Significant Cyber Incidents 2016-2020 | Beaufort County Now | Center for Strategic and International Studies (CSIS) | Washington, D.C.

Coronavirus Disease 2019 (COVID-19)

Significant Cyber Incidents 2016-2020

Center for Strategic and International Studies (CSIS) | Washington, D.C.

Significant Cyber Incidents 2016-2020

December 2020.

CISA and the FBI announced that U.S. think tanks focusing on national
security and international affairs were being targeted by state-sponsored hacking groups

December 2020.

Suspected state-sponsored hackers from an unknown country conducted a spear
phishing campaign against organizations in six countries involved in providing special
temperature-controlled environments to support the COVID-19 supply chain.

November 2020.

A Mexican facility owned by Foxconn was hit by a ransomware attack that the
hackers claim resulted in 1,200 servers being encrypted, 20-30 TB of backups being deleted, and
100 GB of encrypted files being stolen.

November 2020.

North Korean hackers targeted COVID-19 vaccine developer AstraZeneca by
posing as recruiters and sending the company’s employees fake job offers that included malware

November 2020.

Chinese hackers targeted Japanese organizations in multiple industry sectors
located in multiple regions around the globe, including North America, Europe, Asia, and the
Middle East.

November 2020.

Suspected Chinese government hackers conducted a cyber espionage campaign
from 2018 to 2020 targeting government organizations in Southeast Asia

November 2020.

A North Korean hacking group engaged in software supply chain attacks
against South Korean internet users by compromising legitimate South Korean security software

November 2020.

One Russian and two North Korean hacking groups launched attacks against
seven companies involved in COVID-19 vaccine research

November 2020.

A group of hackers for hire launched attacks against a group of targets in South
Asia, and particularly India, Bangladesh, and Singapore. These attacks included the use of a
custom backdoor and credential theft

November 2020.

A group of Vietnamese hackers created and maintained a number of fake
websites devoted to news and activism in Southeast Asia that were used to profile users, re-direct
to phishing pages, and distribute malware

November 2020.

U.S. Cyber Command and the NSA conducted offensive cyber operations
against Iran to prevent interference in the upcoming U.S. elections.

November 2020.

Hamas used a secret headquarters in Turkey to carry out cyberattacks and
counter-intelligence operations

October 2020.

The U.S. government announces that Iranian hackers targeted state election
websites in order to download voter registration information and conduct a voter intimidation
campaign

October 2020.

A spokesperson for China’s Foreign Ministry responded to accusations that
Chinese state-sponsored hackers were targeting the U.S. defense industrial base by declaring that
the United States was an “empire of hacking,” citing 2013 leaks about the NSA’s Prism program.

October 2020.

India's National Cyber Security Coordinator announced that cyber crimes in India
cost almost $17 billion in 2019.


October 2020.

A Russian cyber espionage group hacked into an unidentified European
government organization

October 2020.

Iranian hackers targeted attendees of the Munich Security Conference in order to
gather intelligence on foreign policy from the compromised individuals

October 2020.

Greek hackers defaced the website of the Turkish Parliament and 150 Azerbaijani
government websites in support of Armenia.

October 2020.

The FBI, CISA and U.S. Cyber Command announced that a North Korean hacking
group had been conducting a cyber espionage campaign against individual experts, think tanks,
and government entities in South Korea, Japan, and the United States with the purpose of collecting
intelligence on national security issues related to the Korean peninsula, sanctions, and nuclear
policy

October 2020.

The FBI and CISA announced that a Russian hacking group breached U.S. state
and local government networks, as well as aviation networks, and exfiltrated data

October 2020.

A North Korean hacker group carried out attacks against aerospace and defense
companies in Russia.

October 2020.

An Iranian hacking group conducted a phishing campaign against universities in
Australia, Canada, the UK, the U.S., the Netherlands, Singapore, Denmark, and Sweden.

October 2020.

Suspected Iranian hackers targeted government agencies and telecommunications
operators in Iraq, Kuwait, Turkey, and the UAE as part of a cyber espionage campaign

October 2020.

The NSA warned that Chinese government hackers were targeting the U.S. defense
industrial base as part of a wide-ranging espionage campaign

October 2020.

The UK’s National Cyber Security Centre found evidence that Russian military
intelligence hackers had been planning a disruptive cyber attack on the later-postponed 2020
Tokyo Olympics.

October 2020.

The U.S. indicted six Russian GRU officers for their involvement in hacking
incidents including the 2015 and 2016 attacks on Ukrainian critical infrastructure, the 2017
NotPetya ransomware outbreak, election interference in the 2017 French elections, and others.

October 2020.

Iran announced that the country’s Ports and Maritime Organization and one other
unspecified government agency had come under cyberattack

October 2020.

Microsoft and U.S. Cyber Command both independently undertook operations to
take down a Russian botnet ahead of the U.S. election.

October 2020.

The U.S. Department of Homeland Security revealed that hackers targeted the
U.S. Census Bureau in a possible attempt to collect bulk data, alter registration information,
compromise census infrastructure, or conduct DoS attacks

October 2020.

U.S. government officials revealed that suspected Chinese hackers were behind a
series of attacks on entities in Russia, India, Ukraine, Kazakhstan, Kyrgyzstan, and Malaysia

October 2020.

A Chinese group targeted diplomatic entities and NGOs in Africa, Asia, and
Europe using advanced malware adapted from code leaked by the Italian hacking tool vendor
HackingTeam

October 2020.

Iranian hackers exploited a serious Windows vulnerability to target Middle
Eastern network technology providers and organizations involved in work with refugees

October 2020.

A cyber mercenary group targeted government officials and private organizations
in South Asia and the Middle East using a combination of methods including zero-day exploits

October 2020.

In the midst of escalating conflict between Armenia and Azerbaijan over the
territory of Nagorno-Karabakh, an unknown intelligence service conducted a cyber espionage
campaign targeting Azerbaijani government institutions

October 2020.

A previously unknown cyber espionage group was found to have been stealing
documents from government agencies and corporations in Eastern Europe and the Balkans since
2011.

October 2020.

The UN shipping agency the International Maritime Organization (IMO) reported
that its website and networks had been disrupted by a sophisticated cyber attack

October 2020.

North Korean hackers targeted a ministry of health and a pharmaceutical
company involved in COVID-19 research and response

September 2020.

American healthcare firm Universal Health Systems sustained a ransomware
attack that caused affected hospitals to revert to manual backups, divert ambulances, and
reschedule surgeries

September 2020.

French shipping company CMA CGM SA saw two of its subsidiaries in Asia
hit with a ransomware attack that caused significant disruptions to IT networks, though did not
affect the moving of cargo

September 2020.

Russian hackers targeted government agencies in NATO member countries,
and nations who cooperate with NATO. The campaign uses NATO training material as bait for a
phishing scheme that infects target computers with malware that creates a persistent backdoor.

September 2020.

Chinese hackers stole information related to Covid-19 vaccine development
from Spanish research centers

September 2020.

Iranian hackers targeted Iranian minorities, anti-regime organizations, and
resistance members using a combination of malware including an Android backdoor designed to
steal two factor authentication codes from text messages.

September 2020.

Three hackers operating at the direction of Iran’s Islamic Revolutionary Guard
Corps were indicted by the United States for attacks against workers at aerospace and satellite
technology companies, as well as international government organizations.

September 2020.

A ransomware attack on a German hospital may have led to the death of a
patient who had to be redirected to a more distant hospital for treatment.

September 2020.

The U.S. Department of Justice indicted five Chinese hackers with ties to
Chinese intelligence services for attacks on more than 100 organizations across government, IT,
social media, academia, and more

September 2020.

The FBI and CISA announced that Iranian hackers had been exploiting
publicly known vulnerabilities to target U.S. organizations in the IT, government, healthcare,
finance, and media sectors.

September 2020.

CISA revealed that hackers associated with the Chinese Ministry of State
Security had been scanning U.S. government and private networks for over a year in search of
networking devices that could be compromised using exploits for recently discovered
vulnerabilities

September 2020.

One government organization in the Middle East and one in North Africa were
targeted with possible wiper malware that leveraged a ransomware-as-a-service offering that has
recently become popular on cybercrime markets

September 2020.

Georgian officials announce that COVID-19 research files at a biomedical
research facility in Tbilisi was targeted as part of a cyberespionage campaign

September 2020.

Norway announced it had defended against two sets of cyber attacks that
targeted the emails of several members and employees of the Norwegian parliament as well as
public employees in the Hedmark region. It later blamed Russia for the attack.

August 2020.

A North Korean hacking group targeted 28 UN officials in a spear-phishing
campaign, including at least 11 individuals representing six members of the UN Security
Council.

August 2020.

Hackers for hire suspected of operating on behalf of the Iranian government were
found to have been working to gain access to sensitive information held by North American and
Israeli entities across a range of sectors, including technology, government, defense, and
healthcare.

August 2020.

New Zealand’s stock exchange faced several days of disruptions after a severe
distributed denial of service attack was launched by unknown actors

August 2020.

U.S. officials announced that North Korean government hackers had been
operating a campaign focused on stealing money from ATMs around the world.

