List of cyberattacks

A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

Indiscriminate attacks

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

• Operation Shady RAT
• World of Hell
• Red October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.
• WannaCry ransomware attack on 12 May 2017 affected hundreds of thousands of computers in more than 150 countries.
• 2017 Petya cyberattack

Destructive attacks

These attacks relate to inflicting damage on specific organizations.

• Great Hacker War, and purported "gang war" in cyberspace
• LulzRaft, a hacker group known for a low-impact attack in Canada
• Operation Ababil, conducted against American financial institutions
• TV5Monde April 2015 cyberattack
• Vulcanbot
• Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.
• Wiper – In December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.
• Stuxnet, a malicious computer worm believed to be a jointly built American-Israeli cyber weapon. It was designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents.
• Viasat hack, a February 2022 attack on the KA-SAT network of Viasat

Cyberwarfare

These are politically motivated destructive attacks aimed at sabotage and espionage.

• 2007 cyberattacks on Estonia, wide-ranging attacks targeting government and commercial institutions
• 2008 Cyberattacks during the Russo-Georgian War, a series of cyberattacks that swamped and disabled websites of numerous South Ossetian, Georgian, Russian, and Azerbaijani organizations. The attacks were initiated three weeks before the shooting war began in what is regarded as "the first case in the history of a coordinated cyberspace domain attack synchronized with major combat actions in the other warfighting domains (consisting of Land, Air, Sea, and Space)."
• 2009 DDoS attacks against South Korea, a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States.
• July 2009 cyberattacks, against South Korea and the United States
• 2009 Shadow Network, a China-based computer espionage operation that stole classified documents and emails from the Indian government, the office of the Dalai Lama, and other high-level government networks.
• 2010 Australian cyberattacks, a series of denial-of-service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations.
• 2010 cyberattacks on Burma, related to the 2010 Myanmar general election.
• 2010 cyberattacks on Myanmar, distributed denial-of-service attacks (DDoS) ahead of the 2010 Myanmar general election, which is widely viewed as a sham election.
• 2010 Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted by the United States
• 2010 Japan–South Korea cyberwarfare
• 2011 Canadian government hackings, hackers using IP addresses from China infiltrated 3 departments within the government and exfiltrated classified data. The attacks resulted in the government cutting off internet access in the departments affected and various responses from both the Canadian government and the Chinese government.
• 2012 Operation Ababil, a series of cyber attacks starting in 2012, targeting various American financial institutions and carried out by a group calling itself the Cyber fighters of Izz Ad-Din Al Qassam.
• 2013 Singapore cyberattacks, attack by Anonymous "in response to web censorship regulations in the country, specifically on news outlets"
• 2013 South Korea cyberattack, two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.
• Office of Personnel Management data breach
• 2015 Ukraine power grid hack, took place during an ongoing conflict in Ukraine and is attributed to a Russian advanced persistent threat group known as "Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.
• 2016 Kyiv cyberattack, which caused another power outage
• Democratic National Committee cyber attacks, against the Democratic National Committee by the Russian-sponsored cyber-espionage groups Cozy Bear and Fancy Bear, possibly to assist Donald Trump's 2016 presidential campaign.
• 2017 cyberattacks on Ukraine, A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia.
• 2019 cyberattacks on Sri Lanka, The 2019 cyberattacks on Sri Lanka were a series of powerful cyberattacks on at least 10 Sri Lankan domestic websites with the public domains of .lk and .com.
• 2020 cyberattacks on Sri Lanka, a series of cyberattacks on at least 5 Sri Lankan national websites with the top-level domains of .gov and .com.
• 2021 Cyberattacks on Sri Lanka, series of cyberattacks on at least 10 Sri Lankan national websites including Google.lk domain
• #OpIsrael, a broad "anti-Israel" attack
• 2022 Ukraine cyberattacks, undertaken during the prelude to the 2022 Russian invasion of Ukraine
• 2022 cyberattacks on Romania, which occurred after a visit of Romanian officials to Kyiv where more support against Russia was promised while the invasion was taking place
• 2023 Cyberattack on Australia, under which the IRGC launched a cyberattack against an Australian organization to obtain data from an extortion and double extortion ransomware operation. Australia expressed deep concern over IRGC's interference, including online harassment of Australian citizens.

Government espionage

These attacks relate to stealing information from/about government organizations:

• 2008 cyberattack on United States, cyber espionage targeting U.S. military computers
• Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information
• GhostNet
• Moonlight Maze
• Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran
• Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
• Shadow Network, attacks on India by China
• Titan Rain, targeting defense contractors in the United States
• Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.
• Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.
• Office of Personnel Management data breach – December 2014 breach of data on U.S. government employees. The attack originated in China.
• A six-month-long cyberattack on the German parliament for which the Sofacy Group is suspected took place in December 2014.
• Vestige is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland. Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as the 2017 German federal election.
• Between 2019 and 2020, Israel was the target of a cyberattack believed to be originating in China and be part of a broader campaign against other countries, including Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
• Between July 7, 2021, and July 14, 2021, the Indian government email infrastructure was compromised thrice with hackers accessing emails of several top officials including that of Ajay Prakash Sawhney, the secretary to the Ministry of Electronics and Information Technology

Corporate espionage

These attacks relate to stealing data of corporations related to proprietary methods or emerging products/services.

