email accounts were hacked.
May 2017. A hacking campaign by an Iran-linked group targeted multiple Israeli IT vendors, financial institutions and the national post office
May 2017. A ransomware campaign spread to 99 countries using a vulnerability revealed in the Shadow Brokers’ April 2017 dump of NSA tools.
May 2017. Lebanon accused Israel of hacking the Lebanese telecoms network and sending audio and WhatsApp messages to 10,000 people claiming that Hezbollah’s leader was behind the death of the group’s top commander.
May 2017. An Iranian hacking group attempted to carry out an attack on a U.S. military contractor using Russian tools.
May 2017. Thousands of emails and other documents from the campaign of French president-elect Emmanuel Macron, totaling 9 gigabytes, were released shortly before the election, in an effort linked to Russia.
April 2017. The Israeli Cyber Defense Authority announced it had defended an Iranian cyberattack campaign against 120 targets in the government, high-tech, medical, and education sectors
April 2017. The Lazarus Group, thought to be associated with North Korea, was found to be involved in a spear phishing campaign against US defense contractors
April 2017. Cybersecurity researchers revealed a growing cyber-espionage campaign originating in China and targeting construction, engineering, aerospace and telecom companies, as well as government agencies, in the U.S., Europe, and Japan.
April 2017. The Danish Defense Intelligence Service reported that a “foreign player,” alleged by the Danish press to be a Russian espionage group, had accessed Defense Ministry email accounts in 2015 and in 2016, but was unable to retrieve classified information.
April 2017. The Shadow Brokers, the group that claimed to have hacked the NSA in August 2016, released yet another trove of purported NSA hacking tools, including one that suggests the NSA had gained access to SWIFT messages.
April 2017. Chinese attempts to penetrate South Korean military, government and defense industry networks continued at an increasing rate since a February announcement that the THAAD missile defense system would be deployed in South Korea.
March 2017. An intelligence report revealed a Russian operation to send malicious spear-phishing messages to more than 10,000 Twitter users in the Department of Defense. The malicious payloads delivered through these messages gave Russian hackers access to the victim’s device and Twitter account.
March 2017. The U.S. Department of Justice indicted two Russian intelligence agents and two criminal hackers over the September 2014 Yahoo hack, which compromised 500 million user accounts.
March 2017. Chinese police arrested 96 suspects charged with hacking into the servers of social media, gaming and video streaming sites, stealing personal information, and posting the information for sale on online forums.
March 2017. Wikileaks released a trove of sophisticated CIA hacking tools dating from 2013 to 2016, claiming that the release reflected several hundred million lines of CIA-developed code.
February 2017. An Iranian cyber espionage campaign targeted the energy, government, and technology sectors of Saudi Arabia
February 2017. Indian Central Bureau of Investigation and Army officers were targeted by a phishing campaign purportedly mounted by Pakistan.
February 2017. Hackers compromised the Singaporean military’s web access system and stole the personal information of 850 people. The Ministry of Defense said it was likely the attack was state-sponsored.
January 2017. A Swedish foreign policy institute accused Russia of conducting an information warfare campaign, using fake news, false documents, and disinformation intended to weaken public support for Swedish policies.
Cyber Attacks – Year 2016
December 2016. Russian hackers targeted Ukraine’s national power company, Ukrenergo, and shut down power to northern Kyiv for over an hour.
December 2016. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) warned its customers that they remain vulnerable to attacks by “sophisticated” threat actors, having witnessed “a meaningful number” of attacks on its customers since the Bangladesh heist in February 2016, a fifth of which had resulted in stolen funds.
November 2016. An indiscriminate attack compromised systems at the San Francisco Municipal Transportation Agency (the Muni), locking operators out of computers and customers out of kiosks. As a result, Muni offered customers free rides for two days, until administrators restored its systems without paying the demanded $73,000 ransom.
November 2016. Hackers targeted AdultFriendFinder, a dating website, compromising 412 million users and publishing their emails, passwords, member status and purchases on online criminal marketplaces.
October 2016. A cyber mercenary contracted by a rival firm used a botnet to disable a Liberian telecom company, rendering half the country unable to access the internet.
October 2016. Hackers gained control of a major Brazilian bank’s Domain Name System addresses and seized the bank’s entire online footprint for several hours.
October 2016. The U.S. Director of National Intelligence and Department of Homeland Security jointly identified Russia as responsible for hacking the Democratic National Committee and using WikiLeaks to dump emails obtained in the hack.
September 2016. Japanese Defense Ministry and Self-Defense Forces (SDF) communications networks linking SDF bases and camps were compromised.
September 2016. Yahoo revealed that an intrusion into its network in late 2014 had given hackers access to 500 million users’ usernames, email addresses, phone numbers, dates of birth, passwords, and a mix of encrypted and plaintext security questions and answers. The company’s CIO claimed the attack was perpetrated by a state-sponsored actor.
August 2016. A group calling itself “Shadow Brokers” claimed to have penetrated the NSA and published a collection of NSA tools on Pastebin.
