List of cyberattacks

Last updated

A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

Contents

Indiscriminate attacks

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

Destructive attacks

These attacks relate to inflicting damage on specific organizations.

Cyberwarfare

These are politically motivated destructive attacks aimed at sabotage and espionage.

Government espionage

These attacks relate to stealing information from/about government organizations:

Corporate espionage

These attacks relate to stealing data of corporations related to proprietary methods or emerging products/services.

Stolen e-mail addresses and login credentials

These attacks relate to stealing login information for specific web resources.

Stolen credit card and financial data

Blockchain and cryptocurrencies

Ransomware attacks

Notable criminal ransomware hacker groups

Hacktivism

See also

Further reading

Related Research Articles

Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

In computer security, a wiper is a class of malware intended to erase the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Dexter is a computer virus or point of sale (PoS) malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as credit and debit card information.

<span class="mw-page-title-main">Seculert</span> Israeli cloud-based cyber security technology

Seculert was a cloud-based cyber security technology company based in Petah Tikva, Israel. The company's technology was designed to detect breaches and advanced persistent threats (APTs), attacking networks. Seculert's business was based on malware research and the ability to uncover malware that has gone undetected by other traditional measures.

The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced (...) we have seen", operating alongside the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">2017 Ukraine ransomware attacks</span> Series of powerful cyberattacks using the Petya malware

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

A wave of cyberattacks and data breaches began in June 2023 after a vulnerability was discovered in MOVEit, a managed file transfer software.