August 2020.

Suspected Pakistani hackers used custom malware to steal files from victims in
twenty-seven countries, most prominently in India and Afghanistan.

August 2020.

Ukrainian officials announced that a Russian hacking group had begun to conduct
a phishing campaign in preparations for operations on Ukraine’s independence day

August 2020.

Taiwan accused Chinese hackers of infiltrating the information systems of at least
ten government agencies and 6,000 email accounts to gain access to citizens’ personal data and
government information.

August 2020.

A Chinese cyber espionage group targeted military and financial organizations
across Eastern Europe

August 2020.

The Israeli defense ministry announced that it had successfully defended against a
cyberattack on Israeli defense manufacturers launched by a suspected North Korean hacking
group

August 2020.

An Iranian hacking group was found to be targeting major U.S. companies and
government agencies by exploiting recently disclosed vulnerabilities in high-end network
equipment to create backdoors for other groups to use

August 2020.

Pakistan announced that hackers associated with Indian intelligence agencies had
targeted the mobile phones of Pakistani government officials and military personnel

August 2020.

Seven semiconductor vendors in Taiwan were the victim of a two-year espionage
campaign by suspected Chinese state hackers targeting firms’ source code, software development
kits, and chip designs.

August 2020.

Russian hackers compromised news sites and replaced legitimate articles with
falsified posts that used fabricated quotes from military and political officials to discredit NATO
among Polish, Lithuanian, and Latvian audiences.

July 2020.

Israel announced that two cyber attacks had been carried out against Israeli water
infrastructure, though neither were successful

July 2020.

Chinese state-sponsored hackers broke into the networks of the Vatican to conduct
espionage in the lead-up to negotiations about control over the appointment of bishops and the
status of churches in China.

July 2020.

Canada, the UK, and the U.S. announced that hackers associated with Russian
intelligence had attempted to steal information related to COVID-19 vaccine development

July 2020.

The UK announced that it believed Russia had attempted to interfere in its 2019
general election by stealing and leaking documents related to the UK-US Free Trade Agreement

July 2020.

Media reports say a 2018 Presidential finding authorized the CIA to conduct cyber
operations against Iran, North Korea, Russia, and China. The operations included disruption and
public leaking of information.

July 2020.

President Trump confirmed that he directly authorized a 2019 operation by US Cyber
Command taking the Russian Internet Research Agency offline.

June 2020.

Uyghur and Tibetan mobile users were targeted by a mobile malware campaign
originating in China that had been ongoing since 2013

June 2020.

A hacking group affiliated with an unknown government was found to have targeted
a range of Kurdish individuals in Turkey and Syria at the same time as Turkey launched its
offensive into northeastern Syria.

June 2020.

The most popular of the tax reporting software platforms China requires foreign
companies to download to operate in the country was discovered to contain a backdoor that
could allow malicious actors to conduct network reconnaissance or attempt to take remote
control of company systems

June 2020.

Nine human rights activists in India were targeted as part of a coordinated spyware
campaign that attempted to use malware to log their keystrokes, record audio, and steal credentials

June 2020.

A Moroccan journalist was targeted by unknown actors who sent him phishing
messages that could have been used to download spyware developed by Israeli NSO group

June 2020.

North Korean state hackers sent COVID-19-themed phishing emails to more than 5
million businesses and individuals in Singapore, Japan, the United States, South Korea, India, and
the UK in an attempt to steal personal and financial data

June 2020.

The Australian Prime Minister announced that an unnamed state actor had been
targeting businesses and government agencies in Australia as part of a large-scale cyber attack.

June 2020.

In the midst of escalating tensions between China and India over a border dispute in
the Galwan Valley, Indian government agencies and banks reported being targeted by DDoS
attacks reportedly originating in China

June 2020.

Suspected North Korean hackers compromised at least two defense firms in Central
Europe by sending false job offers to their employees while posing as representatives from major
U.S. defense contractors

May 2020.

Businesses in Japan, Italy, Germany, and the UK that supply equipment and software
to industrial firms were attacked in a targeted and highly sophisticated campaign by an unknown
group of hackers

May 2020.

The NSA announced that Russian hackers associated with the GRU had been
exploiting a bug that could allow them to take remote control of U.S. servers

May 2020.

German officials found that a Russian hacking group associated with the FSB had
compromised the networks of energy, water, and power companies in Germany by
compromising the firms’ suppliers.

May 2020.

Cyber criminals managed to steal $10 million from Norway’s state investment fund
in a business email compromise scam that tricked an employee into transferring money into an
account controlled by the hackers

May 2020.

Iranian hackers conducted a cyber espionage campaign targeting air transportation
and government actors in Kuwait and Saudi Arabia.

May 2020.

Chinese hackers accessed the travel records of nine million customers of UK airline
group EasyJet

May 2020.

Two days before Taiwanese President Tsai Ing-wen was sworn in for her second
term in office, the president’s office was hacked, and files were leaked to local media outlets
purporting to show infighting within the administration. The president’s office claimed the
leaked documents had been doctored.

May 2020.

U.S. officials accused hackers linked to the Chinese government of attempting to
steal U.S. research into a coronavirus vaccine

May 2020.

Suspected Chinese hackers conducted a phishing campaign to compromise
Vietnamese government officials involved in ongoing territorial disputes with China in the South
China Sea.

May 2020.

Suspected Iranian hackers compromised the IT systems of at least three telecom
companies in Pakistan, and used their access to monitor targets in the country.

May 2020.

Japan’s Defense Ministry announced it was investigating a large-scale cyber attack
against Mitsubishi Electric that could have compromised details of new state-of-the-art missile
designs.

May 2020.

Israeli hackers disrupted operations at an Iranian port for several days, causing
massive backups and delays. Officials characterized the attack as a retaliation against a failed
Iranian hack in April targeting the command and control systems of Israeli water distribution
systems.

May 2020.

A suspected PLA hacking group targeted government-owned companies, foreign
affairs ministries, and science and technology ministries across Australia, Indonesia, the
Philippines, Vietnam, Thailand, Myanmar, and Brunei.

May 2020.

Operations at two Taiwanese petrochemical companies were disrupted by malware
attacks. Taiwanese officials speculated that the attacks could have been linked to the upcoming
inauguration of Taiwanese President Tsai Ing-wen’s second term.

April 2020.

Suspected Vietnamese government hackers used malicious apps uploaded to the
Google Play app store to infect users in South and Southeast Asia with spyware capable of
monitoring the target’s call logs, geolocation data, and text messages.

April 2020.

Poland suggested the Russian government was being behind a series of cyber attacks
on Poland’s War Studies University meant to advance a disinformation campaign undermining
U.S.-Polish relations.

April 2020.

Suspected Iranian hackers unsuccessfully targeted the command and control systems
of water treatment plants, pumping stations, and sewage in Israel.

April 2020.

U.S. officials reported seeing a surge of attacks by Chinese hackers against
healthcare providers, pharmaceutical manufacturers, and the U.S. Department of Health and
Human services amidst the COVID-19 pandemic.

April 2020.

Suspected Vietnamese hackers targeted the Wuhan government and the Chinese
Ministry of Emergency Management to collect information related to China’s COVID-19
response.

April 2020.

Government and energy sector entities in Azerbaijan were targeted by an unknown
group focused on the SCADA systems of wind turbines

April 2020.

A Russian hacking group used forged diplomatic cables and planted articles on
social media to undermine the governments of Estonia and the Republic of Georgia

April 2020.

Suspected state-sponsored hackers targeted Chinese government agencies and
Chinese diplomatic missions abroad by exploiting a zero-day vulnerability in virtual private
networks servers

April 2020.

Iranian government-backed hackers attempted to break into the accounts of WHO
staffers in the midst of the Covid-19 pandemic

March 2020.

North Korean hackers targeted individuals involved with North Korean refugees
issues as part of a cyber espionage campaign

March 2020.

Suspected South Korean hackers were found to have used five previously
unreported software vulnerabilities to conduct a wide-ranging espionage campaign against North
Korean targets

March 2020.

Saudi mobile operators exploited a flaw in global telecommunications
infrastructure to track the location of Saudis traveling abroad

March 2020.

Chinese hackers targeted over 75 organizations around the world in the
manufacturing, media, healthcare, and nonprofit sectors as part of a broad-ranging cyber
espionage campaign

March 2020.

A suspected nation state hacking group was discovered to be targeting industrial
sector companies in Iran

March 2020.

Human rights activists and journalists in Uzbekistan were targeted by suspected state
security hackers in a spearphishing campaign intended install spyware on their devices

March 2020.

Chinese cybersecurity firm Qihoo 360 accused the CIA of being involved in an 11-
year long hacking campaign against Chinese industry targets, scientific research organizations,
and government agencies

February 2020.

The U.S. Department of Justice indicted two Chinese nationals for laundering
cryptocurrency for North Korean hackers

February 2020.

Mexico’s economy ministry announced it had detected a cyber attack launched
against the ministry’s networks, but that no sensitive data had been exposed.

February 2020.

The U.S. Defense Information Systems Agency announced it had suffered a data
breach exposing the personal information of an unspecified number of individuals

February 2020.