• Operation Aurora
• Operation Socialist, A GCHQ operation by the United Kingdom to obtain information from Belgian telecom company Belgacom on call information
• Sony Pictures Entertainment hack
• Nitro cyberattacks

Stolen e-mail addresses and login credentials

These attacks relate to stealing login information for specific web resources.

• RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
• Vestige (online store) – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.
• 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
• IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.
• Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts, doing so again in January 2013 and in January 2014.
• Adobe – in 2013, hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs. It attacked 150 million customers.
• LivingSocial – in 2013, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.
• World Health Organization – in March 2020, hackers leaked information on login credentials from the staff members at WHO. In response to cyberattacks, they stated that “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic.”

Stolen credit card and financial data

• 2017 Equifax data breach – In 2017, Equifax Inc. announced that a cyber-security breach occurred between May and mid July of that year. Cyber criminals had accessed approximately 145.5 million U.S. Equifax consumers' personal data, including their full names, Social Security numbers, credit card information, birth dates, addresses, and, in some cases, driver's license numbers.
• 2016 Indian Banks data breach – It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.
• 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers
• Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected.
• Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.
• StarDust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.
• Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach. According to another estimate, it compromised as many as 110 million Target customers.
• Visa and Mastercard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards.
• Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts.
• MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked.

Blockchain and cryptocurrencies

• 2014 Mt. Gox exchange exploits
• The DAO fork – in June 2016, users exploited a vulnerability in The DAO, a decentralized autonomous organization formed as a venture capital fund, to siphon a third of the fund's ether (about $50 million at the time of the hack).
• Poly Network exploit – in August 2021, anonymous hackers transferred over $610 million in cryptocurrencies to external wallets. Although it was one of the largest DeFi hacks ever, all assets were eventually returned over the following two weeks.
• Wormhole hack – in early February 2022, an unknown hacker exploited a vulnerability on the DeFi platform Wormhole, making off with $320 million in wrapped ether.
• Ronin Network hack – in March 2022, North Korean state-sponsored Lazarus Group used hacked private keys to withdraw $625 million in ether and USDC from the Ronin bridge, an Ethereum sidechain built for the NFT-based video game Axie Infinity.
• Nomad bridge hack – in early August 2022, hackers targeted a misconfigured smart contract in a "free-for-all" attack, withdrawing nearly $200 million in cryptocurrencies from the Nomad cross-chain bridge.
• The Uncle Maker attack – an attack on Ethereum by the F2Pool mining pool, which lasted between 2020 and 2022, but was only discovered in 2022 by Aviv Yaish, Gilad Stern and Aviv Zohar.
• BNB Chain hack – in early October 2022, about $570 million in cryptocurrency was stolen from a bridge for the BNB Chain, a blockchain operated by the Binance exchange. Because a majority of the tokens could not be transferred off-chain, the hacker ultimately made off with about $100 million.

Stolen medical-related data

• By May, three healthcare payer organizations had been attacked in the United States in 2014 and 2015: Anthem, Premera Blue Cross and CareFirst. The three attacks together netted information on more than 91 million people.
• In January 2022, the International Committee of the Red Cross made a public plea to hackers who had attacked the organisation.

Ransomware attacks

• 2017 – WannaCry ransomware attack
• 2018 Atlanta cyberattack
• 2019
  • 2019 Baltimore ransomware attack
  • Luas cyberattack (Ireland)
• 2021
  • Harris Federation attack (UK)
  • Health Service Executive cyberattack (Ireland)
  • Colonial Pipeline cyberattack (United States)
  • Transnet ransomware attack (South Africa)
  • JBS S.A. cyberattack
  • Steamship Authority cyberattack
  • Kaseya VSA ransomware attack
• 2022 – Costa Rican ransomware attack
• 2024
  • Ransomware Attack Exploiting Veritas Backup
  • Kadokawa ransomware attack

Notable criminal ransomware hacker groups

• Vice Society
• Conti (ransomware)
• Hive (ransomware)
• REvil

Hacktivism

See also

• Blended threat for list of attacks with physical consequences
• Cyberwarfare by China
• Cyberwarfare in the United States
• List of cyber warfare forces
• List of data breaches
• List of phishing incidents
• List of security hacking incidents

Further reading

• Maschmeyer, Lennart; Deibert, Ronald J.; Lindsay, Jon R. (2021). "A tale of two cybers - how threat reporting by cybersecurity firms systematically underrepresents threats to civil society". Journal of Information Technology & Politics. 18 (1): 1–20.
• Oppenheimer, Harry (2024). "How the process of discovering cyberattacks biases our understanding of cybersecurity". Journal of Peace Research.

References