Significant Cyber Incidents
This timeline records significant cyber incidents since 2006. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.
Below is a summary of incidents from 2017 and 2018. For the full list, click the download link above.
April 2018. Israeli cyber researchers revealed that Hamas had planted spyware in mobile phones owned by members of Fatah, a rival Palestinian faction
April 2018. Reports from cyber security researchers indicate that Chinese state-sponsored hacking groups have targeted Japanese defense companies in an attempt to gain information on Tokyo’s policies towards North Korea
April 2018. Cyber security researchers warn that North Korean hacking groups are expanding their range of targets, attacking industries in Japan, Vietnam, and the Middle East
April 2018. US and UK officials issued a joint warning that Russia was deliberately targeting western critical infrastructure by compromising home and business routers
April 2018. The director of the UK’s Government Communications Headquarters (GCHQ) announced that the organization had been conducting offensive cyber operations against ISIS to suppress their propaganda, disrupt their coordination, and protect deployed military personnel
April 2018. The chief of Germany’s domestic intelligence services accused Russia of being behind the December 2017 attack on the government’s computer networks
April 2018. The UK’s National Cyber Security Centre released an advisory note warning that Russian state actors were targeting UK critical infrastructure by infiltrating supply chains
April 2018. All government services of Sint. Maarten, a Caribbean island and constitute country of the Netherlands, were taken offline for a week after a cyber attack. According to local authorities, this is the third cyber attack the country has faced in just over a year.
April 2018. The North Korean hacking group responsible for the SWIFT attacks was found to have targeted a Central American online casino in an attempt to siphon funds
March 2018. Online services for the city of Atlanta were disrupted after a ransomware attack struck the city’s networks, demanding $55,000 worth of bitcoin in payment. The city would eventually spend approximately $2.6 million recovering from the attack.
March 2018. Baltimore’s 911 dispatch system was taken down for 17 hours after a ransomware attack, forcing the city to revert to manual dispatching of emergency services
March 2018. The US Departments of Justice and Treasury accused Iran in an indictment of stealing intellectual property from more than 300 universities, as well as government agencies and financial services companies.
March 2018. The FBI and Department of Homeland Security issued a joint technical alert to warn of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water, aviation, and manufacturing facilities.
March 2018. A data breach of the company Under Armor compromised the information of 150 million users of its fitness and nutrition tracking app MyFitnessPal
March 2018. Cybersecurity researchers reveal that a Chinese hacking group used malware to attack the service provider for the UK government in an attempt to gain access to contractors at various UK government departments and military organizations
March 2018. Cybersecurity researchers announce evidence that the same North Korean hacking group linked to the SWIFT financial network attacks has been targeting several major Turkish banks and government finance agencies.
March 2018. A UN report details attempts by North Korean hackers to compromise email accounts of the members of a UN panel enforcing trade sanctions against North Korea.
February 2018. German news reported that a Russian hacking group had breached the online networks of Germany’s foreign and interior ministries, exfiltrating at least 17 gigabytes of data in an intrusion that went undetected for a year.
February 2018. The Justice Department indicted 13 Russians and three companies for their online efforts to interfere in the 2016 US presidential elections.
February 2018. The US and UK formally blame Russia for the June 2017 NotPetya ransomware attack that caused billions of dollars in damages across the world.
February 2018. A cyberattack on the Pyeongchang Olympic Games attributed to Russia took the official Olympic website offline for 12 hours and disrupted wifi and televisions at the Pyeongchang Olympic stadium.
February 2018. Officials at the Department of Homeland Security confirmed that Russian hackers successfully penetrated the voter registration rolls of several US states prior to the 2016 election.
January 2018. China denied that the computer network it supplied to the African Union allowed it access the AU’s confidential information and transfer it to China, or that it had bugged offices in the AU headquarters that it had built.
January 2018. A Japan-based cryptocurrency exchange reveals that it lost $530 million worth of the cryptocurrency NEM in a hack, in what amounts to possibly the largest cryptocurrency heist of all time.
January 2018. Norwegian officials discover a “very professional” attempt to steal patient data from a Norwegian hospital system, in an attack they speculate was connected to the upcoming NATO Trident Juncture 18 military exercise.
January 2018. A hacking group with ties to the Lebanese General Directorate of General Security was revealed to have been involved in a six-year campaign to steal text messages, call logs, and files from journalists, military officers, corporations, and other targets in 21 countries worldwide.
January 2018. The Unique Identification Authority of India and its Aadhaar system are hacked by unknown actors, resulting in the personal data of more than 1 billion people being available for purchase.
December 2017. French company Schneider Electric was forced to shut down operations of a power plant in the Middle East after malware compromised its industrial control systems. Analysis by security researchers indicated that the attack was sponsored by a nation-state.