August 2016. Brazilian hackers ramped up phishing attacks against tourists visiting Rio de Janeiro for the 2016 Olympics. Security researchers ranked Brazil second only to Russia in the sophistication of its financial fraud gangs.
August 2016. Two Hong Kong government agencies were penetrated in an attack allegedly by China. The attack came weeks before the legislative elections in Hong Kong.
July 2016. Forensic evidence points to Russian intelligence agencies as responsible for the release of 20,000 emails from the Democratic National Committee.
July 2016. A series of DDOS attacks disrupted 68 Philippine government websites on July 12, the day the United Nations International Arbitration court released its decision ruling in favor of the Philippines on the West Philippine Sea territorial dispute.
July 2016: A new strain of cyberespionage malware with a dropper designed to target specific European energy companies has been discovered. Researchers say the malware appears to be the work of a nation-state, may have originated in Eastern Europe, and its role seems to be battlespace preparation.
May 2016: Suspected Russian hackers attempted to penetrate the Turkish Prime Minister’s office and the German Christian Democratic Union party. The attacks targeted personal email accounts and attempted to obtain login credentials.
May 2016. Researchers uncovered an espionage campaign originating from Iran that attacked government and business targets in multiple countries, as well as targets inside of Iran. The operation was conducted over the course of a decade.
May 2016: Saudi Arabian communications and defense organizations were hacked, possibly by Iran.
April 2016. U.S. Steel accused Chinese government hackers of stealing proprietary information about steel production techniques for the benefit of Chinese steel producers
April 2016. The German Christian Democratic Union, the political party of Angela Merkel, was targeted in a credential phishing attack by a Russian cyber espionage group.
April 2016. Microsoft researchers discover a highly skilled hack group that has targeted government agencies (including intelligence agencies), defense research centers and telecommunication service providers in South and Southeast Asia since 2009.
March 2016. A suspected ransomware attack crippled MedStar Health-operated hospitals in Maryland and Washington.
March 2016. North Korean hackers broke into the smartphones of a dozen South Korean officials, accessing phone conversations, text messages, and other sensitive information.
March 2016. 21st Century Oncology, a cancer care company, revealed that 2.2 million patients’ personal information may have been stolen in an October 2015 hack. Hackers had access to patient names, Social Security numbers, doctor names, diagnosis and treatment information, and insurance information.
February 2016. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) warned its customers that they remain vulnerable to attacks by “sophisticated” threat actors, having witnessed “a meaningful number” of attacks on its customers since the Bangladesh heist in February 2016, a fifth of which had resulted in stolen funds.
January 2016. Austrian-based aerospace parts manufacturer FACC had $54.5 million stolen in a cyberattack. The attackers ignored FACC’s intellectual property or proprietary data, and business operations were not affected.
January 2016. Israel revealed an operation by the United States and Britain to hack into Israel’s surveillance drones.
January 2016. The chief of Sri Lanka’s Financial Crimes Investigation Division had his private email account hacked. It is believed the attack was an attempt at embarrassment motivated by an ongoing crackdown by the department.
January 2016. Armenian diplomatic missions in 40 countries had their websites defaced by Azerbaijani hackers.
January 2016. The Czech Republic’s Prime Minister had his Twitter and personal email account hacked by right-wing extremists.
Cyber Attacks – Year 2015
December 2015. Russian hackers coordinated attacks on several regional power distribution companies in Western Ukraine. SCADA systems and system host networks were targeted and damaged. The malware was used to probe for network vulnerabilities, establish command and control, and wipe SCADA servers to delay restoration. Attackers simultaneously launched a denial of service attack on system dispatchers to prevent customers from reporting disruptions. Approximately 225,000 Ukrainians were affected, but service was restored after 3-6 hours.
December 2015. The Australian Bureau of Meteorology was attacked by hackers the previous year, with unnamed sources attributing the incident to China.
October 2015. The ROK National Intelligence Service attributed hacks at the National Assembly, the Ministry of Unification, and the Blue House to North Korea’s General Reconnaissance Bureau.
October 2015. A teenage hacker tricked Verizon and AOL customer service to gain access to the private email account of CIA Director John Brennan.
November 2015. Iran’s Revolutionary Guard hacked the email and social media accounts of a number of Obama administration officials in an attack believed to be related to the arrest of an Iranian-American businessman in Tehran.
November 2015. Spies were found to have attempted to hack into the German, French, and Japanese submarine builders bidding for a contract to build Australia’s new submarine fleet.
November 2015. Dutch security firm Fox-IT identified a Chinese threat actor, ‘Mofang’, that had launched cyber attacks against government civilian and military agencies in the United States and other industries, including corporations conducting solar cell research
September 2015. Hackers sought access to the Dutch Safety Board and other parties involved in investigating the crash of flight MH17.
September 2015. Multiple Pakistani government websites were hacked by the ‘Mallu Cyber Team.
September 2015. Cybersecurity researchers uncovered a Russian hacking group called “The Dukes” that is allegedly responsible for attacks against foreign governments and think tanks in Europe, Central Asia, and the United States over seven years.
August 2015. Researchers identified a phishing campaign targeting members of the Iranian diaspora, as well as at least one Western activist. The attacks were seeking two-factor authentication credentials.
