List of cyberattacks

{{Short description|none}}

A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

Indiscriminate attacks

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

  • Operation Shady RAT
  • World of HELL
  • RED October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.{{cite web |url=https://arstechnica.com/security/2013/01/red-october-computer-espionage-network-may-have-stolen-terabytes-of-data/ |title=Massive espionage malware targeting governments undetected for 5 years |newspaper=Ars Technica |date= January 14, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • WannaCry ransomware attack on 12 May 2017 affected hundreds of thousands of computers in more than 150 countries.{{Cite news|url=https://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday|title=WannaCry Ransomware: What We Know Monday|work=NPR.org|access-date=2017-05-15|language=en}}
  • 2017 Petya cyberattack

Destructive attacks

These attacks relate to inflicting damage on specific organizations.

  • Great Hacker War, and purported "gang war" in cyberspace
  • LulzRaft, a hacker group known for a low-impact attack in Canada
  • Operation Ababil, conducted against American financial institutions
  • TV5Monde April 2015 cyberattack
  • Vulcanbot
  • Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.{{cite news|title=Cyberattack On Saudi Firm Disquiets U.S.|date=October 24, 2012|newspaper=New York Times|access-date=October 24, 2012 |last=Perloth |first=Nicole|pages=A1 |url=https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html}}{{cite web |url=https://arstechnica.com/security/2012/08/shamoon-malware-attack/ |title=Mystery malware wreaks havoc on energy sector computers |newspaper=Ars Technica |date= August 16, 2012 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Wiper – In December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.{{cite web |url=https://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html |title=Iranian Oil Sites Go Offline Amid Cyberattack |newspaper=The New York Times |date= April 23, 2012 |author= |access-date=November 8, 2014}}{{cite web |url=https://arstechnica.com/security/2012/08/wiper-malware-stuxnet-duqu/ |title=The perfect crime: Is Wiper malware connected to Stuxnet, Duqu? |newspaper=Ars Technica |date= August 29, 2012 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Stuxnet, a malicious computer worm believed to be a jointly built American-Israeli cyber weapon. It was designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents.
  • Viasat hack, a February 2022 attack on the KA-SAT network of Viasat

Cyberwarfare

{{further|Cyberwarfare}}

These are politically motivated destructive attacks aimed at sabotage and espionage.

Government espionage

These attacks relate to stealing information from/about government organizations:

