Table of Contents
January 2023 – Data Breaches
Latvian officials claimed that Russia-linked hackers launched a cyber espionage phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.
CISA, the NSA, and the Multi-State Information Sharing and Analysis Center released a joint advisory warning of an increase in hacks on the federal civilian executive branch utilizing remote access software. This follows an October 2022 report on a financially motivated phishing campaign against multiple U.S. federal civilian executive branch agencies.
Hackers targeted the Serbian government in an attempt to disable its Ministry of Internal Affairs network infrastructure. Serbian officials worked with industry professionals to block the attacks.
Russia-linked hackers deployed a ransomware attack against the UK postal service, the Royal Mail. The attack disrupted the systems used to track international mail. It took 20 days for the Royal Mail to fully restore international mail services.
Hackers disrupted access to over 1500 Nepalese government websites by flooding its main government server with traffic.
Iran-linked hackers executed ransomware attacks and exfiltrated data from U.S. public infrastructure and private Australian organizations. Australian authorities claim that the data exfiltrated was for use in extortion campaigns.
The FBI named North Korea-linked hackers responsible for the June 2022 $100 million heist from American crypto firm, Harmony’s Horizon Bridge. In January 2023, the hackers used a system called Railgun to launder over $60 million worth of cryptocurrency stolen in the June attack. Railgun is a privacy system built on the Ethereum blockchain to ensure the identity of the user is kept secret.
Hackers used ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline.
Albanian officials reported that its government servers were still near-daily targets of cyber-attacks following a major attack by Iran-linked hackers in 2022.
Hackers launched a series of cyber-attacks against Malaysian national defense networks. Malaysian officials stated that the hacking activities were detected early enough to prevent any network compromise.
Hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.
Hackers sent over a thousand emails containing malicious links to Moldovan government accounts.
November & December 2022 – Data Breaches
Suspected Chinese-linked hackers carried out an espionage campaign on public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to organizations.
An Indian-based hacking group targeted Pakistani politicians, generals, and diplomats, deploying malware that enables the attacker access to computer cameras and microphones.
The UAE hired three former U.S. intelligence and military officials to help the government break into computers in the United States and other countries.
Hackers disabled the digital services of the Vanuatu government in a cyberattack. The attack affected all government services, disabling emails, websites, and government systems, with only partial access restored a month later. Australian sources stated the hack was a ransomware attack.
Hackers targeted the Guadeloupe government, forcing the shutdown of all government computers to “protect data” during incident response and detect the scope of the attack.
Hackers targeted Bahraini government websites with DDoS attacks prior to the country’s parliamentary and local elections.
Iranian government-sponsored hackers compromised the U.S. Merit Systems Protection Board, exploiting the log4shell vulnerability as early as February 2022. After breaching the network, hackers installed cryptocurrency-mining software and deployed malware to obtain sensitive data.
Hackers damaged Danish State Railways’ network after targeting an IT subcontractor’s software testing environment. The attack shut down train operations for several hours.
Microsoft attributed cyberattacks aimed at transportation and related logistics industries in Ukraine and Poland to a Russian GRU hacking group. The campaign began in late September 2022.
October 2022 – Data Breaches
Hackers targeted a communications platform in Australia, which handles Department of Defence data, in a ransomware attack. The government believes hackers breached sensitive government data in this attack.
A Ukrainian newspaper published hacked data claiming to be sensitive information from Russian defense contractors. The hackers responsible are part of an anti-Putin group in Russia.
6.5 million citizens on Israel’s voter registry with personal information such as phone numbers and family connections are leaked online by hackers after they breached Shas party database.
U.S. Home goods retailer Bed, Bath & Beyond’s company data has been improperly accessed by a phishing scam targeting an employee’s s hard drive and another shared drive. The retailer says no sensitive or personally identifiable information was accessed by the hacker.
About 11,000 U.S. Bank credit card customers’ personal information like names, Social Security numbers, closed account numbers and outstanding balances was accidentally shared by one of the bank’s third-party vendors. The bank will now provide free online credit monitoring service for affected customers for at least two years.
September 2022 – Data Breaches
China accused the U.S. National Security Agency (NSA) of numerous cyberattacks against China’s Northwestern Polytechnical University. Authorities claim the NSA stole user data and infiltrated digital communications networks.
Hackers targeted the Mexican Defense Ministry and accessed six terabytes of data, including internal communications, criminal data, and data that revealed Mexico’s monitoring of Ken Salazar, the U.S. Ambassador to Mexico. Mexican President Andres Manuel Lopez Obrador confirmed the authenticity of the data, including personal health data released to the public.