July 2015. A spear-phishing attack on the Joint Chiefs of Staff’s unclassified email servers resulted in the system being shut down for 11 days while cyber experts rebuilt the network, affecting the work of roughly 4,000 military and civilian personnel. Officials believe that Russia is responsible for the intrusion, which occurred sometime around July 25, although China has not been ruled out as the perpetrator.
June 2015. Canada announced that it has experienced DDOS attacks against two government websites. The attacks, which took down the Canadian Security Intelligence Service (CSIS) and the general Canadian government website, Canada.ca also reportedly affected email, Internet access and IT services in the government. Anonymous has claimed responsibility, citing Canada’s recently passed Anti-terrorism Act, 2015 as the reason behind the recent attack.
June 2015. Cybersecurity researchers identified an Iranian cyber espionage campaign that targeted over 500 organizations, most of them in the Middle East, that focused on diplomacy, defense and security, journalism & human rights, and other fields.
June 2015. The Office of Personnel Management was revealed to have been hacked twice in the last year. The first resulted in the loss of 4.1 million records and the second resulted in the loss of 21.5 million records,19.7 million of these involved background investigation records for cleared U.S. government employees.
June 2015. The Chinese company Qihoo360 reports discovering “OceanLotus,” an espionage program operating since 2012 to target marine agencies, research institutions and shipping companies.
June 2015. Media reports say that Stuxnet-like attacks were attempted against North Korea by the U.S., without success.
May 2015. Chinese intelligence officers infiltrated networks and exfiltrated trade secret information about turbofan engines from U.S. and European aerospace firms over the course of five years
May 2015. A hack of an online IRS system results in a $50 million loss, which the IRS blames on Russian hackers.
April 2015. The Pentagon revealed that Russian hackers gained access to an unclassified network within the DOD, though Pentagon officials were able to block the hackers’ access within 24 hours.
April 2015. Hackers claiming affiliation with ISIS hacked the French public television network TV5 Monde. The hackers took off the air 11 of the networks’ channels and defaced TV5 Monde’s website and social media accounts with pro-ISIS imagery.
April 2015. U.S. officials report that hackers gained access to White House networks and sensitive information, such as “real-time non-public details of the president’s schedule,” through the State Department’s network, which has had continued trouble in ousting attackers.
March 2015. An Iranian hacking group conducted a spear-phishing campaign against the defense, IT, government, and academic targets in Europe and the Middle East.
March 2015. Canadian researchers say Chinese hackers attacked U.S. hosting site GitHub. GitHub said the attack involved “a wide combination of attack vectors” and used new techniques to involve unsuspecting web users in the flood of traffic to the site. According to the researchers, the attack targeted pages for two GitHub users – GreatFire and the New York Times Chinese mirror site – both of which circumvent China’s firewall.
February 2015. Media reports say that Canada’s Communication Security Establishment identified “Babar” and “EvilBunny” as malware developed for espionage purposes by the French government. Babar’s primary function is to exfiltrate documents, but it can also log keystrokes, monitor a user’s web history, and intercept & record command communications made via Skype and messenger programs.
January 2015. A report issued by Germany’s Federal Office for Information Security reveals a German steel mill became the second recorded victim of a cyberattack causing physical destruction. The attack disrupted control systems so severely that a blast furnace could not be properly shut down. The report did not name the steel mill or detail the severity of the damage.
Cyber Attacks – Year 2022
December 2014. Iranian hackers attacked a major Las Vegas casino in retaliation for its owner’s support for Israel.
December 2014. An Iranian cyber campaign targeted government agencies and critical infrastructure companies in the United States, Canada, Europe, the Middle East, and Asia.
November 2014. North Korean hackers attacked a British production company planning to release a television series revolving around the imprisonment of a British nuclear scientist in the DPRK. The attack caused the cancellation of the series.
November 2014. A report by the University of Toronto finds that human rights organizations are routinely hacked by foreign intelligence services, using readily available crime ware as well as specially designed programs, with intrusion lasting for years.
October 2014. U.S. Postal Service servers are hacked, exposing employees’ names, addresses, and Social Security numbers.
October 2014. The National Oceanic and Atmospheric Administration (NOAA) at the U.S. Department of Commerce is hacked, skewing the accuracy of some National Weather Service forecasts, according to NOAA.
October 2014. Chinese users are redirected to a false iCloud login page that monitors their activities, putting their iCloud usernames, passwords, files, and contacts at risk.
October 2014. A five-year cyber espionage campaign attributed to Russia exploits a zero-day vulnerability in Windows software on computers used by NATO, the EU and the Ukrainian government.
October 2014. Australian mining and natural resources companies and their associated legal and financial advisors were attacked during sensitive business negotiations.
September 2014. A false Occupy Central smartphone app with audio recording capabilities, likely of Chinese origin, targets Hong Kong protestors and accesses users’ locations, call and message logs, and browser histories.
September 2014. Using fraudulently obtained certificates, cybercriminals obtain access to 300 government and company websites in Germany, Austria and Switzerland in a multi-year operation.