  • 2008 cyberattack on United States, cyber espionage targeting U.S. military computers
  • Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information
  • GhostNet
  • Moonlight Maze
  • Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran
  • Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
  • Shadow Network, attacks on India by China
  • Titan Rain, targeting defense contractors in the United States
  • Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.{{cite web |url=https://arstechnica.com/security/2013/05/chinese-hackers-who-breached-google-reportedly-targeted-classified-data/ |title=Chinese hackers who breached Google reportedly targeted classified data |newspaper=Ars Technica |date= May 21, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.{{cite web |url=https://arstechnica.com/security/2012/08/nation-sponsored-malware-has-mystery-warhead/ |title=Nation-sponsored malware with Stuxnet ties has mystery warhead |newspaper=Ars Technica |date= August 9, 2012 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Office of Personnel Management data breach – December 2014 breach of data on U.S. government employees. The attack originated in China.{{cite web|url=https://www.npr.org/sections/thetwo-way/2015/06/04/412086068/massive-data-breach-puts-4-million-federal-employees-records-at-risk|title=Massive Data Breach Puts 4 Million Federal Employees' Records At Risk |publisher=NPR|date=June 4, 2015|author=Sanders, Sam}}
  • A six-month-long cyberattack on the German parliament for which the Sofacy Group is suspected took place in December 2014.{{cite news|title=Russian Hackers Suspected In Cyberattack On German Parliament|url=http://www.lse.co.uk/AllNews.asp?code=kwdwehme&headline=Russian_Hackers_Suspected_In_Cyberattack_On_German_Parliament|work=London South East|publisher=Alliance News|date=June 19, 2015}}
  • Vestige is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.{{cite web|title=Hackers lurking, parliamentarians told|url=http://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630|publisher=Deutsche Welle|access-date=21 September 2016}}{{cite web|title=Hackerangriff auf deutsche Parteien|date=20 September 2016 |url=http://www.sueddeutsche.de/politik/bundesregierung-ist-alarmiert-hackerangriff-aufdeutsche-parteien-1.3170347|publisher=Süddeutsche Zeitung|access-date=21 September 2016}}{{cite web|last1=Holland|first1=Martin|title=Angeblich versuchter Hackerangriff auf Bundestag und Parteien|date=20 September 2016 |url=https://www.heise.de/newsticker/meldung/Angeblich-versuchter-Hackerangriff-auf-Bundestag-und-Parteien-3328265.html|publisher=Heise|access-date=21 September 2016}}{{cite news|title="Wir haben Fingerabdrücke"|newspaper=Faz.net|url=https://www.faz.net/aktuell/politik/inland/hackerangriffe-auf-politiker-wir-haben-fingerabdruecke-14445655.html|publisher=Frankfurter Allgemeine|access-date=21 September 2016|last1=Hemicker|first1=Lorenz|last2=Alto|first2=Palo}} Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as the 2017 German federal election.
  • Between 2019 and 2020, Israel was the target of a cyberattack believed to be originating in China and be part of a broader campaign against other countries, including Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.{{cite news |title=In First Massive Cyberattack, China Targets Israel |url=https://www.haaretz.com/israel-news/tech-news/chinese-cyberattack-targeted-dozens-of-israeli-public-and-private-organizations-1.10102531 |website=Haaretz |language=en}}
