Significant Cyber Incidents
This timeline records significant cyber incidents since 2006. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.
Download the Full Incidents List
Below is a summary of incidents from over the last year. For the full list, click the download link above.May 2019. Iran developed a network of websites and accounts that were being used to spread false information about the U.S., Israel, and Saudi Arabia.
May 2019. The Israeli Defense Forces launched a airstrike on the Hamas after they unsuccessfully attempted to hack Israeli targets.
May 2019. Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.
April 2019. Amnesty International’s Hong Kong office announced it had been the victim of an attack by Chinese hackers who accessed the personal information of the office’s supporters.
April 2019. Ukrainian military and government organizations had been targeted was part of a campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared independence from Ukraine in 2014.
April 2019. Hackers used spoofed email addresses to conduct a disinformation campaign in Lithuania to discredit the Defense Minister by spreading rumors of corruption.
April 2019. The Finnish police probed a denial of service attack against the web service used to publish the vote tallies from Finland’s elections.
April 2019. Iranian hackers reportedly undertook a hacking campaign against banks, local government networks, and other public agencies in the UK.
April 2019. Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.
March 2019. The Australian Signals Directorate revealed that it had conducted cyber attacks against ISIS targets in the Middle East to disrupt their communications in coordination with coalition forces.
March 2019. An Iranian cyber espionage group targeted government and industry digital infrastructure in Saudi Arabia and the U.S.
March 2019. state supported Vietnamese hackers targeted foreign automotive companies to acquire IP.
March 2019. Iran's intelligence service hacked into former IDF Chief and Israeli opposition leader Benny Gantz’ cellphone ahead of Israel’s April elections.
March 2019. North Korean hackers targeted an Israeli security firm as part of an industrial espionage campaign.
March 2019. Russian hackers targeted a number of European government agencies ahead of EU elections in May.
March 2019. Indonesia’s National Election Commission reported that Chinese and Russian hackers had probed Indonesia’s voter database ahead of presidential and legislative elections in the country.
March 2019. Civil liberties organizations claimed that government-backed hackers targeted Egyptian human rights activists, media, and civil society organizations throughout 2019.
March 2019. The UN Security Council reported that North Korea has used state-sponsored hacking to evade international sanctions, stealing $670 million in foreign currency and cryptocurrency between 2015 and 2018.
March 2019. Iranian hackers targeted thousands of people at more than 200 oil-and-gas and heavy machinery companies across the world, stealing corporate secrets and wiping data from computers.
March 2019. Following an attack on Indian military forces in Kashmir, Pakistani hackers targeted almost 100 Indian government websites and critical systems. Indian officials reported that they engaged in offensive cyber measures to counter the attacks.
March 2019. U.S. officials reported that at least 27 universities in the U.S. had been targeted by Chinese hackers as part of a campaign to steal research on naval technologies.
February 2019. The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.
February 2019. Prior to the Vietnam summit of Kim Jong Un and Donald Trump, North Korean hackers were found to have targeted South Korean institutions in a phishing campaign using documents related to the diplomatic event as bait.
February 2019. U.S. Cybercommand revealed that during the 2018 U.S. midterm elections, it had blocked internet access to the Internet Research Agency, a Russian company involved in information operations against the U.S. during the 2016 presidential election.
February 2019. A hacking campaign targeted Russian companies linked to state-sponsored North Korean hackers.
February 2019. Hackers associated with the Russian intelligence services had targeted more than 100 individuals in Europe at civil society groups working on election security and democracy promotion.
February 2019. State-sponsored hackers were caught in the early stages of gaining access to computer systems at the Australian Federal Parliament
February 2019. European aerospace company Airbus reveals it was targeted by Chinese hackers who stole the personal and IT identification information of some of its European employees
February 2019. Norwegian software firm Visma revealed that it had been targeted by hackers from the Chinese Ministry of State Security who were attempting to steal trade secrets from the firm’s clients
January 2019. Hackers associated with the Russian intelligence services were found to have targeted the Center for Strategic and International Studies
January 2019. The U.S. Department of Justice announced an operation to disrupt a North Korean botnet that had been used to target companies in the media, aerospace, financial, and critical infrastructure sectors.
January 2019. Former U.S. intelligence personnel were revealed to be working for the UAE to help the country hack into the phones of activists, diplomats, and foreign government officials
January 2019. U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng Wanzhou alleging crimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets
January 2019. Security researchers reveal that Iranian hackers have been targeting the telecom and travel industries since at least 2014 in an attempt to surveil and collect the personal information of individuals in the Middle East, U.S., Europe, and Australia
January 2019. The U.S. Democratic National Committee revealed that it had been targeted by Russian hackers in the weeks after the 2018 midterm elections
January 2019. South Korea’s Ministry of National Defense announced that unknown hackers had compromised computer systems at the ministry’s procurement office
January 2019. The U.S. Securities and Exchange Commission charged a group of hackers from the U.S., Russia, and Ukraine with the 2016 breach of the SEC’s online corporate filing portal exploited to execute trades based on non-public information
January 2019. Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers as well as government entities in the Middle East, Europe, and North America.