August 2014. Community Health Systems disclosed that suspected Chinese hackers infiltrated its network and stole personal information from 4.5 million patients
August 2014. The contractor responsible for security clearances at DHS has their networks hacked and employee personal information is compromised. This was one of the first steps in the 2015 OPM hack.
July 2014. Canada’s Foreign Minister asks his Chinese counterpart about PLA cyber espionage against the National Research Council, Canada’s leading technology research agency.
June 2014. CrowdStrike reported that Unit 61398 had targeted U.S. corporations in the satellite industry
April 2014. An Iranian hacking group conducted a campaign of espionage attacks against the U.S. industrial base and also targets inside Iran.
Cyber Attacks – Year 2013
October 2013. Press reports based on Snowden leaks reveal NSA hacked into German Chancellor Merkel’s mobile phone, one of a larger series of leaks on NSA activities.
September 2013. The U.S. Navy says that Iran hacked into unclassified networks.
September 2013. Chinese hackers used malware, known as ‘Sykipot’, to target entities in the U.S. Defense Industries and companies in key industries such as telecommunications, computer hardware, government contractors, and aerospace. In mid-2013 they targeted the U.S. civil aviation sector.
September 2013. Chinese hackers targeted three U.S. organizations, including a large American oil and gas corporation
September 2013. North Korea again hacks South Korean targets, including think tanks, the South Korean Ministry of Defense, and Korean defense industry firms.
August 2013. The Syrian Electronic Army hijacks and reroutes major Western social media and media sites to a malicious hosting site in Russia.
August 2013. A massive DDOS takes down China’s .cn country code top-level domain for several hours.
June 2013. PLA hackers infiltrated the computer networks of the U.S. Transportation Command and stole sensitive military information
June 2013. The FBI charged five Ukrainian and Russian hackers with stealing over 160 million credit card numbers and causing hundreds of millions in losses.
June 2013. The U.S. and Russia sign a bilateral agreement that establishes a hotline and other confidence-building measures.
June 2013. Edward Snowden, a former systems administrator at the NSA, reveals documents showing among other things that the US conducted cyber espionage against Chinese targets.
May 2013. An alleged Chinese hacker steals the blueprints for the Australian Security Intelligence Organization’s new $631 million building.
May 2013. Israeli officials report a failed attempt by the Syrian Electronic Army to compromise the water supply to the city of Haifa.
May 2013. DHS reports that the U.S. electrical grid is constantly being probed by multiple actors, including Iran.
May 2013. India is believed to have used a zero-day exploit to penetrate Pakistani mining, automotive, legal, engineering, food service, military, and banks.
May 2013. Anonymous Saudi branch launches OpSaudi and takes down government websites, including the Ministry of Foreign Affairs, Ministry of Finance, and the General Intelligence Presidency via DDoS attack.
May 2013. The U.S. identified a gang of eight hackers who extracted $45 million from banks in the UAE and Oman. The attacks eliminated the withdrawal limits on prepaid debit cards, permitting the hackers to withdraw massive amounts.
May 2013. An unknown attacker utilized a DDoS attack to bring down the website of the Iranian Basij military branch (basij.ir).
May 2013. Chinese hackers compromise the U.S. Department of Labor and at least nine other agencies, including the Agency for International Development and the Army Corps of Engineers National Inventory of Dams.
April 2013. A Russian internet security firm announced that they discovered malware on millions of android mobile devices, primarily in Russia and Russian-speaking countries.
March 2013. The Syrian Electronic Army, a pro-Assad hacktivist group, hacked into major Western media organizations as part of a propaganda campaign.
March 2013. Beginning in 2012, Chinese hackers targeted civilian and military maritime operations within the South China Sea, in addition to U.S. companies involved in maritime satellite systems, aerospace companies and defense contractors
March 2013. The Indian Defence Research Organization was hacked, with thousands of documents uploaded to a server with an IP address in Guangdong, China.
March 2013. North Korea blames the United States and South Korea for a series of attacks that severely restricted Internet access in the country.
March 2013. South Korean television networks and banks were attacked with malware (designed to evade popular South Korean anti-virus software) thought to have originated in North Korea.
February 2013. Der Spiegel reveals that EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012.
January 2013. The New York Times, Wall Street Journal, Washington Post, and Bloomberg News experience persistent cyberattacks, presumed to originate in China.
January 2013. The Japanese Ministry of Foreign Affairs (MOFA discovers it has been hacked and has lost “at least” twenty documents, including highly classified documents.
January 2013. Iran’s Izz ad-Din al-Qassam claims responsibility for another series of distributed denial-of-service attacks against US Bank websites, as part of Operation Ababil phase two.
January 2013. A Defense Science Board report found that Chinese hackers stole U.S. weapons systems designs including the PAC-3, THAAD, Aegis, F/A-18 fighter jet, V-22 Osprey, Black Hawk, and Littoral Combat Ship.
Cyber Attacks – Year 2012
December 2012. Al-Qaida websites are taken offline for two weeks.
December 2012. Two power plants in the U.S. were infected through unprotected USB drives.