August 2022 – Data Breaches
Hackers targeted Greece’s largest natural gas distributor DESFA causing a system outage and data exposure.
A Russian group claimed responsibility for breaching a privately owned UK water supply company South Staffordshire Water and leaking files in an extortion attempt.
Hackers targeted Montenegro’s government institutions, breaching the computer systems of several state bodies. Montenegro’s Defense Minister stated there was sufficient evidence to suspect Russia was behind the attack.
July 2022 – Data Breaches
Hackers targeted Iran’s Islamic Culture and Communication Organization (ICCO). The attack took down at least 6 websites, placed images of Iranian resistance leaders on fifteen additional sites, wiped databases and computers and allowed hackers to obtain access to sensitive ICCO data.
A hacker claimed to acquire records on 1 billion Chinese from a Shanghai police database and posted the data for sale online.
China stated the United States stole 97 billion pieces of global internet data and 124 billion pieces of telephone data in June, specifically blaming the National Security Agency (NSA)’s Office of Tailored Access Operations (TAO).
Iranian actors deployed ransomware on Albanian Government networks that destroyed data and disrupted government services.
Hackers breached a Ukrainian media company to broadcast on multiple radio stations that Ukrainian President Volodymyr Zelenskyy was in critical condition. Zelenskyy refuted the claims and blamed Russia for the attack.
June 2022 – Data Breaches
Hackers targeted Harmony’s Horizon, a blockchain bridge, accessing personal data that ultimately led to the theft of approximately $100 million. Blockchain analytics firm Elliptic linked North Korea to the attack.
The FBI, National Security Agency (NSA) and CISA announced that Chinese state-sponsored hackers targeted and breached major telecommunications companies and network service providers since at least 2020.
Hackers leaked files and photos known as “The Xinjiang Police Files” displaying human rights abuses committed by the Chinese government against the Uyghur population.
May 2022 – Data Breaches
Hackers targeted Greenland’s healthcare system, causing networks to crash throughout the island. While an initial diagnosis determined the attack did not damage or expose citizens’ data, it made health services severely limited.
April 2022 – Data Breaches
Russian hackers targeted the Costa Rican Ministry of Finance in a cyberattack, crippling tax collection and export systems. The newly elected President of Costa Rica declared a national emergency as a result of the attack and the group asked for $20 million in ransom or it plans to leak the stolen data.
March 2022 – Data Breaches
The European Banking Authority was targeted using a vulnerability in Microsoft’s mail server software, but no data was compromised. Various attacks using this vulnerability have been attributed to a Chinese government-backed actor.
February 2022 – Data Breaches
Russian state-sponsored actors hacked into numerous U.S. defense contractors between January 2020 and February 2022. The hackers exfiltrated emails and sensitive data relating to the companies’ export-controlled products and proprietary information and interactions with foreign governments.
An investigation led by Mandiant discovered that hackers linked to the Chinese- government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.
January 2022 – Data Breaches
Hackers breached systems belonging to the International Committee of the Red Cross, gaining access to data on more than 500,000 people and disrupting their services around the world. Researchers discovered that the operation may be linked to a sprawling influence operation based in Iran.
A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.
Hackers breached the Canadian Foreign Ministry, hampering some of the Ministry’s internet-connected services. The hack came a day after the government issued a warning to bolster network security in anticipation of Russia-based cyberattacks on critical infrastructure.
November 2021 – Data Breaches
A vendor that handles data for the UK Labour Party was subject to a cyberattack, affecting the data of its members and affiliates.
The stock trading platform, Robinhood, disclosed a social engineering cyberattack that allowed a hacker to gain access to the personal information of around 7 million customers. The data included names, email addresses, and for some, date of birth, and zip codes. Following the breach, the hacker requested payment, presumably not to disclose the stolen data.
October 2021 – Data Breaches
Hackers leaked data and photos from the Israeli Defense Ministry after gaining access to 165 servers and 254 websites, overall compiling around 11 terabytes of data.
September 2021 – Data Breaches
Chinese state-linked hackers targeted Afghan telecom provider Roshan and stole gigabytes of data from their corporate mail server over the past year.
Hackers obtained 15 TB of data from 8,000 organizations working with Israel- based company, Voicenter and offered the data online for $1.5 million. Some experts have stipulated the hackers have ties to Iran, but no link has been confirmed.
August 2021 – Data Breaches
A cyberattack on the government of Belarus compromised dozens of police and interior ministry databases. The hack claims to be a part of an attempt to overthrow President Alexander Lukashenko’s regime.