References

  1. Goodin, Dan (January 14, 2013). "Massive espionage malware targeting governments undetected for 5 years". Ars Technica. Retrieved November 8, 2014.
  2. "WannaCry Ransomware: What We Know Monday". NPR.org. Retrieved 2017-05-15.
  3. Perloth, Nicole (October 24, 2012). "Cyberattack On Saudi Firm Disquiets U.S." New York Times . pp. A1. Retrieved October 24, 2012.
  4. Goodin, Dan (August 16, 2012). "Mystery malware wreaks havoc on energy sector computers". Ars Technica. Retrieved November 8, 2014.
  5. "Iranian Oil Sites Go Offline Amid Cyberattack". The New York Times. April 23, 2012. Retrieved November 8, 2014.
  6. Goodin, Dan (August 29, 2012). "The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?". Ars Technica. Retrieved November 8, 2014.
  7. "Secret CIA assessment says Russia was trying to help Trump win White House". Washington Post. Retrieved 2019-04-01.
  8. "Australians urged to be vigilant against continued cyber attacks from Iran's regime". ABC News. 24 January 2023. Retrieved 24 Jan 2023.
  9. Goodin, Dan (May 21, 2013). "Chinese hackers who breached Google reportedly targeted classified data". Ars Technica. Retrieved November 8, 2014.
  10. Goodin, Dan (August 9, 2012). "Nation-sponsored malware with Stuxnet ties has mystery warhead". Ars Technica. Retrieved November 8, 2014.
  11. Sanders, Sam (June 4, 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR.
  12. "Russian Hackers Suspected In Cyberattack On German Parliament". London South East. Alliance News. June 19, 2015.
  13. 1 2 "Hackers lurking, parliamentarians told". Deutsche Welle. Retrieved 21 September 2016.
  14. "Hackerangriff auf deutsche Parteien". Süddeutsche Zeitung. 20 September 2016. Retrieved 21 September 2016.
  15. Holland, Martin (20 September 2016). "Angeblich versuchter Hackerangriff auf Bundestag und Parteien". Heise. Retrieved 21 September 2016.
  16. Hemicker, Lorenz; Alto, Palo. ""Wir haben Fingerabdrücke"". Faz.net. Frankfurter Allgemeine. Retrieved 21 September 2016.
  17. "In First Massive Cyberattack, China Targets Israel". Haaretz.
  18. "Hackers breach Indian government emails multiple times". Arjun Ramprasad. Previewtech.net. June 30, 2021.
  19. Gawker rooted by anonymous hackers, December 13, 2010, Dan Goodin, The Register, retrieved at 2014-11-08
  20. Goodin, Dan (September 25, 2012). "Trade group exposes 100,000 passwords for Google, Apple engineers". Ars Technica. Retrieved November 8, 2014.
  21. Goodin, Dan (July 12, 2012). "Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated)". Ars Technica. Retrieved November 8, 2014.
  22. Goodin, Dan (January 31, 2013). "How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated)". Ars Technica. Retrieved November 8, 2014.
  23. Goodin, Dan (January 31, 2014). "Mass hack attack on Yahoo Mail accounts prompts password reset". Ars Technica. Retrieved November 8, 2014.
  24. 1 2 Howley, Daniel (July 1, 2016). "7 biggest hacks". Yahoo Tech . Retrieved 1 July 2016.
  25. Goodin, Dan (April 27, 2013). "Why LivingSocial's 50-million password breach is graver than you may think". Ars Technica. Retrieved November 8, 2014.
  26. "Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike". Reuters. 24 March 2020.
  27. "WHO reports fivefold increase in cyber attacks, urges vigilance". World Health Organization. Retrieved 29 April 2020.
  28. "Equifax data breach". Federal Trade Commission. 8 September 2017. Retrieved December 10, 2017.
  29. Shukla, Saloni; Bhakta, Pratik (20 October 2016). "3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit". The Economic Times. Retrieved 20 October 2016.
  30. Gallagher, Sean (September 18, 2014). "Credit card data theft hit at least three retailers, lasted 18 months". Ars Technica. Retrieved November 8, 2014.
  31. "Banks: Card Breach at Goodwill Industries – Krebs on Security". 25 July 2014.
  32. Lemos, Robert (September 19, 2014). "Home Depot estimates data on 56 million cards stolen by cybercriminals". Ars Technica. Retrieved November 30, 2014.
  33. Goodin, Dan (December 4, 2013). "Credit card fraud comes of age with advances in point-of-sale botnets". Ars Technica. Retrieved November 8, 2014.
  34. Farivar, Cyrus (December 19, 2013). "Secret Service investigating massive credit card breach at Target (Updated)". Ars Technica. Retrieved November 8, 2014.
  35. Goodin, Dan (December 20, 2013). "Cards stolen in massive Target breach flood underground "card shops"". Ars Technica. Retrieved November 8, 2014.
  36. Goodin, Dan (February 5, 2014). "Target hackers reportedly used credentials stolen from ventilation contractor". Ars Technica. Retrieved November 8, 2014.
  37. Goodin, Dan (January 16, 2014). "Point-of-sale malware infecting Target found hiding in plain sight". Ars Technica. Retrieved November 8, 2014.
  38. Goodin, Dan (April 1, 2012). "After the hack: FAQ for breach affecting up to 10 million credit cards". Ars Technica. Retrieved November 8, 2014.
  39. Goodin, Dan (March 30, 2012). ""Major" credit-card breach hits Visa, MasterCard (Updated)". Ars Technica. Retrieved November 8, 2014.
  40. Goodin, Dan (September 18, 2012). "Two men admit to $10 million hacking spree on Subway sandwich shops". Ars Technica. Retrieved November 8, 2014.
  41. Bangeman, Eric (June 20, 2005). "CardSystems should not have retained stolen customer data". Ars Technica. Retrieved November 8, 2014.
  42. "Lost Credit Data Improperly Kept, Company Admits". The New York Times. June 20, 2005. Retrieved November 8, 2014.
  43. Bangeman, Eric (June 23, 2005). "Scope of CardSystems-caused credit card data theft broadens". Ars Technica. Retrieved November 8, 2014.
  44. Jonathan M. Gitlin (July 22, 2005). "Visa bars CardSystems from handling any more transactions". Ars Technica. Retrieved November 8, 2014.
  45. Popper, Nathaniel (2016-06-17). "A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency". The New York Times. ISSN   0362-4331 . Retrieved 2022-07-17.
  46. Browne, Ryan (2021-08-23). "Hacker behind $600 million crypto heist returns final slice of stolen funds". CNBC. Retrieved 2022-07-17.
  47. Faife, Corin (2022-02-03). "Wormhole cryptocurrency platform hacked for $325 million after error on GitHub". The Verge. Retrieved 2022-07-17.
  48. "Wormhole Hack: Lessons From The Wormhole Exploit". Chainalysis. 2022-02-03. Retrieved 2022-07-17.
  49. Browne, Ryan (2022-04-15). "U.S. officials link North Korean hackers to $615 million cryptocurrency heist". CNBC. Retrieved 2022-07-17.
  50. "North Korea's Lazarus Group moves funds through Tornado Cash | TRM Insights". www.trmlabs.com. Retrieved 2022-07-17.
  51. Twitter https://twitter.com/samczsun/status/1554252024723546112 . Retrieved 2022-08-02.{{cite web}}: Missing or empty |title= (help)
  52. Faife, Corin (2022-08-02). "Nomad crypto bridge loses $200 million in "chaotic" hack". The Verge. Retrieved 2022-08-02.
  53. "NVD - CVE-2022-37450". nvd.nist.gov. Retrieved 2022-08-19.
  54. admin_afhu (2022-08-10). "Hebrew University Researchers Uncover Proof of Ethereum Pool Miners Manipulation". American Friends of the Hebrew University. Retrieved 2022-08-19.
  55. Howcroft, Elizabeth (2022-10-07). "Binance-linked blockchain hit by $570 million crypto hack". Reuters. Retrieved 2022-10-17.
  56. Movement, Q. ai-Powering a Personal Wealth. "What Happened With The $570 Million Binance (BNB) Hack? And What Does It Really Mean For Crypto Investors?". Forbes. Retrieved 2022-10-17.
  57. Dance, Scott (20 May 2015). "Cyberattack affects 1.1 million CareFirst customers". Baltim. Sun .
  58. "Red Cross appeals to hackers after major cyberattack". TheJournal.ie . 2022-01-20. Retrieved 2022-01-22.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.