October 2012. A Russian cybersecurity firm found a virus used against embassies, research firms, military installations, energy providers, and critical infrastructure in Eastern Europe, Russia, and Central Asia.
September 2012. Izz ad-Din al-Qassam, a hacker group linked to Iran, launched “Operation Ababil” targeting bank websites for sustained denial-of-service attacks. Targets include Bank of America, New York Stock Exchange, Chase Bank, Capital One, SunTrust, and Regions Bank.
August 2012. Malware nicknamed “Gauss,” infected 2,500 systems worldwide. Gauss appears to have been aimed at Lebanese banks and contains code whose encryption has not yet been broken.
July 2012. Regarded as the largest attack on Indian government networks, over 10,000 email addresses of top Indian government officials were hacked, including officials in the Prime Minister’s Office, Defense, External Affairs, Home, and Finance ministries, as well as intelligence agencies. India blames the attack on state actors.
July 2012. NSA Director General Keith Alexander said that there had been a 17-fold increase in cyber incidents at American infrastructure companies between 2009 and 2011.
June 2012. The head of the UK Security Service stated that a London-listed company lost an estimated £800m ($1.2 billion) as a result of state cyberattacks.
June 2012. A global fraud campaign using automated versions of SpyEye and Zeus Trojans targeted high-value personal and corporate accounts and bypassed two-factor authentication.
June 2012. A phishing campaign targets the U.S. aerospace industry experts attending the 2013 IEEE Aerospace Conference.
June 2012. PLA Unit 61398 attacked Digital Bond, a SCADA security company with a spear phishing attack.
May 2012. Researchers at the University of Toronto report that versions of the installer for the proxy tool Simurgh, which anonymizes net use and is popular in countries such as Iran and Syria to circumvent government internet controls, also installs a keylogger Trojan that sends the user name, keystrokes, and program use to another site.
May 2012. An espionage toolkit named “Flame” is discovered in computers in the Iranian Oil Ministry, as well as in other Middle Eastern countries, including Israel, Syria, and Sudan, and other nations around the world.
May 2012. UK officials told the press that there had been a small number of successful perpetrations of classified MOD networks.
April 2012. A hack of Japan’s Ministry of Agriculture, Forestry, and Fisheries resulted in more than 3,000 documents exfiltrated to a foreign destination, including 20 classified documents on negotiations on the Trans-Pacific Partnership (a broad free-trade agreement). According to press reports, the hackers searched Ministry computers for TPP documents, transferred all that was found to a single computer, and then compressed them to make them easier to send.
March 2012. The U.S. Department of Homeland Security issued amber alerts warning of a cyber-intrusion campaign on U.S. gas pipelines, dating back to December 2011. Press reports indicated that Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) described the attack as a sophisticated spear phishing campaign emanating from a single source.
March 2012. India’s Minister for Communications and Information Technology revealed in a written reply to a Parliamentary question that 112 government websites had been compromised from December 2011 to February 2012. Most of the incidents involved website defacement and many of the hacks appeared to originate in Pakistan.
March 2012. The BBC reported a “sophisticated cyber-attack” in an effort to disrupt the BBC Persian Language Service. The attack coincided with efforts to jam two BBC satellite feeds to Iran. The BBC’s Director General blamed Iran for the incident.
March 2012. NASA’s Inspector General reported that 13 APT attacks successfully compromised NASA computers in 2011. In one attack, intruders stole 150 user credentials that could be used to gain unauthorized access to NASA systems. Another attack at the Joint Propulsion Laboratory involving China-based IP let the intruders gain full access to key JPL systems and sensitive user accounts.
March 2012. Trend Micro uncovered a Chinese cyber campaign, dubbed ‘Luckycat’ that targeted U.S.-based activists and organizations, Indian and Japanese military research, as well as Tibetan activists
February 2012. Media reports say that Chinese hackers stole classified information about the technologies onboard F-35 Joint Strike Fighters.
Cyber Attacks – Year 2011
December 2011. U.S. Chamber of Commerce computer networks were completely penetrated for more than a year by hackers who, according to press reports, had ties to the People’s Liberation Army. The Hackers had access to everything on Commerce’s computers, including member company communications and industry positions on U.S. trade policy.
November 2011. According to a major U.S. news source, Chinese hackers interfered with two satellites belonging to NASA and USGS.
November 2011. Apple computers belonging to European Commission officials, including EC Vice President for the “Digital Agenda,” were hacked at an Internet Governance Forum (IGF) meeting in Azerbaijan.
October 2011. Networks of 48 companies in the chemical, defense, and other industries were penetrated for at least six months by a hacker looking for intellectual property. Some of the attacks are attributed to computers in Hebei, China.
September 2011. Australia’s Defense Signals Directorate says that defense networks are attacked more than 30 times a day, with the number of attacks increasing by more than 350 percent by 2009.
September 2011. Unknown attackers hacked a Dutch certificate authority, allowing them to issue more than 500 fraudulent certificates for major companies and government agencies. The certificates are used to verify that a website is genuine. By issuing a false certificate, an attacker can pretend to be a secure website, intercept e-mail, or install malicious software. This was the second hack of a certificate authority in 2011.