A hacking group of unknown origin was found to be targeting government and
diplomatic targets across Southeast Asia as part of a phishing campaign utilizing custom malware

February 2020.

Chinese hackers targeted Malaysian government officials to steal data related to
government-backed projects in the region.

February 2020.

Iran announced that it has defended against a DDoS against its communications
infrastructure that caused internet outages across the country

January 2020.

An Iranian hacking group launched an attack on the U.S. based research company
Wesat as part of a suspected effort to gain access to the firm’s clients in the public and private
sectors

January 2020.

The UN was revealed to have covered up a hack into its IT systems in Europe
conducted by an unknown but sophisticated hacking group.

January 2020.

Turkish government hackers targeted at least 30 organizations across Europe and
the Middle East, including government ministries, embassies, security services, and companies.

January 2020.

Mitsubishi announces that a suspected Chinese group had targeted the company as
part of a massive cyberattack that compromised personal data of 8,000 individuals as well as
information relating to partnering businesses and government agencies, including projects relating
to defense equipment.

January 2020.

The FBI announced that nation state hackers had breached the networks of two
U.S. municipalities in 2019, exfiltrating user information and establishing backdoor access for
future compromise

January 2020.

A Russian hacking group infiltrated a Ukrainian energy company where Hunter
Biden was previously a board member, and which has featured prominently in the U.S.
impeachment debate.

January 2020.

More than two dozen Pakistani government officials had their mobile phones
infected with spyware developed by the Israeli NSO Group

January 2020.

A suspected nation state targeted the Austrian foreign ministry as part of a cyber
attack lasting several weeks.

December 2019.

Iranian wiper malware was deployed against the network of Bapco, the national
oil company of Bahrain.

December 2019.

Microsoft won a legal battle to take control of 50 web domains used by a North
Korean hacking group to target government employees, think tank experts, university staff, and
others involved in nuclear proliferation issues

December 2019.

An alleged Chinese state-sponsored hacking group attacked government entities
and managed service providers by bypassing the two-factor authentication used by their targets

December 2019.

Chinese hackers used custom malware to target a Cambodian government
organization

December 2019.

Unknown hackers stole login credentials from government agencies in 22 nations
across North America, Europe, and Asia

December 2019.

Iran announced that it had foiled a major cyber attack by a foreign government
targeting the country’s e-government infrastructure

December 2019.

A suspected Vietnamese state-sponsored hacking group attacked BMW and
Hyundai networks

December 2019.

Russian government hackers targeted Ukrainian diplomats, government officials,
military officers, law enforcement, journalists, and nongovernmental organizations in a spear
phishing campaign

November 2019.

A Russian-speaking hacking group targeted a wide range of Kazakh individuals
and organizations including government agencies, military personnel, foreign diplomats,
journalists, dissidents, and others through a combination of spear phishing and physical device
compromise.

November 2019.

Microsoft security researchers found that in the last year, an Iranian hacker
group carried out "password-spraying attacks" on thousands of organizations, but since October,
have focused on the employees of dozens of manufacturers, suppliers, or maintainers of
industrial control system equipment and software.

November 2019.

An alleged non-state actor targeted the UK Labour party with a major DDoS
attack that temporarily took the party’s computer systems offline.

October 2019.

An Israeli cybersecurity firm was found to have sold spyware used to target senior
government and military officials in at least 20 countries by exploiting a vulnerability in
WhatsApp.

October 2019.

A state-sponsored hacking campaign knocked offline more than 2,000 websites
across Georgia, including government and court websites containing case materials and personal
data. More than 20 countries later attributed the attack to Russia.

October 2019.

India announced that North Korean malware designed for data extraction had been
identified in the networks of a nuclear power plant.

October 2019.

Suspected North Korean hackers attempted to steal credentials from individuals
working on North Korea-related issues at the UN and other NGOs.

October 2019.

The NSA and GCHQ found that a Russian cyberespionage campaign had used an
Iranian hacking group’s tools and infrastructure to spy on Middle Eastern targets.

October 2019.

Russian hackers engaged in a campaign since 2013 targeting embassies and foreign
affairs ministries in several European countries.

October 2019.

Iranian hackers targeted more than 170 universities around the world between 2013
and 2017, stealing $3.4 billion worth of intellectual property and selling stolen data to Iranian
customers.

October 2019.

Chinese hackers engaged in a multi-year campaign between 2010 and 2015 to
acquire intellectual property from foreign companies to support the development of the Chinese
C919 airliner.

October 2019.

A Chinese government-sponsored propaganda app with more than 100 million
users was found to have been programmed to have a backdoor granting access to location data,
messages, photos, and browsing history, as well as remotely activate audio recordings.

October 2019.

The Moroccan government targeted two human rights activists using spyware
purchased from Israel.

October 2019.

A state-sponsored hacking group targeted diplomats and high-profile Russian
speaking users in Eastern Europe.

October 2019.

Chinese hackers targeted entities in Germany, Mongolia, Myanmar, Pakistan, and
Vietnam, individuals involved in UN Security Council resolutions regarding ISIS, and members
of religious groups and cultural exchange nonprofits in Asia.

October 2019.

Iranian hackers conducted a series of attacks against the Trump campaign, as well
as current and former U.S. government officials, journalists, and Iranians living abroad.

October 2019.

State-sponsored Chinese hackers were revealed to have conducted at least six
espionage campaigns since 2013 against targets in Myanmar, Taiwan, Vietnam, Indonesia,
Mongolia, Tibet, and Xinjiang.

October 2019.

The Egyptian government conducted a series of cyberattacks against journalists,
academics, lawyers, human rights activists, and opposition politicians.

October 2019.

Chinese hackers were found to have targeted government agencies, embassies,

and other government-related embassies across Southeast Asia in the first half of 2019.


September 2019.

The United States carried out cyber operations against Iran in retaliation for
Iran’s attacks on Saudi Arabia’s oil facilities. The operation affected physical hardware, and had
the goal of disrupting Iran’s ability to spread propaganda.

September 2019.

Airbus revealed that hackers targeting commercial secrets engaged in a series
of supply chain attacks targeting four of the company’s subcontractors.

September 2019.

A Chinese state-sponsored hacking group responsible for attacks against three
U.S. utility companies in July 2019 was found to have subsequently targeted seventeen others.

September 2019.

Hackers with ties to the Russian government conducted a phishing campaign
against the embassies and foreign affairs ministries of countries across Eastern Europe and Central
Asia.

September 2019.

Alleged Chinese hackers used mobile malware to target senior Tibetan
lawmakers and individuals with ties to the Dalai Lama.

September 2019.

North Korean hackers were revealed to have conducted a phishing campaign
over the summer of 2019 targeted U.S. entities researching the North Korean nuclear program and
economic sanctions against North Korea.

September 2019.

Iranian hackers targeted more than 60 universities in the U.S., Australia, UK,
Canada, Hong Kong, and Switzerland in an attempt to steal intellectual property.

September 2019.

Huawei accused the U.S. government of hacking into its intranet and internal
information systems to disrupt its business operations.

August 2019.

China used compromised websites to distribute malware to Uyghur populations
using previously undisclosed exploits for Apple, Google, and Windows phones.

August 2019.

Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer
institutes to take information relating to cutting edge cancer research.

August 2019.

North Korean hackers conducted a phishing campaign against foreign affairs
officials in at least three countries, with a focus on those studying North Korean nuclear efforts
and related international sanctions.

August 2019.

Huawei technicians helped government officials in two African countries track
political rivals and access encrypted communications.

August 2019.

The Czech Republic announced that the country’s Foreign Ministry had been the
victim of a cyberattack by an unspecified foreign state, later identified as Russia

August 2019.

A suspected Indian cyber espionage group conducted a phishing campaign targeting
Chinese government agencies and state-owned enterprises for information related to economic
trade, defense issues, and foreign relations.

August 2019.

Networks at several Bahraini government agencies and critical infrastructure
providers were infiltrated by hackers linked to Iran

August 2019.

A previously unidentified Chinese espionage group was found to have worked since
2012 to gather data from foreign firms in industries identified as strategic priorities by the Chinese
government, including telecommunications, healthcare, semiconductor manufacturing, and
machine learning. The group was also active in the theft of virtual currencies and the monitoring
of dissidents in Hong Kong.

August 2019.

Russian hackers were observed using vulnerable IoT devices like a printer, VOIP
phone, and video decoder to break into high-value corporate networks

August 2019.

A seven-year campaign by an unidentified Spanish-language espionage group was
revealed to have resulted in the theft of sensitive mapping files from senior officials in the
Venezuelan Army

July 2019.

State-sponsored Chinese hackers conducted a spear-phishing campaign against
employees of three major U.S. utility companies

July 2019.

Capital One reveals that a hacker accessed data on 100 million credit card applications,
including Social Security and bank account numbers.

July 2019.

Encrypted email service provider ProtonMail was hacked by a state-sponsored group
looking to gain access to accounts held by reporters and former intelligence officials conducting
investigations of Russian intelligence activities.

July 2019.