  • Between July 7, 2021, and July 14, 2021, the Indian government email infrastructure was compromised thrice with hackers accessing emails of several top officials including that of Ajay Prakash Sawhney, the secretary to the Ministry of Electronics and Information Technology{{cite news|title=Hackers breach Indian government emails multiple times|url=https://previewtech.net/hackers-breach-indian-government-emails-multiple-times/|work=Arjun Ramprasad|publisher= Previewtech.net|date=June 30, 2021}}

<span lang="ar">Corporate</span> espionage

These attacks relate to stealing data of corporations related to proprietary methods or emerging products/services.

Stolen e-mail addresses and login credentials

These attacks relate to stealing login information for specific web resources.

  • RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
  • Vestige (online store) – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.[https://www.theregister.co.uk/2010/12/13/gawker_hacked/ Gawker rooted by anonymous hackers], December 13, 2010, Dan Goodin, The Register, retrieved at 2014-11-08
  • 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
  • IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.{{cite web |url=https://arstechnica.com/security/2012/09/ieee-trade-group-exposes-100000-password-for-google-apple-engineers/ |title=Trade group exposes 100,000 passwords for Google, Apple engineers |newspaper=Ars Technica |date= September 25, 2012 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts,{{cite web |url=https://arstechnica.com/security/2012/07/yahoo-service-hacked/ |title=Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated) |newspaper=Ars Technica |date= July 12, 2012 |first=Dan|last=Goodin |access-date=November 8, 2014}} doing so again in January 2013{{cite web |url=https://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/ |title=How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated) |newspaper=Ars Technica |date= January 31, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}} and in January 2014.{{cite web |url=https://arstechnica.com/security/2014/01/mass-hack-attack-on-yahoo-mail-accounts-prompts-password-reset/ |title=Mass hack attack on Yahoo Mail accounts prompts password reset |newspaper=Ars Technica |date= January 31, 2014 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Adobe – in 2013, hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.{{cite web |url=https://www.yahoo.com/tech/7-biggest-computer-hacks-152744364.html |title=7 biggest hacks |last=Howley |first=Daniel |date=July 1, 2016 |website=Yahoo Tech |access-date=1 July 2016}} It attacked 150 million customers.
  • LivingSocial – in 2013, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.{{cite web |url=https://arstechnica.com/security/2013/04/why-livingsocials-50-million-password-breach-is-graver-than-you-may-think/ |title=Why LivingSocial's 50-million password breach is graver than you may think |newspaper=Ars Technica |date= April 27, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • World Health Organization – in March 2020, hackers leaked information on login credentials from the staff members at WHO.{{cite news |title=Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike |url=https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN |work=Reuters |date=24 March 2020 |language=en}} In response to cyberattacks, they stated that “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic.”{{cite news |title=WHO reports fivefold increase in cyber attacks, urges vigilance |url=https://www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance |access-date=29 April 2020 |work=World Health Organization |language=en}}