January 2019. Hackers release the personal details, private communications, and financial information of hundreds of German politicians, with targets representing every political party except the far-right AfD.
December 2018. North Korean hackers targeted the Chilean interbank network after tricking an employee into installing malware over the course of a fake job interview
December 2018. Chinese hackers were found to have compromised the EU’s communications systems, maintaining access to sensitive diplomatic cables for several years
December 2018. North Korean hackers stole the personal information of almost 1,000 North Korean defectors living in South Korea
December 2018. The United States, in coordination with Australia, Canada, the UK, and New Zealand, accused China for conducting a 12-year campaign of cyber espionage targeting the IP and trade secrets of companies across 12 countries. The announcement was tied to the indictment of two Chinese hackers associated with the campaign.
December 2018. U.S. Navy officials report that Chinese hackers had repeatedly stolen information from Navy contractors including ship maintenance data and missile plans.
December 2018. Security researchers discover a cyber campaign carried out by a Russia-linked group targeting the government agencies of Ukraine as well as multiple NATO members
December 2018. Researchers report that a state-sponsored Middle Eastern hacking group had targeted telecommunications companies, government embassies, and a Russian oil company located across Pakistan, Russia, Saudi Arabia, Turkey, and North America
December 2018. Italian oil company Saipem was targeted by hackers utilizing a modified version of the Shamoon virus, taking down hundreds of the company’s servers and personal computers in the UAE, Saudi Arabia, Scotland, and India
December 2018. North Korean hackers have reportedly targeted universities in the U.S. since May, with a particular focus on individuals with expertise in biomedical engineering
December 2018. The Security Service of Ukraine blocked an attempt by the Russian special services to disrupt the information systems of Ukraine’s judicial authority
December 2018. The Czech security service announced that Russian intelligence services were discovered to have been behind attacks against the Czech foreign ministry in 2017
December 2018. Chinese hackers breached the systems of an American hotel chain, stealing the personal information of over 500 million customers
November 2018. German security officials announced that a Russia-linked group had targeted the email accounts of several members of the German parliament, as well as the German military and several embassies
November 2018. Security researchers report that Russia launched coordinated cyber attacks against Russian government and military targets before and during the attack on Ukrainian ships in late November
November 2018. Researchers reveal that a Mexican government-linked group used spyware to target the colleagues of a slain journalist investigating drug cartels
November 2018. Security researchers discover a cyberespionage campaign targeting government websites of Lebanon and the UAE
November 2018. The U.S. Justice Department indicted two Iranians for the ransomware attack affecting Atlanta’s government earlier in 2018
November 2018. Chinese state media reports that the country had been the victim of multiple attacks by foreign hackers in 2018, including the theft of confidential emails, utility design plans, lists of army units, and more
November 2018. North Korean hackers were found to have used malware to steal tens of millions of dollars from ATMs across Asia and Africa
November 2018. Security researchers report that Russian hackers impersonating U.S. State Department officials attempted to gain access to the computer systems of military and law enforcement agencies, defense contractors, and media companies
November 2018. Ukraine’s CERT discovered malware in the computer systems of Ukraine state agencies believed to be implanted as a precursor for a future large-scale cyber attack
November 2018. Researchers discover that a Chinese cyberespionage group targeted a UK engineering company using techniques associated with Russia-linked groups in an attempt to avoid attribution
November 2018. The Pakistani Air Force was revealed to have been targeted by nation-state hackers with access to zero-day exploits
November 2018. Security researchers identify an Iranian domestic surveillance campaign to monitor dissent targeting Telegram and Instagram users
November 2018. Australian defense shipbuilder Austal announced it had been the victim of a hack resulting in the theft of unclassified ship designs which were later sold online
October 2018. The head of Iran’s civil defense agency announced that the country had recently neutralized a new, more sophisticated version of Stuxnet
October 2018. The U.S. Department of Justice indicted Chinese intelligence officers and hackers working for them for engaging in a campaign to hack into U.S. aerospace companies and steal information
October 2018. Security researchers link the malware used to attack a petrochemical plant in Saudi Arabia to a research institute run by the Russian government.
October 2018. U.S. defense officials announced that Cyber Command had begun targeting individual Russian operatives to deter them from interfering in the 2018 midterm elections.
October 2018. Media reports state than U.S. agencies warned President Trump that that China and Russia eavesdropped on call made form an unsecured phone.
October 2018. News reports reveal that the Israel Defense Force requested that cybersecurity companies develop proposals for monitoring the personal correspondence of social media users.