Several major German industrial firms including BASF, Siemens, and Henkel
announced that they had been the victim of a state-sponsored hacking campaign reported to be
linked to the Chinese government

July 2019.

A Chinese hacking group was discovered to have targeted government agencies across
East Asia involved in information technology, foreign affairs, and economic development.

July 2019.

The U.S. Coast Guard issued a warning after it received a report that a merchant vessel
had its networks disrupted by malware while traveling through international waters

July 2019.

An Iranian hacking group targeted LinkedIn users associated with financial, energy,
and government entities operating in the Middle East

July 2019.

Microsoft revealed that it had detected almost 800 cyberattacks over the past year
targeting think tanks, NGOs, and other political organizations around the world, with the majority
of attacks originating in Iran, North Korean, and Russia.

July 2019.

Libya arrested two men who were accused of working with a Russian troll farm to
influence the elections in several African countries.

July 2019.

Croatian government agencies were targeted in a series of attacks by unidentified state
sponsored hackers

July 2019.

U.S. Cybercommand issued an alert warning that government networks were being
targeted with malware associated with a known Iran-linked hacking group

June 2019.

Western intelligence services were alleged to have hacked into Russian internet search
company Yandex in late 2018 to spy on user accounts

June 2019.

Over the course of seven years, a Chinese espionage group hacked into ten
international cellphone providers operating across thirty countries to track dissidents, officials, and
suspected spies.

June 2019.

The U.S. announced it had launched offensive cyber operations against Iranian
computer systems used to control missile and rocket launches.

June 2019.

Iran announced that it had exposed and helped dismantle an alleged CIA-backed cyber
espionage network across multiple countries

June 2019.

U.S. officials reveal ongoing efforts to deploy hacking tools against Russian grid
systems as a deterrent and warning to Russia

June 2019.

U.S. grid regulator NERC issued a warning that a major hacking group with suspected
Russian ties was conducting reconnaissance into the networks of electrical utilities.

June 2019.

China conducted a denial of service attack on encrypted messaging service Telegram
in order to disrupt communications among Hong Kong protestors

June 2019.

A suspected Iranian group was found to have hacked into telecommunications services
in Iraq, Pakistan, and Tajikistan

June 2019.

Chinese intelligence services hacked into the Australian University to collect data
they could use to groom students as informants before they were hired into the civil service.

May 2019.

Government organizations in two different Middle Eastern countries were targeted by
Chinese state-sponsored hackers.

May 2019.

A Chinese government-sponsored hacking group was reported to be targeting
unidentified entities across the Philippines.

May 2019.

Iran developed a network of websites and accounts that were being used to spread
false information about the U.S., Israel, and Saudi Arabia.

May 2019.

The Israeli Defense Forces launched an airstrike on the Hamas after they
unsuccessfully attempted to hack Israeli targets.

May 2019.

Hackers affiliated with the Chinese intelligence service reportedly had been using
NSA hacking tools since 2016, more than a year before those tools were publicly leaked.

April 2019.

Amnesty International’s Hong Kong office announced it had been the victim of an
attack by Chinese hackers who accessed the personal information of the office’s supporters.

April 2019.

Ukrainian military and government organizations had been targeted was part of a
campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared
independence from Ukraine in 2014.


April 2019.

Chinese hackers stole General Electric’s trade secrets concerning jet engine turbine
technologies

April 2019.

Hackers used spoofed email addresses to conduct a disinformation campaign in
Lithuania to discredit the Defense Minister by spreading rumors of corruption.

April 2019.

The Finnish police probed a denial of service attack against the web service used to
publish the vote tallies from Finland’s elections.

April 2019.

Iranian hackers reportedly undertook a hacking campaign against banks, local
government networks, and other public agencies in the UK.

April 2019.

Pharmaceutical company Bayer announced it had prevented an attack by Chinese
hackers targeting sensitive intellectual property.

March 2019.

Chinese hackers targeted Israeli defense firms that had connections to the U.S.
military

March 2019.

The U.S. Department of Energy reported that grid operators in Los Angeles County,
California and Salt Lake County, Utah, suffered a DDoS attack that disrupted their operations, but
did not cause any outages

March 2019.

The Australian Signals Directorate revealed that it had conducted cyber attacks
against ISIS targets in the Middle East to disrupt their communications in coordination with
coalition forces.

March 2019.

An Iranian cyber espionage group targeted government and industry digital
infrastructure in Saudi Arabia and the U.S.

March 2019.

State supported Vietnamese hackers targeted foreign automotive companies to
acquire IP.

March 2019.

Iran's intelligence service hacked into former IDF Chief and Israeli opposition
leader Benny Gantz’ cellphone ahead of Israel’s April elections.

March 2019.

North Korean hackers targeted an Israeli security firm as part of an industrial
espionage campaign.

March 2019.

Russian hackers targeted a number of European government agencies ahead of EU
elections in May.

March 2019.

Indonesia’s National Election Commission reported that Chinese and Russian
hackers had probed Indonesia’s voter database ahead of presidential and legislative elections in
the country.

March 2019.

Civil liberties organizations claimed that government-backed hackers targeted

Egyptian human rights activists, media, and civil society organizations throughout 2019.


March 2019.

The UN Security Council reported that North Korea has used state-sponsored
hacking to evade international sanctions, stealing $670 million in foreign currency and
cryptocurrency between 2015 and 2018.


March 2019.

Iranian hackers targeted thousands of people at more than 200 oil-and-gas and heavy
machinery companies across the world, stealing corporate secrets and wiping data from computers.

March 2019.

Following an attack on Indian military forces in Kashmir, Pakistani hackers targeted
almost 100 Indian government websites and critical systems. Indian officials reported that they
engaged in offensive cyber measures to counter the attacks.

March 2019.

U.S. officials reported that at least 27 universities in the U.S. had been targeted by
Chinese hackers as part of a campaign to steal research on naval technologies.

February 2019.

The UN International Civil Aviation Organizations revealed that in late 2016 it
was compromised by China-linked hackers who used their access to spread malware to foreign
government websites.

February 2019.

Prior to the Vietnam summit of Kim Jong Un and Donald Trump, North Korean
hackers were found to have targeted South Korean institutions in a phishing campaign using
documents related to the diplomatic event as bait.

February 2019.

U.S. Cybercommand revealed that during the 2018 U.S. midterm elections, it
had blocked internet access to the Internet Research Agency, a Russian company involved in
information operations against the U.S. during the 2016 presidential election.

February 2019.

A hacking campaign targeted Russian companies linked to state-sponsored North
Korean hackers.

February 2019.

Hackers associated with the Russian intelligence services had targeted more than
100 individuals in Europe at civil society groups working on election security and democracy
promotion.

February 2019.

State-sponsored hackers were caught in the early stages of gaining access to
computer systems of several political parties as well as the Australian Federal Parliament.

February 2019.

European aerospace company Airbus reveals it was targeted by Chinese hackers
who stole the personal and IT identification information of some of its European employees.

February 2019.

Norwegian software firm Visma revealed that it had been targeted by hackers
from the Chinese Ministry of State Security who were attempting to steal trade secrets from the
firm’s clients.

January 2019.

Hackers associated with the Russian intelligence services were found to have
targeted the Center for Strategic and International Studies.

January 2019.

The U.S. Department of Justice announced an operation to disrupt a North Korean
botnet that had been used to target companies in the media, aerospace, financial, and critical
infrastructure sectors.

January 2019.

Former U.S. intelligence personnel were revealed to be working for the UAE to
help the country hack into the phones of activists, diplomats, and foreign government officials

January 2019.

U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng
Wanzhou alleging crimes ranging from wire and bank fraud to obstruction of justice and
conspiracy to steal trade secrets

January 2019.

Security researchers reveal that Iranian hackers have been targeting the telecom
and travel industries since at least 2014 in an attempt to surveil and collect the personal information
of individuals in the Middle East, U.S., Europe, and Australia

January 2019.

The U.S. Democratic National Committee revealed that it had been targeted by
Russian hackers in the weeks after the 2018 midterm elections

January 2019.

South Korea’s Ministry of National Defense announced that unknown hackers
had compromised computer systems at the ministry’s procurement office

January 2019.

The U.S. Securities and Exchange Commission charged a group of hackers from
the U.S., Russia, and Ukraine with the 2016 breach of the SEC’s online corporate filing portal
exploited to execute trades based on non-public information

January 2019.

Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign
targeting telecommunications and internet infrastructure providers as well as government entities
in the Middle East, Europe, and North America.

January 2019.

Hackers release the personal details, private communications, and financial
information of hundreds of German politicians, with targets representing every political party
except the far-right AfD.

December 2018.

Chinese hackers stole IP and confidential business and technological information
from managed service providers – companies that manage IT infrastructure for other businesses
and governments

December 2018.

North Korean hackers targeted the Chilean interbank network after tricking an
employee into installing malware over the course of a fake job interview

December 2018.

Chinese hackers were found to have compromised the EU’s communications
systems, maintaining access to sensitive diplomatic cables for several years

December 2018.

North Korean hackers stole the personal information of almost 1,000 North
Korean defectors living in South Korea

December 2018.