July 2021 – Data Breaches
Estonia stated a Tallinn-based hacker downloaded 286,438 ID photos from the government database, exposing a vulnerability in a platform managed by their Information System Authority (RIA).
A cyberattack gained access to 1 terabyte of data from the Saudi Arabian Oil Company through zero-day exploitation. Hackers are offering to delete the data in exchange for $50 million in cryptocurrency.
June 2021 – Data Breaches
United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian-controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base.
April 2021 – Data Breaches
New York City’s Metropolitan Transportation Authority (MTA) was hacked by Chinese-backed actors but was unable to gain access to user data or information systems.
March 2021 – Data Breaches
Ukraine’s State Security Service announced it had prevented a large-scale attack by Russian FSB hackers attempting to gain access to classified government data.
Chinese government hackers targeted Microsoft’s enterprise email software to steal data from over 30,000 organizations around the world, including government agencies, legislative bodies, law firms, defense contractors, infectious disease researchers, and policy think tanks.
February 2021 – Data Breaches
A Portuguese-speaking cyber criminal group accessed computer systems at a division of Oxford University researching COVID-19 vaccines and is suspected to be selling the data they collected to nation-states.
Hackers linked to the Vietnamese government conducted a nearly three-year cyber espionage campaign against human rights advocates in the country by using spyware to infiltrate individuals’ systems, spy on their activity, and exfiltrate data.
January 2021 – Data Breaches
Hackers linked to Hezbollah breached telecom companies, internet service providers, and hosting providers in the US, UK, Egypt, Israel, Lebanon, Jordan, Saudi Arabia, the UAE, and the Palestinian Authority for intelligence gathering and data theft.
Unidentified hackers breached one of the data centers of New Zealand’s central bank.
December 2020 – Data Breaches
On Christmas Eve, hackers hit the Scottish Environment Protection Agency with a ransomware attack. After deciding not to pay the ransom, the hackers published the data that had been stolen.
More than 40 Israeli companies had data stolen after Iranian hackers compromised a developer of logistics management software and used their access to exfiltrate data from the firm’s clients.
Suspected Chinese hackers targeted government agencies and the National Data Center of Mongolia as part of a phishing campaign.
Hackers accessed data related to the COVID-19 vaccine being developed by Pfizer during an attack on the European Medicines Agency.
Over 200 organizations around the world—including multiple US government agencies—were revealed to have been breached by Russian hackers who compromised the software provider SolarWinds and exploited their access to monitor internal operations and exfiltrate data.
October 2020 – Data Breaches
The FBI and CISA announced that a Russian hacking group breached U.S. state and local government networks, as well as aviation networks, and exfiltrated data.
The U.S. Department of Homeland Security revealed that hackers targeted the U.S. Census Bureau in a possible attempt to collect bulk data, alter registration information, compromise census infrastructure, or conduct DoS attacks.
August 2020 – Data Breaches
Taiwan accused Chinese hackers of infiltrating the information systems of at least ten government agencies and 6,000 email accounts to gain access to citizens’ personal data and government information.
June 2020 – Data Breaches
North Korean state hackers sent COVID-19-themed phishing emails to more than 5 million businesses and individuals in Singapore, Japan, the United States, South Korea, India, and the UK in an attempt to steal personal and financial data.
April 2020 – Data Breaches
Suspected Vietnamese government hackers used malicious apps uploaded to the Google Play app store to infect users in South and Southeast Asia with spyware capable of monitoring the target’s call logs, geolocation data, and text messages.
February 2020 – Data Breaches
Mexico’s economy ministry announced it had detected a cyber attack launched against the ministry’s networks, but that no sensitive data had been exposed.
The U.S. Defense Information Systems Agency announced it had suffered a data breach exposing the personal information of an unspecified number of individuals.
Chinese targeted Malaysian government officials to steal data related to government-backed projects in the region.
January 2020 – Data Breaches
January 2020. Mitsubishi announces that a suspected Chinese group had targeted the company as part of a massive cyberattack that compromised the personal data of 8,000 individuals as well as information relating to partnering businesses and government agencies, including projects relating to defense equipment.
October 2020 – Data Breaches
A state-sponsored hacking campaign knocked offline more than 2,000 websites across Georgia, including government and court websites containing case materials and personal data. More than 20 countries later attributed the attack to Russia.
India announced that North Korean malware designed for data extraction had been identified in the networks of a nuclear power plant.
Iranian hackers targeted more than 170 universities around the world between 2013 and 2017, stealing $3.4 billion worth of intellectual property and selling stolen data to Iranian customers.