November 2017. Three Chinese nationals employed at a China-based Internet security firm are indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.
November 2017. Uber discloses that it paid hackers $100,000 to delete the stolen data of 57 million of its customers and drivers, including names, phone numbers, email addresses, and license plate numbers.
November 2017. Cybersecurity researchers report a cyberespionage campaign targeting government organizations in South America and Southeast Asia. The group, deemed to have nation-state capabilities, aimed to acquire foreign policy information from diplomatic and government entities.
November 2017. Cybersecurity researchers report a sophisticated Vietnamese hacking group responsible for cyber espionage campaigns targeting the ASEAN organization, foreign corporations with an interest in Vietnamese industries, and media, human rights, and civil society organizations.
October 2017. A major wave of ransomware infections hits media organizations, train stations, airports, and government agencies in Russia and Eastern Europe. Security researchers found strong evidence linking the attack to the creators of NotPetya, and noted that the malware used leaked NSA-linked exploits to move through networks. Ukrainian police later reported that the ransomware was a cover for a quiet phishing campaign undertaken by the same actor to gain remote access to financial and other confidential data.
October 2017. Yahoo updates the previous projections of 1 billion account affected in its massive 2013 breach, acknowledging that all 3 billion accounts were compromised.
October 2017. Russian hackers reported to be targeting potential attendees of CyCon, a cybersecurity conference organized by the US Army and the NATO CCD COE
October 2017. DHS and FBI reports warn of Russia-linked hackers targeting industrial control systems at US energy companies and other critical infrastructure organizations
October 2017. Poland’s Defense Minister reports that the country repelled a third Russian hacking attempt against companies in Poland, reportedly part of a larger campaign against Eastern European corporations.
October 2017. North Korean hackers were found to have targeted US electric companies in a spear-phishing campaign meant to probe utilities’ defenses.
October 2017. North Korean hackers allegedly broke into South Korea’s defense data center in 2016 and stole a large trove of sensitive documents over the course of a year, including joint U.S.-South Korean blueprints for war on the peninsula.
October 2017. China allegedly carried out a cyberattack against a U.S. think tank and law firm, both involved with fugitive Chinese tycoon Guo Wengui.
October 2017. The Australian Government revealed that hackers compromised an Australian national security contractor in 2016 and stole large amounts of data, including information related to the development of the F-35 Joint Strike Fighter.
October 2017. Reports surface that Russian government-backed hackers stole NSA hacking secrets from a contractor in 2015 by exploiting the Kaspersky antivirus software on the contractor’s home computer
September 2017. Russia compromised the personal smartphones of NATO soldiers deployed to Poland and the Baltic states.
September 2017. Press reports say that the US Cyber Command targeted North Korea's the Reconnaissance General Bureau for denial of service attacks.
September 2017. China allegedly inserted malware into widely used PC management tool. The malware targeted at least 20 major international technology firms.
September 2017. The SEC reported that cybercriminals accessed the agency’s files in 2016 and used the information gathered for illicit trading
September 2017. Credit monitoring firm Equifax disclosed a July data breach that revealed 143 million people’s full names, social security numbers, birth dates, home addresses and driver’s license numbers, as well as 209,000 credit card numbers.
September 2017. Researchers report malware infections in Cambodia designed to surveil dissidents and disrupt domestic political activity.
August 2017 . Researchers inform the Estonian Information System Authority of a vulnerability potentially affecting the use of 750,000 Estonian e-ID cards. The government replaced the compromised cards in late 2017, but claims that no cards were ever hacked.
August 2017. South Korea’s Cyber Warfare Research Center reports that North Korea has been targeting South Korean Bitcoin exchanges.
August 2017. A state-sponsored spyware campaign targeted Indian and Pakistani government security and military organizations.
August 2017. The Scottish Parliament suffered from a brute force cyberattack similar to the one that compromised the British Parliament in June.
July 2017 . The Swedish Transport Agency’s outsourced data is hacked, potentially compromising confidential information and classified information on military plans.
July 2017. Security researchers revealed details of a wide-ranging malware campaign linked to China which used over 600 strains of malware to conduct espionage operations on Southeast Asian military and government organizations
July 2017. GCHQ issued a warning saying that state-sponsored hackers had likely broken into the Industrial Control Systems of UK energy companies
July 2017. Security researchers revealed an Iran-linked cyber espionage group active since 2013 that had used spear phishing and watering hole attacks to target government institutions, defense companies, IT firms and more in Israel, Saudi Arabia, the US, Germany, Jordan, and Turkey.
July 2017. The FBI and DHS announced that hackers had been targeting US energy facilities including the Wolf Creek Nuclear Operating Corporation in a campaign bearing resemblance to the operations of a known Russian hacking group
July 2017. Cyber research firms reported a new malware campaign launched the day after North Korea’s July missile tests. The identified family of malware featured a command and control infrastructure with links to South Korea, and had previously been used in three other campaigns linked to North Korea.