August 2011. Email and documents from 480 members of the Japanese Diet and lawmakers and their staff were compromised for a month after a phishing attack implanted a Trojan on members’ computers and Diet servers. The hijacked machines communicated with a server in China and the attackers included Chinese characters in their code.
August 2011. According to sources in the Japanese government, Mitsubishi Heavy Industries and twenty other Japanese defense and high-tech firms were the targets of an effort to extract classified defense information. Japanese officials believed the exploits all originated from the same source. The intruder used an email with a malicious attachment whose contents were the same as a legitimate message sent 10 hours earlier.
August 2011. Chinese hackers engaged in a series of cyber-attacks against 72 entities, including multiple U.S. government networks.
July 2011. In a speech unveiling the Department of Defense’s cyber strategy, the Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the DOD were stolen.
March-April 2011. Between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium-sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million.
March 2011. Hackers penetrated French government computer networks in search of sensitive information on upcoming G-20 meetings.
March 2011. The European Commission and EU’s External Action Service are both targeted in a widespread espionage effort just before a major EU summit. Hackers were apparently very interested in documents related to the G20 summit being held in Paris that year.
January 2011. The Canadian government reported a major cyberattack against its agencies, including Defence Research and Development Canada, a research agency for Canada’s Department of National Defence. The attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the internet. Canadian sources attribute the attack to China.
January 2011. Hackers extracted $6.7 million from South Africa’s Postbank over the New Year’s Holiday.
January 2011. Hackers penetrated the European Union’s carbon trading market, which allows organizations to buy and sell their carbon emissions quotas, and steal more than $7 million in credits, forcing the market to shut down temporarily.
Cyber Attacks – Year 2010
December 2010. British Foreign Minister William Hague reported attacks by a foreign power on the Foreign Ministry, a defense contractor and other “British interests” that evaded defenses by pretending to come from the White House.
October 2010. Australia’s Defence Signals Directorate reported a huge increase in cyberattacks on the military. Australia’s Defence Minister, john Faulkner, revealed there had been 2400 “electronic security incidents” on Defence networks in 2009 and 5551 incidents between January and August 2010.
October 2010. The Wall Street Journal reported that hackers using “Zeus” malware, available in cybercrime black markets for about $1200, were able to steal over $12 million from five banks in the US and UK. Zeus uses links in emails to steal account information, which the hackers then use to transfer money into bank accounts they control. 100 “mules”, or low-end criminals, were arrested for opening bank accounts under false names into which the hackers transferred stolen money.
October 2010. Stuxnet, a complex piece of malware designed to interfere with Siemens Industrial Control Systems, was discovered in Iran, Indonesia, and elsewhere, leading to speculation that it was a government cyber weapon aimed at the Iranian nuclear program.
October 2010. Public-facing networks run by NASDAQ, as well as an information-sharing application called Directors Desk, are compromised by an unknown external group. NASDAQ says it is unsure how far hackers might have penetrated into their network.
July 2010. A Russian intelligence agent (allegedly named Alexey Karetnikov), was arrested and deported after working for nine months as a software tester at Microsoft.
May 2010. A leaked memo from the Canadian Security and Intelligence Service (CSIS) says that “Compromises of computer and combinations networks of the Government of Canada, Canadian universities, private companies and individual customer networks have increased substantially. In addition to being virtually un-attributable, these remotely operated attacks offer a productive, secure and low-risk means to conduct espionage.”
April 2010. A Chinese telecommunications firm accidentally transmitted erroneous routing information for roughly 37,000 networks, causing internet traffic to be misrouted through China. The incident lasted 20 minutes and exposed traffic from more than 8,000 U.S. networks, 8,500 Chinese networks, 1,100 Australian networks and 230 French networks.
April 2010. Chinese hackers reportedly broke into classified files at the Indian Defence Ministry and Indian embassies around the world, gaining access to Indian missile and armament systems.
March 2010. Unknown hackers post the real incomes of Latvian government officials after accessing their tax records, creating political turmoil.
March 2010. Australian authorities said there were more than 200 attempts to hack into the networks of the legal defense team for Rio Tinto executives being tried in China to gain inside information on the trial defense strategy.
March 2010. Google announced that it had found malware targeting Vietnamese computer users. Google said that the malware was not especially sophisticated and was used to spy on “potentially tens of thousands of users who downloaded Vietnamese keyboard language software” the malware also launched distributed denial of service attacks against blogs containing political dissent, specifically, opposition to bauxite mining efforts in Vietnam.
March 2010. NATO and the EU warned that the number of cyberattacks against their networks had increased significantly over the past 12 months, with Russia and China among the most active adversaries.
January 2010. Intel disclosed that it experienced a cyberattack at about the same time that Google, Adobe, and others were attacked. The hackers exploited the vulnerabilities in Internet Explorer software that had been used in the other attacks as well. Intel said that there was no intellectual property or financial loss.
January 2010. A group named the “Iranian Cyber Army” disrupted the service of the popular Chinese search engine Baidu. Users were redirected to a page showing an Iranian political message. Previously, the “Iranian Cyber Army” had hacked into Twitter in December with a similar message.