A Chinese government-sponsored propaganda app with more than 100 million users was found to have been programmed to have a backdoor granting access to location data, messages, photos, and browsing history, as well as remotely activating audio recordings.
August 2019 – Data Breaches
August 2019. A previously unidentified Chinese espionage group was found to have worked since 2012 to gather data from foreign firms in industries identified as strategic priorities by the Chinese government, including telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies and the monitoring of dissidents in Hong Kong.
July 2019 – Data Breaches
Capital One reveals that a hacker accessed data on 100 million credit card applications, including Social Security and bank account numbers.
June 2019 – Data Breaches
Chinese intelligence services hacked into the Australian University to collect data they could use to groom students as informants before they were hired into the civil service.
March 2019 – Data Breaches
Indonesia’s National Election Commission reported that Chinese and Russian hackers had probed Indonesia’s voter database ahead of presidential and legislative elections in the country.
Iranian hackers targeted thousands of people at more than 200 oil and gas and heavy machinery companies across the world, stealing corporate secrets and wiping data from computers.
January 2019 – Data Breaches
The U.S. Securities and Exchange Commission charged a group of hackers from the U.S., Russia, and Ukraine with the 2016 breach of the SEC’s online corporate filing portal exploited to execute trades based on non-public information
December 2018 – Data Breaches
The U.S. Navy officials report that Chinese hackers had repeatedly stolen information from Navy contractors including ship maintenance data and missile plans.
Secretary of State Mike Pompeo confirmed that Chinese hackers breached the systems of an American hotel chain, stealing the personal information of over 500 million customers
October 2018 – Data Breaches
The Centers for Medicare and Medicaid Services announced that hackers had compromised a government computer system, gaining access to the personal data of 75,000 people ahead of the start of ACA sign-up season.
September 2018 – Data Breaches
The U.S. Department of Justice announces the indictment and extradition of a Russian hacker accused of participating in the hack of JP Morgan Chase in 2014, leading to the theft of data from over 80 million customers.
The U.S. State Department suffers a breach of one of its unclassified email systems, exposing the personal information of several hundred employees.
Chinese hackers breached the systems of the Starwood hotel chain in 2014. It is estimated that the personal information of up to 500 million people was stolen.
July 2018 – Data Breaches
Australian National University (ANU) was found to have been breached by Chinese hackers in an attack believed to be motivated by a desire to siphon intellectual property from the institution.
June 2018 – Data Breaches
Marketing data firm Exactis suffered a data breach exposing the information of 340 million people, including their political preferences, browsing habits, and purchase data.
Chinese hackers were found to be engaged in a cyber espionage campaign to collect data from satellite, telecom, and defense organizations in the U.S. and Southeast Asia.
A Chinese hacking group targeted a national data center in a Central Asian country, preparing a watering hole attack to inject malicious code onto other government websites connecting to the data center.
Chinese government hackers compromised the networks of a U.S. Navy contractor, stealing 614 GB of data related to weapons, sensors, and communication systems under development for U.S. submarines.
April 2018 – Data Breaches
A cyber espionage campaign originating in China collected data from satellite, telecom, and defense organizations in the United States and Southeast Asia.
March 2018 – Data Breaches
A data breach of the company Under Armor compromised the information of 150 million users of its fitness and nutrition tracking app MyFitnessPal.
February 2018 – Data Breaches
German news reported that a Russian hacking group had breached the online networks of Germany’s foreign and interior ministries, exfiltrating at least 17 gigabytes of data in an intrusion that went undetected for a year.
January 2018 – Data Breaches
Norwegian officials discover a “very professional” attempt to steal patient data from a Norwegian hospital system, in an attack they speculate was connected to the upcoming NATO Trident Juncture 18 military exercise.
The Unique Identification Authority of India and its Aadhaar system are hacked by unknown actors, resulting in the personal data of more than 1 billion people being available for purchase.
December 2017 – Data Breaches
The state-owned China Aerospace Science and Industry Corporation (CASIC) is alleged to have pre-installed backdoors in biometric equipment sold to Taiwan for its e-Gate border control system. The backdoors would have allowed CASIC to gather private data on both Taiwanese and foreign citizens traveling in and out of the country since the system’s installation in 2012.
November 2017 – Data Breaches
Uber discloses that it paid hackers $100,000 to delete the stolen data of 57 million of its customers and drivers, including names, phone numbers, email addresses, and license plate numbers.