Stolen credit card and financial data

  • 2017 Equifax data breach – In 2017, Equifax Inc. announced that a cyber-security breach occurred between May and mid July of that year. Cyber criminals had accessed approximately 145.5 million U.S. Equifax consumers' personal data, including their full names, Social Security numbers, credit card information, birth dates, addresses, and, in some cases, driver's license numbers.{{cite web|title=Equifax data breach|url=https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do|website=Federal Trade Commission|date=8 September 2017|access-date=December 10, 2017}}
  • 2016 Indian Banks data breach – It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.{{cite news | url=http://economictimes.indiatimes.com/industry/banking/finance/banking/3-2-million-debit-cards-compromised-sbi-hdfc-bank-icici-yes-bank-and-axis-worst-hit/articleshow/54945561.cms | title=3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit | newspaper=The Economic Times | date=20 October 2016 | access-date=20 October 2016| last1=Shukla | first1=Saloni | last2=Bhakta | first2=Pratik }}
  • 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers
  • Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected.{{cite web|url=https://arstechnica.com/security/2014/09/credit-card-data-theft-hit-at-least-three-retailers-lasted-18-months/|title=Credit card data theft hit at least three retailers, lasted 18 months|last=Gallagher|first=Sean|date=September 18, 2014|access-date=November 8, 2014|newspaper=Ars Technica}}{{Cite web|url=http://krebsonsecurity.com/2014/07/banks-card-breach-at-goodwill-industries/|title = Banks: Card Breach at Goodwill Industries – Krebs on Security| date=25 July 2014 }}
  • Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.{{cite web|url=https://arstechnica.com/security/2014/09/home-depot-estimates-data-on-56-million-cards-stolen-by-cybercrimnals/|title=Home Depot estimates data on 56 million cards stolen by cybercriminals|last=Lemos|first=Robert|date=September 19, 2014|access-date=November 30, 2014|newspaper=Ars Technica}}
  • StarDust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.{{cite web |url=https://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/ |title=Credit card fraud comes of age with advances in point-of-sale botnets |newspaper=Ars Technica |date= December 4, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach.{{cite web |url=https://arstechnica.com/security/2013/12/secret-service-investigating-alleged-credit-card-breach-at-target/ |title=Secret Service investigating massive credit card breach at Target (Updated) |newspaper=Ars Technica |date= December 19, 2013 |first=Cyrus|last=Farivar |access-date=November 8, 2014}}{{cite web |url=https://arstechnica.com/tech-policy/2013/12/cards-stolen-in-massive-target-breach-flood-underground-card-shops/ |title=Cards stolen in massive Target breach flood underground "card shops" |newspaper=Ars Technica |date= December 20, 2013 |first=Dan|last=Goodin |access-date=November 8, 2014}}{{cite web |url=https://arstechnica.com/security/2014/02/target-hackers-reportedly-used-credentials-stolen-from-ventilation-contractor/ |title=Target hackers reportedly used credentials stolen from ventilation contractor |newspaper=Ars Technica |date= February 5, 2014 |first=Dan|last=Goodin |access-date=November 8, 2014}} According to another estimate, it compromised as many as 110 million Target customers.{{cite web |url=https://arstechnica.com/security/2014/01/point-of-sale-malware-infecting-target-found-hiding-in-plain-sight/ |title=Point-of-sale malware infecting Target found hiding in plain sight |newspaper=Ars Technica |date= January 16, 2014 |first=Dan|last=Goodin |access-date=November 8, 2014}}
  • Visa and Mastercard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards.{{cite web|url=https://arstechnica.com/business/2012/04/frequently-asked-questions-about-a-hack-that-may-affect-10-million-credit-cards/|title=After the hack: FAQ for breach affecting up to 10 million credit cards|last=Goodin|first=Dan|date=April 1, 2012|access-date=November 8, 2014|newspaper=Ars Technica}}{{cite web|url=https://arstechnica.com/business/2012/03/massive-credit-card-breach-reportedly-hits-visa-mastercard/|title="Major" credit-card breach hits Visa, MasterCard (Updated)|last=Goodin|first=Dan|date=March 30, 2012|access-date=November 8, 2014|newspaper=Ars Technica}}
  • Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts.{{cite web|url=https://arstechnica.com/security/2012/09/romanians-cop-to-10-million-hacking-spree/|title=Two men admit to $10 million hacking spree on Subway sandwich shops|last=Goodin|first=Dan|date=September 18, 2012|access-date=November 8, 2014|newspaper=Ars Technica}}
  • MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked.{{cite web|url=https://arstechnica.com/uncategorized/2005/06/5015-2/|title=CardSystems should not have retained stolen customer data|last=Bangeman|first=Eric|date=June 20, 2005|access-date=November 8, 2014|newspaper=Ars Technica}}{{cite web|url=https://www.nytimes.com/2005/06/20/technology/20credit.html?_r=0|title=Lost Credit Data Improperly Kept, Company Admits|author=|date=June 20, 2005|access-date=November 8, 2014|newspaper=The New York Times}}{{cite web|url=https://arstechnica.com/uncategorized/2005/06/5031-2/|title=Scope of CardSystems-caused credit card data theft broadens|last=Bangeman|first=Eric|date=June 23, 2005|access-date=November 8, 2014|newspaper=Ars Technica}}{{cite web|url=https://arstechnica.com/uncategorized/2005/07/5129-2/|title=Visa bars CardSystems from handling any more transactions.|author=Jonathan M. Gitlin|date=July 22, 2005|access-date=November 8, 2014|newspaper=Ars Technica}}
  • IRLeaks attack on Iranian banks