The United States, in coordination with Australia, Canada, the UK, and New
Zealand, accused China for conducting a 12-year campaign of cyber espionage targeting the IP
and trade secrets of companies across 12 countries. The announcement was tied to the indictment
of two Chinese hackers associated with the campaign.

December 2018.

U.S. Navy officials report that Chinese hackers had repeatedly stolen
information from Navy contractors including ship maintenance data and missile plans.

December 2018.

Security researchers discover a cyber campaign carried out by a Russia-linked
group targeting the government agencies of Ukraine as well as multiple NATO members

December 2018.

Researchers report that a state-sponsored Middle Eastern hacking group had
targeted telecommunications companies, government embassies, and a Russian oil company
located across Pakistan, Russia, Saudi Arabia, Turkey, and North America

December 2018.

Italian oil company Saipem was targeted by hackers utilizing a modified version
of the Shamoon virus, taking down hundreds of the company’s servers and personal computers in
the UAE, Saudi Arabia, Scotland, and India

December 2018.

North Korean hackers have reportedly targeted universities in the U.S. since
May, with a particular focus on individuals with expertise in biomedical engineering

December 2018.

The Security Service of Ukraine blocked an attempt by the Russian special
services to disrupt the information systems of Ukraine’s judicial authority

December 2018.

The Czech security service announced that Russian intelligence services were
discovered to have been behind attacks against the Czech foreign ministry in 2017

December 2018.

Secretary of State Mike Pompeo confirmed that Chinese hackers breached the
systems of an American hotel chain, stealing the personal information of over 500 million
customers

November 2018.

German security officials announced that a Russia-linked group had targeted
the email accounts of several members of the German parliament, as well as the German military
and several embassies

November 2018.

Security researchers report that Russia launched coordinated cyber attacks
against Ukrainian government and military targets before and during the attack on Ukrainian ships
in late November

November 2018.

Researchers reveal that a Mexican government-linked group used spyware to
target the colleagues of a slain journalist investigating drug cartels

November 2018.

Security researchers discover a cyberespionage campaign targeting government
websites of Lebanon and the UAE

November 2018.

The U.S. Justice Department indicted two Iranians for the ransomware attack
affecting Atlanta’s government earlier in 2018

November 2018.

Chinese state media reports that the country had been the victim of multiple
attacks by foreign hackers in 2018, including the theft of confidential emails, utility design plans,
lists of army units, and more

November 2018.

North Korean hackers were found to have used malware to steal tens of millions
of dollars from ATMs across Asia and Africa

November 2018.

Security researchers report that Russian hackers impersonating U.S. State
Department officials attempted to gain access to the computer systems of military and law
enforcement agencies, defense contractors, and media companies

November 2018.

Ukraine’s CERT discovered malware in the computer systems of Ukraine state
agencies believed to be implanted as a precursor for a future large-scale cyber attack

November 2018.

Researchers discover that a Chinese cyberespionage group targeted a UK
engineering company using techniques associated with Russia-linked groups in an attempt to avoid
attribution

November 2018.

The Pakistani Air Force was revealed to have been targeted by nation-state
hackers with access to zero-day exploits

November 2018.

Security researchers identify an Iranian domestic surveillance campaign to
monitor dissent targeting Telegram and Instagram users

November 2018.

Australian defense shipbuilder Austal announced it had been the victim of a
hack resulting in the theft of unclassified ship designs which were later sold online

October 2018.

The head of Iran’s civil defense agency announced that the country had recently
neutralized a new, more sophisticated version of Stuxnet

October 2018.

The U.S. Department of Justice indicted Chinese intelligence officers and hackers
working for them for engaging in a campaign to hack into U.S. aerospace companies and steal
information

October 2018.

Security researchers link the malware used to attack a petrochemical plant in Saudi
Arabia to a research institute run by the Russian government.

October 2018.

U.S. defense officials announced that Cyber Command had begun targeting
individual Russian operatives to deter them from interfering in the 2018 midterm elections.

October 2018.

U.S. agencies warned President Trump that that China and Russia eavesdropped
on calls he made from an unsecured phone.

October 2018.

News reports reveal that the Israel Defense Force requested that cybersecurity
companies develop proposals for monitoring the personal correspondence of social media users.

October 2018.

The U.S. Department of Homeland Security announces that it has detected a
growing volume of cyber activity targeting election infrastructure in the U.S. ahead of the 2018
midterm elections.

October 2018.

The Centers for Medicare and Medicaid Services announced that hackers had
compromised a government computer system, gaining access to the personal data of 75,000 people
ahead of the start of ACA sign-up season.

October 2018.

The Security Service of Ukraine announced that a Russian group had carried out
an attempted hack on the information and telecommunication systems of Ukrainian government
groups

October 2018.

The U.S. Justice Department announces criminal charges against seven GRU
officers for multiple instances of hacking against organizations including FIFA, Westinghouse
Electric Company, the Organisation for the Prohibition of Chemical Weapons, and the U.S. and
World Anti-Doping Agencies.

September 2018.

Security researchers found that a Russian hacking group had used malware to
target the firmware of computers at government institutions in the Balkans and in Central and
Eastern Europe.

September 2018.

In a letter to Senate leaders, Sen. Ron Wyden revealed that a major technology
company had alerted multiple Senate offices of attempts by foreign government hackers to gain
access to the email accounts of Senators and their staff

September 2018.

Researchers report that 36 different governments deployed Pegasus spyware
against targets in at least 45 countries, including the U.S., France, Canada, and the UK.

September 2018.

The U.S. State Department suffers a breach of one of its unclassified email
systems, exposing the personal information of several hundred employees.

September 2018.

Swiss officials reveal that two Russian spies caught in the Netherlands had been
preparing to use cyber tools to sabotage the Swiss defense lab analyzing the nerve agent used to
poison former Russian Agent Sergei Skripal.

September 2018.

Security researchers find that Iranian hackers have been surveilling Iranian
citizens since 2016 as part of a mobile spyware campaign directed at ISIS supporters and members
of the Kurdish ethnic group.

September 2018.

Russian hackers targeted the email inboxes of religious leaders connected to
Ukraine amid efforts to disassociate Ukraine’s Orthodox church from its association with Russia.

September 2018.

The U.S. Department of Justice announces the indictment and extradition of a
Russian hacker accused of participating in the hack of JP Morgan Chase in 2014, leading to the
theft of data from over 80 million customers.

September 2018.

The U.S. Department of Justice announces the indictment of Park Jin Hyok, a
North Korean Hacker allegedly involved in the 2014 Sony hack, the 2016 theft of $81 million from
a Bangladeshi bank, and the WannaCry ransomware attacks.

September 2018.

Researchers reveal a new cyber espionage campaign linked to attacks against
Vietnamese defense, energy, and government organizations in 2013 and 2014.

September 2018.

Chinese hackers breached the systems of the Starwood hotel chain in 2014.

It is estimated that the personal information of up to 500 million people was stolen

August 2018.

North Korean hackers stole $13.5 million from India’s Cosmos Bank after breaking
into the bank’s system and authorizing thousands of unauthorized ATM withdrawals, as well as
several illegal money transfers through the SWIFT financial network.

August 2018.

Security researchers report that Iranian hackers had targeted the websites and login
pages of 76 universities in 14 countries. The attackers stole the credentials of users who attempted
to sign in, gaining access to library resources for the purposes of intellectual property theft.

August 2018.

Facebook identified multiple new disinformation campaigns on its platform
sponsored by groups in Russia and Iran. The campaigns targeted users in the U.S., Latin America,
Britain, and the Middle East, and involved 652 fake accounts, pages, and groups.

August 2018.

Microsoft announces that Russian hackers had targeted U.S. Senators and
conservative think tanks critical of Russia.

July 2018.

Security researchers report that an Iranian hacking group had been targeting the
industrial control systems of electric utility companies in the U.S., Europe, East Asia, and the
Middle East.

July 2018.

The Department of Homeland Security reveal that a campaign by Russian hackers in
2017 had compromised the networks of multiple U.S. electric utilities and put attackers in a
position where they could have caused blackouts.

July 2018.

Senator Claire McCaskill reveals that her 2018 re-election campaign was targeted by
hackers affiliated with Russia’s GRU intelligence agency. Attackers unsuccessfully targeted
staffers in the Senator’s office with phishing emails designed to harvest their passwords.

July 2018.

Researchers report that a hacking group linked to Iran has been active since early 2017
targeting energy, government, finance, and telecommunications entities in the Middle East.

July 2018.

Microsoft reveals that Russian hackers had targeted the campaigns of three Democratic
candidates running for the 2018 midterm elections.

July 2018.

Russian hackers were found to have targeted the Italian navy with malware designed
to insert a backdoor into infected networks.

July 2018.

Security researchers detect a spike in hacking attempts against IoT devices in Finland
during the run-up President Trump’s summit with Vladimir Putin in Helsinki. The majority of
attacks originated in China.

July 2018.

Singapore’s largest healthcare institution was targeted by state-sponsored hackers,
leading to the leakage of personal information for 1.5 million patients, along with prescription
details for 160,000 others.