October 2017 – Data Breaches
A major wave of ransomware infections hits media organizations, train stations, airports, and government agencies in Russia and Eastern Europe. Security researchers found strong evidence linking the attack to the creators of NotPetya, and noted that the malware used leaked NSA-linked exploits to move through networks. Ukrainian police later reported that the ransomware was a cover for a quiet phishing campaign undertaken by the same actor to gain remote access to financial and other confidential data.
North Korean hackers allegedly broke into South Korea’s defense data center in 2016 and stole a large trove of sensitive documents over the course of a year, including joint U.S.- South Korean blueprints for war on the peninsula.
The Australian Government revealed that hackers compromised an Australian national security contractor in 2016 and stole large amounts of data, including information related to the development of the F-35 Joint Strike Fighter.
Yahoo updates the previous projections of 1 billion accounts affected in its massive 2013 breach, acknowledging that all 3 billion accounts were compromised.
September 2017 – Data Breaches
Credit monitoring firm Equifax disclosed a July data breach that revealed 143 million people’s full names, social security numbers, birth dates, home addresses and driver’s license numbers, as well as 209,000 credit card numbers.
July 2017 – Data Breaches
The Swedish Transport Agency’s outsourced data is hacked, potentially compromising confidential information and classified information on military plans.
Hackers attacked a partner of UniCredit, Italy’s largest bank, gaining access to loan and biographical data from 400,000 client accounts.
May 2017 – Data Breaches
Beginning in 2011, Hackers from the internet security firm Boyusec compromised the networks of three companies over a multi-year period and gained access to confidential documents and data, including sensitive internal communications, usernames and passwords, and business and commercial information.
April 2017 – Data Breaches
Irish state-owned utility EirGrid suffered a security breach at the hands of state-sponsored hackers involving a virtual wiretap allowing access to the company’s unencrypted communications.
February 2017 – Data Breaches
An Iranian hacker group targeted actors associated with the U.S. defense industrial base as well as at least one human rights activist in a campaign to steal credentials and other data.
A sophisticated malware operation extracted over 600 gigabytes of data from 70 mostly Ukrainian targets in the fields of critical infrastructure, news media, and scientific research.
A suspected Russian hacker breached at least 60 universities and US government organizations using SQL injections, including HUD, NOAA, Cornell University, and NYU, among many others. This follows up on a hack by the same actor against the U.S. Electoral Assistance Commission in December 2016.
December 2016 – Data Breaches
Yahoo revealed that its systems had been intruded into in August 2013 and that the breach compromised one billion user accounts. Compromised data included usernames, email addresses, phone numbers, dates of birth, passwords, and security questions and answers. The data was posted for sale for $200,000 or the best offer on underground forums.
November 2016 – Data Breaches
The hard-drive-wiping “Shamoon” virus used against Saudi Aramco in 2012 was deployed against four Saudi Arabian government agencies. The attack wiped data on thousands of computers at Saudi’s General Authority of Civil Aviation and other agencies.
August 2016 – Data Breaches
A cybercriminal gang purportedly from Russia breached enterprise software company Oracle’s systems, possibly installing malware on point-of-sale (POS) systems. The POS malware would then allow hackers to gain access to financial information in data breaches at major retailers.
Designs and data regarding India’s Scorpene submarines were leaked from the French shipbuilder DCNS. DCNS also builds submarines for Malaysia and Chile and recently won contracts to build submarines for Brazil and Australia.
July 2016 – Data Breaches
A Chinese cyber espionage group targeted defense industries in Russia, Belarus, and Mongolia with APTs using phishing campaigns to exfiltrate data.
May 2016 – Data Breaches
Germany’s domestic intelligence agency accused Russia of perpetrating a series of cyber attacks on the German Bundestag in 2015. The attackers made off with an undisclosed amount of data.
April 2016 – Data Breaches
The Philippine Commission on Elections (COMELEC) database was breached, exposing the personal information of all 55 million registered Filipino voters, including fingerprint data, passport numbers and expiry dates, and intentions to run for office.
North Korean hackers stole warship blueprints from the database of a South Korean shipbuilder.
March 2016 – Data Breaches
Finland’s foreign ministry discovered it had been the victim of a four-year breach in its computer network.
February 2016 – Data Breaches
Hackers breached the U.S. Department of Justice’s database, stealing and releasing the names, phone numbers, and email addresses of 30,000 DHS and FBI employees.
The Internal Revenue Service (IRS) announced that a breach of its systems in May 2015 had compromised over 700,000 American taxpayers. The IRS suspected that a Russian tax fraud operation is responsible for the breach.