July 2017. Hackers attacked a partner of UniCredit, Italy’s largest bank, gaining access to loan and biographical data from 400,000 client accounts
July 2017 . Russian hackers used leaked NSA tools to compromise Wi-Fi servers in European and Middle Eastern hotels in a campaign targeting top diplomats and industrial leaders.
July 2017. The Qatari government accused hackers in the United Arab Emirates of posting fake news and attacking Qatari state-run media websites in a campaign designed to widen a rift between Gulf states.
June 2017. The New York Times revealed that spyware sold to the Mexican government was being used to target human rights lawyers, journalists, and anti-corruption activists
June 2017. US-CERT identified the North Korean government as being behind a DDoS botnet infrastructure used to target media, financial, aerospace, and critical infrastructure organizations worldwide
June 2017. A Russia-linked hacking group was found to have launched a spear-phishing campaign against Montenegro after the country announced its decision to join NATO
June 2017. A NotPetya ransomware attack shut down the port terminals of Danish shipping giant Maersk for two days, causing an estimated $300 million in associated costs
June 2017. Russian hackers used an updated ransomware program to target Ukrainian infrastructure, including power companies, airports, and public transit.
June 2017. A brute-force attack alleged to have been carried out by Iranian state actors compromised nearly 90 British members of parliament, whose email accounts were hacked.
May 2017. A ransomware campaign spread to 99 countries using a vulnerability revealed in the Shadow Brokers’ April 2017 dump of NSA tools.
May 2017. Lebanon accused Israel of hacking the Lebanese telecoms network and sending audio and WhatsApp messages to 10,000 people claiming that Hezbollah’s leader was behind the death of the group’s top commander.
May 2017. Thousands of emails and other documents from the campaign of French president-elect Emmanuel Macron, totaling 9 gigabytes, were released shortly before the election, in an effort linked to Russia.
April 2017. Irish state-owned utility EirGrid suffered a security breach at the hands of state-sponsored hackers involving a virtual wiretap allowing access to the company’s unencrypted communications.
April 2017. The Lazarus Group, thought to be associated with North Korea, was found to be involved in a spear phishing campaign against US defense contractors
April 2017. Cybersecurity researchers revealed a growing cyber-espionage campaign originating in China and targeting construction, engineering, aerospace and telecom companies, as well as government agencies, in the U.S., Europe, and Japan.
April 2017. The Danish Defense Intelligence Service reported that a “foreign player,” alleged by the Danish press to be Russia espionage group, had accessed Defense Ministry email accounts in 2015 and in 2016, but was unable to retrieve classified information.
April 2017. The Shadow Brokers, the group that claimed to have hacked the NSA in August 2016, released yet another trove of purported NSA hacking tools, including one that allowed the NSA to break into the SWIFT interbank messaging and money transfer system.
April 2017. Chinese attempts to penetrate South Korean military, government and defense industry networks continued at an increasing rate since a February announcement that the THAAD missile defense system would be deployed in South Korea.
March 2017. An intelligence report revealed a Russian operation to send malicious spear-phishing messages to more than 10,000 Twitter users in the Department of Defense. The malicious payloads delivered through these messages gave Russian hackers access to the victim’s device and Twitter account.
March 2017. The U.S. Department of Justice indicted two Russian intelligence agents and two criminal hackers over the September 2014 Yahoo hack, which compromised 500 million user accounts.
March 2017. Chinese police arrested 96 suspects charged with hacking into the servers of social media, gaming and video streaming sites, stealing personal information, and posting the information for sale on online forums.
March 2017. Wikileaks released a trove of sophisticated CIA hacking tools dated from 2013 to 2016, claiming that the release reflected several hundred million lines of CIA-developed code.
February 2017 . A suspected Russian hacker breaches at least 60 universities and US government organizations using SQL injections, including HUD, NOAA, Cornell University, and NYU, among many others. This follows up a hack by the same actor against the U.S. Electoral Assistance Commission in December 2016.
February 2017. Indian Central Bureau of Investigation and Army officers were targeted by a phishing campaign purportedly mounted by Pakistan.
February 2017. Hackers compromised the Singaporean military’s web access system and stole the personal information of 850 people. The Ministry of Defense said it was likely the attack was state sponsored.
February 2017. A sophisticated malware operation extracted over 600 gigabytes of data from 70 mostly Ukrainian targets in the fields of critical infrastructure, news media, and scientific research.
January 2017. A Swedish foreign policy institute accused Russia of conducting an information warfare campaign, using fake news, false documents, and disinformation intended to weaken public support for Swedish policies.