January 2010. M. K. Narayanan, India’s National Security Adviser, said his office and other government departments were attacked by China on December 15. The Prime Minister’s office later denied that their computers had been hacked. Narayanan said this was not the first attempt to penetrate Indian government computers.
January 2010. Global financial services firm Morgan Stanley experienced a “very sensitive” break-in to its network by the same China-based hackers who attacked Google Inc.’s computers in December 2009, according to leaked e-mails from a cyber-security company working for the bank.
January 2010. Google announced that a sophisticated attack had penetrated its networks, along with the networks of more than 30 other US companies. The goal of the penetrations, which Google ascribed to China, was to collect technology and gain access to activist Gmail accounts and to Google’s Gaea password management system.
January 2010. The UK’s MI5 Security Service warned that undercover intelligence officers from the People’s Liberation Army and the Ministry of Public Security have approached UK businessmen at trade fairs and exhibitions with the offer of “gifts” – cameras and memory sticks – which contain malware that provides the Chinese with remote access to users’ computers.
January 2010. The PLA infiltrated the computer network of a Civilian Reserve Air Fleet (CRAF) contractor in which documents, flight details, credentials and passwords for encrypted emails were stolen.
Cyber Attacks – Year 2009
December 2009. Downlinks from U.S military UAVs were hacked by Iraqi insurgents using laptops and $24.99 file-sharing software, allowing them to see what the UAV had viewed.
December 2009. The Wall Street Journal reported that a major U.S. bank had been hacked, losing tens of millions of dollars.
November 2009. Jean-Pascal van Ypersele, the vice-chairman of the United Nations’ Intergovernmental Panel on Climate Change, ascribed the hacking and release of thousands of emails, from the University of East Anglia’s Climatic Research Unit to Russia as part of a plot to undermine the Copenhagen climate talks.
August 2009. Ehud Tenenbaum was convicted of stealing $10 million from U.S. banks. Tenenbaum was known for hacking into DOD computers in 1998, which resulted in a sentence of six months of community service from an Israeli court.
August 2009. Albert Gonzalez was indicted on charges that between 2006 and 2008, he and unidentified Russian or Ukrainian colleagues allegedly stole more than 130 million credit and debit cards by hacking into the computer systems of five major companies. This was the largest hacking and identity theft crime in U.S. history.
July 2009. Cyberattacks against websites in the United States and South Korea, including a number of government websites, were launched by unknown hackers. South Korea accused North Korea of being behind the attacks The denial of service attacks did not severely disrupt services but lasted for a number of days and generated a great deal of media attention.
June 2009. German Interior Minister Wolfgang Schaeuble noted when presenting the Interior Ministry’s 2008 security report, that China and Russia were increasing espionage efforts and Internet attacks on German companies.
June 2009. The John Hopkins University’s Applied Physics Laboratory, which does classified research for the Department of Defense and NASA, took its unclassified networks offline after they were penetrated.
May 2009. In May 2009, Merrick Bank, a leading issuer of credit cards, claimed it lost $16 million after hackers compromised as many as 40 million credit card accounts.
April 2009. Chinese hackers reportedly infiltrated South Korea’s Finance Ministry via a virus attached to e-mails claiming to be from trusted individuals.
April 2009. Prime Minister Wen Jiabao announced that a hacker from Taiwan accessed a Chinese State Council computer containing drafts of his report to the National Peoples Congress.
March 2009. Reports in the press say that the plans for Marine Corps 1, the new presidential helicopter, were found on a file-sharing network in Iran.
March 2009. Canadian researchers found a computer espionage system that they believe China implanted in the government networks of 103 countries.
March 2009. The German government warned that hackers were offering a free version of the new Microsoft operating system that installs Trojans.
March 2009. Chinese hackers stole information from the Office of Senator Bill Nelson in Florida
March 2009. Chinese hackers infiltrated Coca-Cola Co. computer networks and stole trade secret information, including information related to the attempted $2.4 billion acquisition of Huiyuan Juice Group
February 2009. 600 computers at India’s Ministry of External Affairs were hacked.
February 2009. FAA computer systems were hacked. Increased use by the FAA of IP-bases networks also increases the risk of the intentional disruption of commercial air traffic.
January 2009. Indian Home Ministry officials warned that Pakistani hackers had placed malware on popular music download sites used by Indians in preparation for cyberattacks.
January 2009. Hackers attacked Israel’s internet infrastructure during the January 2009 military offensive in the Gaza Strip. The attack, which focused on government websites, was executed by at least 5,000,000 computers. Israeli officials believed the attack was carried out by a criminal organization from the former Soviet Union and paid for by Hamas or Hezbollah.
Cyber Attacks – Year 2008
2008. Britain’s MPs were warned about e-mails apparently sent by the European Parliament amid fears that they could be used by Chinese hackers to implant viruses.
December 2008. Even tiny CSIS was hacked in December by unknown foreign intruders. They probably assumed that some CSIS staff would go into the new administration and may have thought it might be interesting to read their emails beforehand.