Blockchain and cryptocurrencies

  • 2014 Mt. Gox exchange exploits
  • The DAO fork – in June 2016, users exploited a vulnerability in The DAO, a decentralized autonomous organization formed as a venture capital fund, to siphon a third of the fund's ether (about $50 million at the time of the hack).{{Cite news |last=Popper |first=Nathaniel |date=2016-06-17 |title=A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency |language=en-US |work=The New York Times |url=https://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html |access-date=2022-07-17 |issn=0362-4331}}
  • Poly Network exploit – in August 2021, anonymous hackers transferred over $610 million in cryptocurrencies to external wallets. Although it was one of the largest DeFi hacks ever, all assets were eventually returned over the following two weeks.{{Cite web |last=Browne |first=Ryan |date=2021-08-23 |title=Hacker behind $600 million crypto heist returns final slice of stolen funds |url=https://www.cnbc.com/2021/08/23/poly-network-hacker-returns-remaining-cryptocurrency.html |access-date=2022-07-17 |website=CNBC |language=en}}
  • Wormhole hack – in early February 2022, an unknown hacker exploited a vulnerability on the DeFi platform Wormhole, making off with $320 million in wrapped ether.{{Cite web |last=Faife |first=Corin |date=2022-02-03 |title=Wormhole cryptocurrency platform hacked for $325 million after error on GitHub |url=https://www.theverge.com/2022/2/3/22916111/wormhole-hack-github-error-325-million-theft-ethereum-solana |access-date=2022-07-17 |website=The Verge |language=en}}{{Cite web |date=2022-02-03 |title=Wormhole Hack: Lessons From The Wormhole Exploit |url=https://blog.chainalysis.com/reports/wormhole-hack-february-2022/ |access-date=2022-07-17 |website=Chainalysis |language=en-US}}
  • Ronin Network hack – in March 2022, North Korean state-sponsored Lazarus Group used hacked private keys to withdraw $625 million in ether and USDC from the Ronin bridge,{{Cite web |last=Browne |first=Ryan |date=2022-04-15 |title=U.S. officials link North Korean hackers to $615 million cryptocurrency heist |url=https://www.cnbc.com/2022/04/15/ronin-hack-north-korea-linked-to-615-million-crypto-heist-us-says.html |access-date=2022-07-17 |website=CNBC |language=en}}{{Cite web |title=North Korea's Lazarus Group moves funds through Tornado Cash {{!}} TRM Insights |url=https://www.trmlabs.com/post/north-koreas-lazarus-group-moves-funds-through-tornado-cash |access-date=2022-07-17 |website=www.trmlabs.com |language=en}} an Ethereum sidechain built for the NFT-based video game Axie Infinity.
  • Nomad bridge hack – in early August 2022, hackers targeted a misconfigured smart contract in a "free-for-all" attack,{{Cite web |url=https://twitter.com/samczsun/status/1554252024723546112 |access-date=2022-08-02 |website=Twitter |language=en}} withdrawing nearly $200 million in cryptocurrencies from the Nomad cross-chain bridge.{{Cite web |last=Faife |first=Corin |date=2022-08-02 |title=Nomad crypto bridge loses $200 million in "chaotic" hack |url=https://www.theverge.com/2022/8/2/23288785/nomad-bridge-200-million-chaotic-hack-smart-contract-cryptocurrency |access-date=2022-08-02 |website=The Verge |language=en}}
  • The Uncle Maker attack – an attack on Ethereum by the F2Pool mining pool, which lasted between 2020 and 2022, but was only discovered in 2022 by Aviv Yaish, Gilad Stern and Aviv Zohar.{{Cite web |title=NVD - CVE-2022-37450 |url=https://nvd.nist.gov/vuln/detail/CVE-2022-37450 |access-date=2022-08-19 |website=nvd.nist.gov}}{{Cite web |last=admin_afhu |date=2022-08-10 |title=Hebrew University Researchers Uncover Proof of Ethereum Pool Miners Manipulation |url=https://www.afhu.org/2022/08/10/hebrew-university-researchers-uncover-proof-of-ethereum-pool-miners-manipulation/ |access-date=2022-08-19 |website=American Friends of the Hebrew University |language=en-US}}
  • BNB Chain hack – in early October 2022, about $570 million in cryptocurrency was stolen from a bridge for the BNB Chain, a blockchain operated by the Binance exchange.{{Cite news |last=Howcroft |first=Elizabeth |date=2022-10-07 |title=Binance-linked blockchain hit by $570 million crypto hack |language=en |work=Reuters |url=https://www.reuters.com/technology/hackers-steal-around-100-million-cryptocurrency-binance-linked-blockchain-2022-10-07/ |access-date=2022-10-17}} Because a majority of the tokens could not be transferred off-chain, the hacker ultimately made off with about $100 million.{{Cite web |last=Movement |first=Q. ai-Powering a Personal Wealth |title=What Happened With The $570 Million Binance (BNB) Hack? And What Does It Really Mean For Crypto Investors? |url=https://www.forbes.com/sites/qai/2022/10/09/what-happened-with-the-570-million-binance-bnb-hack-and-what-does-it-really-mean-for-crypto-investors/ |access-date=2022-10-17 |website=Forbes |language=en}}

Ransomware attacks

Notable criminal ransomware hacker groups

{{see also|List of hacker groups}}

Hacktivism

{{main article|Hacktivism#Notable hacktivist events}}

{{see also|Timeline of events associated with Anonymous}}

See also

Further reading

References

{{reflist|33em}}

{{DEFAULTSORT:cyberattacks, List of}}

*