July 2018.

Ukrainian intelligence officials claim to have thwarted a Russian attack on the network
equipment of a chlorine plant in central Ukraine. The virus used in the attack is the same malware
responsible for the infection of 500,000 routers worldwide in a campaign the FBI linked to statesponsored Russian hackers.

July 2018.

The U.S. Department of Justice announced the indictments of 12 Russian intelligence
officers for carrying out large-scale cyber operations against the Democratic Party in advance of
the 2016 Presidential election. The officers’ alleged crimes included the theft and subsequent
leakage of emails from the Democratic National Committee and Hillary Clinton campaign, and
the targeting of election infrastructure and local election officials in an attempt to interfere with
the election.

July 2018.

Security researchers report that Chinese hackers had been actively spying on political
actors on both sides of the upcoming Cambodian elections. Targets include the country’s National
Election Commission, several government ministries, the Cambodian Senate, at least one Member
of Parliament, and multiple media outlets and human rights activists.

July 2018.

Hackers targeted the campaigns of at least two local Democratic candidates during
2018’s primary season, reportedly using DDoS attacks to disrupt campaign websites during
periods of active fundraising and positive news publicity.

July 2018.

Australian National University (ANU) was found to have been breached by Chinese
hackers in an attack believed to be motivated by a desire to siphon intellectual property from the
institution.

June 2018.

Marketing data firm Exactis suffered a data breach exposing the information of 340
million people, including their political preferences, browsing habits, and purchase data.

June 2018.

Ukraine police claim that Russian hackers have been systematically targeting
Ukrainian banks, energy companies, and other organizations to establish backdoors in preparation
for a wide-scale strike against the country.

June 2018.

Chinese hackers were found to be engaged in a cyber espionage campaign to collect
data from satellite, telecom, and defense organizations in the U.S. and Southeast Asia.

June 2018.

A Russian hacking group linked to disrupting the Peyongchang Olympics targeted
individuals in France, Germany, Switzerland, Russia, and Ukraine linked to a biochemical threat
conference organized by a company involved in the investigation of the poisoning of Sergei
Skripal in March 2018.

June 2018.

A Chinese hacking group targeted a national data center in a Central Asian country,
preparing a watering hole attack to inject malicious code onto other government websites
connecting to the data center.

June 2018.

Researchers reveal that North Korean hackers targeted a South Korean think tank
focused on national security issues. The hackers used a zero-day exploit to compromise the
organization’s website and insert a backdoor for injecting code.

June 2018.

The U.S. Treasury Department announced sanctions against five Russian companies
and three individuals for enabling Russian intelligence and military units to conduct cyberattacks
against the U.S.

June 2018.

Chinese government hackers compromised the networks of a U.S. Navy contractor,
stealing 614 GB of data related to weapons, sensor, and communication systems under
development for U.S. submarines.

May 2018.

Cyber security researchers reported that North Korean hackers had been targeting
defectors through compromised Android apps hosted through the Google Play market, stealing
device information and allowing the insertion of executable code stealing photos, contact lists, and
text messages.

May 2018.

Security researchers reveal that the Pakistani military used Facebook Messenger to
distribute spyware to targets in the Middle East, Afghanistan, and India in an attempt to
compromise government officials, medical professionals, and others.

May 2018.

Turkish government hackers were discovered to be using surveillance software
FinFisher to infect Turkish dissidents and protesters.

May 2018.

An unknown group of hackers stole between $18 and $20 million dollars from
Mexican banks by exploiting the SWIFT transfer system, submitting a series of false transfer
orders to phantom accounts in other banks and emptying the accounts in dozens of branch offices.

May 2018.

Within 24 hours of President Trump’s announcement that the US would withdraw
from the Iran nuclear agreement, security firms reported increases in Iranian hacking activity,
including the sending of emails containing malware to diplomats in the Foreign Affairs ministries
of US allies, as well as global telecommunication companies.

May 2018.

Researchers reveal that a hacking group connected to Russian intelligence services
had been conducting reconnaissance on the business and ICS networks of electric utilities in the
US and UK since May 2017.

April 2018.

A cyber espionage campaign originating in China collected data from satellite,
telecom, and defense organizations in the United States and Southeast Asia

April 2018.

Security researchers report that an Indian hacking group had been targeting
government agencies and research institutions in China and Pakistan since 2013.

April 2018.

Cyber security researchers reveal that North Korean hackers targeted critical
infrastructure, finance, healthcare, and other industries in 17 countries using malware resembling
the code used in the 2014 Sony Pictures attack.

April 2018.

Israeli cyber researchers revealed that Hamas had planted spyware in mobile phones
owned by members of Fatah, a rival Palestinian faction

April 2018.

Reports from cyber security researchers indicate that Chinese state-sponsored hacking
groups have targeted Japanese defense companies in an attempt to gain information on Tokyo’s
policies towards North Korea

April 2018.

US and UK officials issued a joint warning that Russia was deliberately targeting
western critical infrastructure by compromising home and business routers

April 2018.

The director of the UK’s Government Communications Headquarters (GCHQ)
announced that the organization had been conducting offensive cyber operations against ISIS to
suppress their propaganda, disrupt their coordination, and protect deployed military personnel

April 2018.

The chief of Germany’s domestic intelligence services accused Russia of being
behind the December 2017 attack on the government’s computer networks

April 2018.

The UK’s National Cyber Security Centre released an advisory note warning that
Russian state actors were targeting UK critical infrastructure by infiltrating supply chains

April 2018.

All government services of Sint. Maarten, a Caribbean island and constitute country
of the Netherlands, were taken offline for a week after a cyber attack. According to local
authorities, this is the third cyber attack the country has faced in just over a year.

April 2018.

The North Korean hacking group responsible for the SWIFT attacks was found to
have targeted a Central American online casino in an attempt to siphon funds

March 2018.

Online services for the city of Atlanta were disrupted after a ransomware attack
struck the city’s networks, demanding $55,000 worth of bitcoin in payment. The city would
eventually spend approximately $2.6 million recovering from the attack.

March 2018.

Baltimore’s 911 dispatch system was taken down for 17 hours after a ransomware
attack, forcing the city to revert to manual dispatching of emergency services

March 2018.

The US Departments of Justice and Treasury accused Iran in an indictment of
stealing intellectual property from more than 300 universities, as well as government agencies and
financial services companies.

March 2018.

The FBI and Department of Homeland Security issued a joint technical alert to warn
of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water,
aviation, and manufacturing facilities.

March 2018.

Columbian authorities reported more than 50,000 attacks on the web platform of
Columbia’s national voter registry during the run-up to national elections.

March 2018.

A data breach of the company Under Armor compromised the information of 150
million users of its fitness and nutrition tracking app MyFitnessPal

March 2018.

Cybersecurity researchers reveal that a Chinese hacking group used malware to
attack the service provider for the UK government in an attempt to gain access to contractors at
various UK government departments and military organizations

March 2018.

Cybersecurity researchers announce evidence that the same North Korean hacking
group linked to the SWIFT financial network attacks has been targeting several major Turkish
banks and government finance agencies.

March 2018.

A UN report details attempts by North Korean hackers to compromise email
accounts of the members of a UN panel enforcing trade sanctions against North Korea.

February 2018.

German news reported that a Russian hacking group had breached the online
networks of Germany’s foreign and interior ministries, exfiltrating at least 17 gigabytes of data in
an intrusion that went undetected for a year.

February 2018.

The Justice Department indicted 13 Russians and three companies for their online
efforts to interfere in the 2016 US presidential elections.

February 2018.

The US and UK formally blame Russia for the June 2017 NotPetya ransomware
attack that caused billions of dollars in damages across the world.

February 2018.

A cyberattack on the Pyeongchang Olympic Games attributed to Russia took the
official Olympic website offline for 12 hours and disrupted wifi and televisions at the Pyeongchang
Olympic stadium.

February 2018.

Officials at the Department of Homeland Security confirmed that Russian
hackers successfully penetrated the voter registration rolls of several US states prior to the 2016
election.

January 2018.

Chinese hackers infiltrated a U.S. Navy contractor working for the Naval
Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for
use on U.S. submarines were taken, along with submarine radio room information related to
cryptographic systems and the Navy submarine development unit’s electronic warfare library

January 2018.

China denied that the computer network it supplied to the African Union allowed
it access the AU’s confidential information and transfer it to China, or that it had bugged offices
in the AU headquarters that it had built.

January 2018.

A Japan-based cryptocurrency exchange reveals that it lost $530 million worth of
the cryptocurrency NEM in a hack, in what amounts to possibly the largest cryptocurrency heist
of all time.

January 2018.

Norwegian officials discover a “very professional” attempt to steal patient data
from a Norwegian hospital system, in an attack they speculate was connected to the upcoming
NATO Trident Juncture 18 military exercise.

January 2018.

A hacking group with ties to the Lebanese General Directorate of General
Security was revealed to have been involved in a six-year campaign to steal text messages, call
logs, and files from journalists, military officers, corporations, and other targets in 21 countries
worldwide.

January 2018.