December 2008. Retail giant TJX was hacked. The one hacker captured and convicted (Maksym Yastremskiy) is said to have made $11 million from the hack.
November 2008. Classified networks at DOD and CENTCOM were hacked by unknown foreign intruders. Even worse, it took several days to dislodge the intruders and re-secure the networks.
November 2008. Chinese hackers infiltrated the networks of Barack Obama and John McCain’s presidential campaigns and exfiltrated information about future policy agendas.
November 2008. Chinese hackers infiltrated the computer network of the White House and obtained emails between senior government officials
August 2008. Computer networks in Georgia were hacked by unknown foreign intruders, most likely at the behest of the Russian government. Much press attention was given to annoying graffiti on Georgian government websites. There was little or no disruption of services but the hacks did put political pressure on the Georgian government and were coordinated with Russian military actions.
June 2008. The networks of several Congressional offices were hacked by unknown foreign intruders. Some infiltrations involved offices with an interest in human rights in Tibet.
May 2008. The Times of India reported that an Indian official accused China of hacking into government computers. The official stated that the core of the Chinese assault is the scanning and mapping of India’s official networks to gain access to content in order to plan how to disable or disrupt networks during a conflict.
May 2008. Belgium’s Justice Minister China of hacking Belgian governmental computer networks.
April 2008. Germany’s BND is accused of hacking Afghanistan’s Commerce Minister and Ministry of Commerce and Industry networks, gaining access to internal email accounts and exfiltrating documents.
April – October 2008. A State Department cable made public by WikiLeaks reported that hackers successfully stole “50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified (U.S. government) agency.” The cable said that at least some of the attacks originated from a Shanghai-based hacker group linked to the People’s Liberation Army’s Third Department.
March 2008. U.S. officials reported that American, European, and Japanese companies were experiencing significant losses of intellectual property and business information to criminal and industrial espionage in cyberspace. However, details cannot be provided in an unclassified setting.
March 2008. South Korean Officials claimed that China had attempted to hack into Korean Embassy and Korean military networks.
January 2008. A CIA official said the agency knew of four incidents overseas where hackers were able to disrupt, or threaten to disrupt, the power supply for four foreign cities.
Cyber Attacks – Year 2007
November 2007. Jonathan Evans, the head of Britain’s Security Service (MI5), warned 300 business firms of the increased online threat from Russian and Chinese state organizations saying, “A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense. They increasingly deploy sophisticated technical attacks, using the internet to penetrate computer networks.”
October 2007. China’s Ministry of State Security said that foreign hackers, 42% from Taiwan and 25% from the United States, had been stealing information from Chinese key areas. In 2006, when China’s China Aerospace Science & Industry Corporation (CASIC) Intranet Network was surveyed, spyware was found in the computers of classified departments and corporate leaders.
September 2007. British authorities reported that hackers, believed to have come from China’s People’s Liberation Army, penetrated the network of the Foreign Office and other key departments.
September 2007. Contractors employed by DHS and DOD had their networks hacked as backdoors into agency systems.
September 2007. Francis Delon, Secretary-General of National Defence in France, stated that information systems in France had been infiltrated by groups from China.
September 2007. Israel disrupted Syrian air defense networks (with some collateral damage to its own domestic networks) during the bombing of an alleged Syrian nuclear facility.
August 2007. The British Security Service, the French Prime Minister’s Office and the Office of German Chancellor Angela Merkel all complained to China about intrusion on their government networks. Merkel even raised the matter with China’s President.
June 2007. The Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders as part of a larger series of attacks to access and exploit DOD networks.
May 2007. Estonian government networks were harassed by a denial of service attack by unknown foreign intruders, most likely at the behest of the Russian government. Some government online services were temporarily disrupted and online banking was halted. These were more like cyber riots than crippling attacks, and the Estonians responded very well; however, they created a wave of fear in cyber-dependent countries like the U.S.
May 2007. The National Defense University had to take its email systems offline because of hacks by unknown foreign intruders that left spyware on the system.
April 2007. The Department of Commerce had to take the Bureau of Industrial Security’s networks offline for several months because its networks were hacked by unknown foreign intruders. This Commerce Bureau reviews confidential information on high-tech exports.
Cyber Attacks – Year 2006
2006. Chinese hackers were thought to be responsible for shutting down the House of Commons computer system.
December 2006. NASA was forced to block emails with attachments before shuttle launches out of fear they would be hacked. Business Week reported that the plans for the latest U.S. space launch vehicles were obtained by unknown foreign intruders.
November 2006. Hackers attempted to penetrate U.S. Naval War College networks, resulting in a two-week shutdown at one institution while infected machines are restored.
May 2006. The Department of State’s networks were hacked, and unknown foreign intruders downloaded terabytes of information. If Chinese or Russian spies had backed a truck up to the State Department, smashed the glass doors, tied up the guards and spent the night carting off file cabinets, it would constitute an act of war. But when it happens in cyberspace, we barely notice.
Cyber Attacks – Year 2005
April 2005. Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.
2005. Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and the U.S. Army Space and Strategic Defense installation.