The Unique Identification Authority of India and its Aadhaar system are hacked
by unknown actors, resulting in the personal data of more than 1 billion people being available
for purchase.

December 2017.

French company Schneider Electric was forced to shut down operations of a
power plant in the Middle East after malware compromised its industrial control systems.
Analysis by security researchers indicated that the attack was sponsored by a nation-state.

December 2017.

The state-owned China Aerospace Science and Industry Corporation (CASIC)
is alleged to have pre-installed backdoors in biometric equipment sold to Taiwan for its e-Gate
border control system. The backdoors would have allowed CASIC to gather private data on both
Taiwanese and foreign citizens traveling in and out of the country since the system’s installation
in 2012.

December 2017.

Iranian hackers used fake social network profiles and a fake news site to target
academic researchers, human rights activists, media outlets, and political advisors

November 2017.

Three Chinese nationals employed at a China-based Internet security firm are
indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity
theft against employees of Siemens, Moody’s Analytics, and Trimble.

November 2017.

Uber discloses that it paid hackers $100,000 to delete the stolen data of 57
million of its customers and drivers, including names, phone numbers, email addresses, and license
plate numbers.

November 2017.

Cybersecurity researchers report a cyberespionage campaign targeting
government organizations in South America and Southeast Asia. The group, deemed to have
nation-state capabilities, aimed to acquire foreign policy information from diplomatic and
government entities.

November 2017.

Cybersecurity researchers report a sophisticated Vietnamese hacking group
responsible for cyber espionage campaigns targeting the ASEAN organization, foreign
corporations with an interest in Vietnamese industries, and media, human rights, and civil society
organizations.

October 2017.

A major wave of ransomware infections hits media organizations, train stations,
airports, and government agencies in Russia and Eastern Europe. Security researchers found strong
evidence linking the attack to the creators of NotPetya, and noted that the malware used leaked
NSA-linked exploits to move through networks. Ukrainian police later reported that the
ransomware was a cover for a quiet phishing campaign undertaken by the same actor to gain
remote access to financial and other confidential data.

October 2017.

Yahoo updates the previous projections of 1 billion account affected in its
massive 2013 breach, acknowledging that all 3 billion accounts were compromised.

October 2017.

Russian hackers reported to be targeting potential attendees of CyCon, a
cybersecurity conference organized by the US Army and the NATO CCD COE

October 2017.

DHS and FBI reports warn of Russia-linked hackers targeting industrial control
systems at US energy companies and other critical infrastructure organizations

October 2017.

Poland’s Defense Minister reports that the country repelled a third Russian hacking
attempt against companies in Poland, reportedly part of a larger campaign against Eastern
European corporations.

October 2017.

North Korean hackers were found to have targeted US electric companies in a
spear-phishing campaign meant to probe utilities’ defenses.

October 2017.

North Korean hackers allegedly broke into South Korea’s defense data center in
2016 and stole a large trove of sensitive documents over the course of a year, including joint U.S.-
South Korean blueprints for war on the peninsula.

October 2017.

China allegedly carried out a cyberattack against a U.S. think tank and law firm,
both involved with fugitive Chinese tycoon Guo Wengui.

October 2017.

The Australian Government revealed that hackers compromised an Australian
national security contractor in 2016 and stole large amounts of data, including information related
to the development of the F-35 Joint Strike Fighter.

October 2017.

Reports surface that Russian government-backed hackers stole NSA hacking
secrets from a contractor in 2015 by exploiting the Kaspersky antivirus software on the
contractor’s home computer

September 2017.

An Iranian hacking group was responsible for an espionage campaign targeting
the aerospace industry in the U.S. and Saudi Arabia, as well as petrochemical firms in South Korea
and Saudi Arabia.

September 2017.

Russia compromised the personal smartphones of NATO soldiers deployed to
Poland and the Baltic states.

September 2017.

Press reports say that the US Cyber Command targeted North Korea's the
Reconnaissance General Bureau for denial of service attacks.

September 2017.

China allegedly inserted malware into widely used PC management tool. The
malware targeted at least 20 major international technology firms.

September 2017.

The SEC reported that cybercriminals accessed the agency’s files in 2016 and
used the information gathered for illicit trading

September 2017.

Credit monitoring firm Equifax disclosed a July data breach that revealed 143
million people’s full names, social security numbers, birth dates, home addresses and driver’s
license numbers, as well as 209,000 credit card numbers.

September 2017.

Researchers report malware infections in Cambodia designed to surveil
dissidents and disrupt domestic political activity.

August 2017.

Researchers inform the Estonian Information System Authority of a vulnerability
potentially affecting the use of 750,000 Estonian e-ID cards. The government replaced the
compromised cards in late 2017, but claims that no cards were ever hacked.

August 2017.

South Korea’s Cyber Warfare Research Center reports that North Korea has been
targeting South Korean Bitcoin exchanges.

August 2017.

A state-sponsored spyware campaign targeted Indian and Pakistani government
security and military organizations.

August 2017.

The Scottish Parliament suffered from a brute force cyberattack similar to the one
that compromised the British Parliament in June.

July 2017.

The Swedish Transport Agency’s outsourced data is hacked, potentially compromising
confidential information and classified information on military plans.

July 2017.

Security researchers revealed details of a wide-ranging malware campaign linked to
China which used over 600 strains of malware to conduct espionage operations on Southeast Asian
military and government organizations

July 2017.

GCHQ issued a warning saying that state-sponsored hackers had likely broken into
the Industrial Control Systems of UK energy companies

July 2017.

Security researchers revealed an Iran-linked cyber espionage group active since 2013
that had used spear phishing and watering hole attacks to target government institutions, defense
companies, IT firms and more in Israel, Saudi Arabia, the US, Germany, Jordan, and Turkey.

July 2017.

The FBI and DHS announced that hackers had been targeting US energy facilities
including the Wolf Creek Nuclear Operating Corporation in a campaign bearing resemblance to
the operations of a known Russian hacking group

July 2017.

Cyber research firms reported a new malware campaign launched the day after North
Korea’s July missile tests. The identified family of malware featured a command and control
infrastructure with links to South Korea, and had previously been used in three other campaigns
linked to North Korea.

July 2017.

Hackers attacked a partner of UniCredit, Italy’s largest bank, gaining access to loan
and biographical data from 400,000 client accounts

July 2017.

Russian hackers used leaked NSA tools to compromise Wi-Fi servers in European and
Middle Eastern hotels in a campaign targeting top diplomats and industrial leaders.

July 2017.

The Qatari government accused hackers in the United Arab Emirates of posting fake
news and attacking Qatari state-run media websites in a campaign designed to widen a rift between
Gulf states.

June 2017.

The New York Times revealed that spyware sold to the Mexican government was
being used to target human rights lawyers, journalists, and anti-corruption activists

June 2017.

US-CERT identified the North Korean government as being behind a DDoS botnet
infrastructure used to target media, financial, aerospace, and critical infrastructure organizations
worldwide

June 2017.

A Russia-linked hacking group was found to have launched a spear-phishing
campaign against Montenegro after the country announced its decision to join NATO

June 2017.

A NotPetya ransomware attack shut down the port terminals of Danish shipping giant
Maersk for two days, causing an estimated $300 million in associated costs

June 2017.

Russian hackers used an updated ransomware program to target Ukrainian
infrastructure, including power companies, airports, and public transit.

June 2017.

A brute-force attack alleged to have been carried out by Iranian state actors
compromised nearly 90 British members of parliament, whose email accounts were hacked.

May 2017.

Beginning in 2011, Hackers from the internet security firm Boyusec compromised the
networks of three companies over a multi-year period and gained access to confidential documents
and data, including sensitive internal communications, usernames and passwords, and business
and commercial information

May 2017.

A hacking campaign by an Iran-linked group targeted multiple Israeli IT vendors,
financial institutions and the national post office

May 2017.

A ransomware campaign spread to 99 countries using a vulnerability revealed in the
Shadow Brokers’ April 2017 dump of NSA tools.

May 2017.

Lebanon accused Israel of hacking the Lebanese telecoms network and sending audio
and WhatsApp messages to 10,000 people claiming that Hezbollah’s leader was behind the death
of the group’s top commander.

May 2017.

An Iranian hacking group attempted to carry out an attack on a U.S. military contractor
using Russian tools.

May 2017.

Thousands of emails and other documents from the campaign of French president-elect
Emmanuel Macron, totaling 9 gigabytes, were released shortly before the election, in an effort
linked to Russia.

April 2017.

The Israeli Cyber Defense Authority announced it had defended an Iranian
cyberattack campaign against 120 targets in the government, high-tech, medical, and education
sectors

April 2017.

Irish state-owned utility EirGrid suffered a security breach at the hands of statesponsored hackers involving a virtual wiretap allowing access to the company’s unencrypted
communications.

April 2017.

The Lazarus Group, thought to be associated with North Korea, was found to be
involved in a spear phishing campaign against US defense contractors

April 2017.

Cybersecurity researchers revealed a growing cyber-espionage campaign originating
in China and targeting construction, engineering, aerospace and telecom companies, as well as
government agencies, in the U.S., Europe, and Japan.

April 2017.

The Danish Defense Intelligence Service reported that a “foreign player,” alleged by
the Danish press to be Russia espionage group, had accessed Defense Ministry email accounts in
2015 and in 2016, but was unable to retrieve classified information.

April 2017.

The Shadow Brokers, the group that claimed to have hacked the NSA in August 2016,
released yet another trove of purported NSA hacking tools, including one that suggests the NSA
had gained access to SWIFT messages.

April 2017.

Chinese attempts to penetrate South Korean military, government and defense
industry networks continued at an increasing rate since a February announcement that the THAAD
missile defense system would be deployed in South Korea.

March 2017.

An intelligence report revealed a Russian operation to send malicious spear-phishing
messages to more than 10,000 Twitter users in the Department of Defense. The malicious payloads
delivered through these messages gave Russian hackers access to the victim’s device and Twitter
account.

March 2017.

The U.S. Department of Justice indicted two Russian intelligence agents and two
criminal hackers over the September 2014 Yahoo hack, which compromised 500 million user
accounts.

March 2017.

Chinese police arrested 96 suspects charged with hacking into the servers of social
media, gaming and video streaming sites, stealing personal information, and posting the
information for sale on online forums.

March 2017.

Wikileaks released a trove of sophisticated CIA hacking tools dated from 2013 to
2016, claiming that the release reflected several hundred million lines of CIA-developed code.

February 2017.

An Iranian hacker group targeted actors associated with the U.S. defense
industrial base as well as at least one human rights activist in a campaign to steal credentials and
other data

February 2017.

An Iranian cyber espionage campaign targeted the energy, government, and
technology sectors of Saudi Arabia

February 2017.

A suspected Russian hacker breaches at least 60 universities and US
government organizations using SQL injections, including HUD, NOAA, Cornell University,
and NYU, among many others. This follows up a hack by the same actor against the U.S.
Electoral Assistance Commission in December 2016.

February 2017.

Indian Central Bureau of Investigation and Army officers were targeted by a
phishing campaign purportedly mounted by Pakistan.

February 2017.

Hackers compromised the Singaporean military’s web access system and stole
the personal information of 850 people. The Ministry of Defense said it was likely the attack was
state sponsored.

February 2017.

A sophisticated malware operation extracted over 600 gigabytes of data from 70
mostly Ukrainian targets in the fields of critical infrastructure, news media, and scientific research.

January 2017.

A Swedish foreign policy institute accused Russia of conducting an information
warfare campaign, using fake news, false documents, and disinformation intended to weaken
public support for Swedish policies.

December 2016.

Russian hackers targeted Ukraine’s national power company, Ukrenergo, and
shut down power to northern Kiev for over an hour.

December 2016.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT)
warned its customers that they remain vulnerable to attacks by “sophisticated” threat actors, having
witnessed “a meaningful number” of attacks on its customers since the Bangladesh heist in
February 2016, a fifth of which had resulted in stolen funds.

December 2016.

Yahoo revealed that its systems had been intruded into in August 2013, and that
the breach compromised one billion user accounts. Compromised data included usernames, email
addresses, phone numbers, dates of birth, passwords, and security questions and answers. The data
was posted for sale for $200,000 or best offer on underground forums.

November 2016.

An indiscriminate attack compromised systems at the San Francisco Municipal
Transportation Agency (the Muni), locking operators out of computers and customers out of
kiosks. As a result, the Muni offered customers free rides for two days, until administrators restored
its systems without paying the demanded $73,000 ransom.

November 2016.

Hackers targeted AdultFriendFinder, a dating website, compromising 412
million users and publishing their emails, passwords, member status and purchases on online
criminal marketplaces.

November 2016.

The hard-drive-wiping “Shamoon” virus used against Saudi Aramco in 2012
was deployed against four Saudi Arabian government agencies. The attack wiped data on
thousands of computers at Saudi’s General Authority of Civil Aviation and other agencies.

October 2016.

A cyber mercenary contracted by a rival firm used a botnet to disable a Liberian
telecom company, rendering half the country unable to access the internet.

October 2016.

Hackers grained control of a major Brazilian bank’s Domain Name System
addresses and seized the bank’s entire online footprint for several hours.

October 2016.

The U.S. Director of National Intelligence and Department of Homeland Security
jointly identified Russia as responsible for hacking the Democratic National Committee and using
WikiLeaks to dump emails obtained in the hack.

September 2016.

Japanese Defense Ministry and Self-Defense Forces (SDF) communications
networks linking SDF bases and camps were compromised.

September 2016.

Yahoo revealed that it an intrusion into its network in late 2014 had given
hackers access to 500 million users’ usernames, email addresses, phone numbers, dates of birth,
passwords, and a mix of encrypted and plaintext security questions and answers. The company’s
CIO claimed the attack was perpetrated by a state-sponsored actor.

August 2016.

A group calling itself “Shadow Brokers” claimed to have penetrated NSA and
published a collection of NSA tools on Pastebin.

August 2016.

Brazilian hackers ramped up phishing attacks against tourists visiting Rio de Janeiro
for the 2016 Olympics. Security researchers ranked Brazil second only to Russia in the
sophistication of its financial fraud gangs.

August 2016.

A cybercriminal gang purportedly from Russia breached enterprise software
company Oracle’s systems, possibly to install malware on point-of-sale (POS) systems. The POS
malware would then allow hackers to gain access to financial information in data breaches at major
retailers.

August 2016.

Two Hong Kong government agencies were penetrated in an attack allegedly by
China. The attack came weeks before legislative elections in Hong Kong.

August 2016.

Designs and data regarding India’s Scorpene submarines were leaked from the
French shipbuilder DCNS. DCNS also builds submarines for Malaysia and Chile, and recently
won contracts to build submarines for Brazil and Australia.

July 2016.

Forensic evidence points to Russian intelligence agencies as responsible for the release
of 20,000 emails from the Democratic National Committee.

July 2016.

A series of DDOS attacks disrupted 68 Philippine government websites on July 12, the
day the United Nations International Arbitration court released its decision ruling in favor of the
Philippines on the West Philippine Sea territorial dispute.

July 2016: A new strain of cyberespionage malware with a dropper designed to target specific
European energy companies has been discovered. Researchers say the malware appears to be the
work of a nation-state, may have originated in Eastern Europe, and its role seems to be battlespace
preparation.

July 2016: A Chinese cyber espionage group targeted defense industries in Russia, Belarus, and
Mongolia with APTs using phishing campaigns to exfiltrate data.
May 2016: Suspected Russian hackers attempted to penetrate the Turkish Prime Minister’s office
and the German Christian Democratic Union party. The attacks targeted personal email accounts
and attempted to obtain login credentials.

May 2016.

Researchers uncovered an espionage campaign originating from Iran that attacked
government and business targets in multiple countries, as well as targets inside of Iran. The
operation was conducted over the course of a decade.

May 2016.

Germany’s domestic intelligence agency accused Russia of perpetrating a series of
cyber attacks on the German Bundestag in 2015.

The attackers made off with an undisclosed
amount of data.

May 2016: Saudi Arabian communications and defense organizations were hacked, possibly by
Iran.

April 2016.

U.S. Steel accused Chinese government hackers of stealing proprietary information
about steel production techniques for the benefit of Chinese steel producers

April 2016.

The German Christian Democratic Union, the political party of Angela Merkel, was
targeted in a credential phishing attack by a Russian cyber espionage group.

April 2016.

The Philippine Commission on Elections’ (COMELEC) database was breached,
exposing the personal information of all 55 million registered Filipino voters, including fingerprint
data, passport numbers and expiry dates, and intentions to run for office.

April 2016.

Microsoft researchers discover a highly skilled hack group that has targeted
government agencies (including intelligence agencies), defense research centers and
telecommunication service providers in South and Southeast Asia since 2009.

April 2016.

North Korean hackers stole warship blueprints from the database of a South Korean
shipbuilder.

Mach 2016.

A suspected ransomware attack crippled MedStar Health-operated hospitals in
Maryland and Washington.

March 2016.

North Korean hackers broke into the smartphones of a dozen South Korean officials,
accessing phone conversations, text messages, and other sensitive information.

March 2016.

21st Century Oncology, a cancer care company, revealed that 2.2 million patients’
personal information may have been stolen in an October 2015 hack. Hackers had access to patient
names, Social Security numbers, doctor names, diagnosis and treatment information, and insurance
information.

March 2016.

Finland’s foreign ministry discovered it had been the victim of a four-year breach in
their computer network.

February 2016.

The Internal Revenue Service (IRS) announced that a breach of its systems in
May 2015 had compromised over 700,000 American taxpayers. The IRS suspected that a Russian
tax fraud operation is responsible for the breach.

February 2016.

Hackers breached the U.S. Department of Justice’s database, stealing and
releasing the names, phone numbers, and email addresses or 30,000 DHS and FBI employees.

February 2016.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT)
warned its customers that they remain vulnerable to attacks by “sophisticated” threat actors, having
witnessed “a meaningful number” of attacks on its customers since the Bangladesh heist in
February 2016, a fifth of which had resulted in stolen funds.







HbAD0

 
Back to Top