October 2018. The U.S. Department of Homeland Security announces that it has detected a growing volume of cyber activity targeting election infrastructure in the U.S. ahead of the 2018 midterm elections.
October 2018. The Centers for Medicare and Medicaid Services announced that hackers had compromised a government computer system, gaining access to the personal data of 75,000 people ahead of the start of ACA sign-up season.
October 2018. The Security Service of Ukraine announced that a Russian group had carried out an attempted hack on the information and telecommunication systems of Ukrainian government groups
October 2018. The U.S. Justice Department announces criminal charges against seven GRU officers for multiple instances of hacking against organizations including FIFA, Westinghouse Electric Company, the Organisation for the Prohibition of Chemical Weapons, and the U.S. and World Anti-Doping Agencies.
September 2018. Security researchers found that a Russian hacking group had used malware to target the firmware of computers at government institutions in the Balkans and in Central and Eastern Europe.
September 2018. In a letter to Senate leaders, Sen. Ron Wyden revealed that a major technology company had alerted multiple Senate offices of attempts by foreign government hackers to gain access to the email accounts of Senators and their staff
September 2018. Researchers report that 36 different governments deployed Pegasus spyware against targets in at least 45 countries, including the U.S., France, Canada, and the UK.
September 2018. The U.S. State Department suffers a breach of one of its unclassified email systems, exposing the personal information of several hundred employees.
September 2018. Swiss officials reveal that two Russian spies caught in the Netherlands had been preparing to use cyber tools to sabotage the Swiss defense lab analyzing the nerve agent used to poison former Russian Agent Sergei Skripal.
September 2018. Security researchers find that Iranian hackers have been surveilling Iranian citizens since 2016 as part of a mobile spyware campaign directed at ISIS supporters and members of the Kurdish ethnic group.
September 2018. Russian hackers targeted the email inboxes of religious leaders connected to Ukraine amid efforts to disassociate Ukraine’s Orthodox church from its association with Russia.
September 2018. The U.S. Department of Justice announces the indictment and extradition of a Russian hacker accused of participating in the hack of JP Morgan Chase in 2014, leading to the theft of data from over 80 million customers.
September 2018. The U.S. Department of Justice announces the indictment of Park Jin Hyok, a North Korean Hacker allegedly involved in the 2014 Sony hack, the 2016 theft of $81 million from a Bangladeshi bank, and the WannaCry ransomware attacks.
September 2018. Researchers reveal a new cyber espionage campaign linked to attacks against Vietnamese defense, energy, and government organizations in 2013 and 2014.
August 2018. North Korean hackers stole $13.5 million from India’s Cosmos Bank after breaking into the bank’s system and authorizing thousands of unauthorized ATM withdrawals, as well as several illegal money transfers through the SWIFT financial network.
August 2018. Security researchers report that Iranian hackers had targeted the websites and login pages of 76 universities in 14 countries. The attackers stole the credentials of users who attempted to sign in, gaining access to library resources for the purposes of intellectual property theft.
August 2018. Facebook identified multiple new disinformation campaigns on its platform sponsored by groups in Russia and Iran. The campaigns targeted users in the U.S., Latin America, Britain, and the Middle East, and involved 652 fake accounts, pages, and groups.
August 2018. Microsoft announces that Russian hackers had targeted U.S. Senators and conservative think tanks critical of Russia.
July 2018. Security researchers report that an Iranian hacking group had been targeting the industrial control systems of electric utility companies in the U.S., Europe, East Asia, and the Middle East.
July 2018. The Department of Homeland Security reveal that a campaign by Russian hackers in 2017 had compromised the networks of multiple U.S. electric utilities and put attackers in a position where they could have caused blackouts.
July 2018. Senator Claire McCaskill reveals that her 2018 re-election campaign was targeted by hackers affiliated with Russia’s GRU intelligence agency. Attackers unsuccessfully targeted staffers in the Senator’s office with phishing emails designed to harvest their passwords.
July 2018. Researchers report that a hacking group linked to Iran has been active since early 2017 targeting energy, government, finance, and telecommunications entities in the Middle East.
July 2018. Microsoft reveals that Russian hackers had targeted the campaigns of three Democratic candidates running for the 2018 midterm elections.
July 2018. Russian hackers were found to have targeted the Italian navy with malware designed to insert a backdoor into infected networks.
July 2018. Security researchers detect a spike in hacking attempts against IoT devices in Finland during the run-up President Trump’s summit with Vladimir Putin in Helsinki. The majority of attacks originated in China.
July 2018. Singapore’s largest healthcare institution was targeted by state-sponsored hackers, leading to the leakage of personal information for 1.5 million patients, along with prescription details for 160,000 others.
July 2018. Ukrainian intelligence officials claim to have thwarted a Russian attack on the network equipment of a chlorine plant in central Ukraine. The virus used in the attack is the same malware responsible for the infection of 500,000 routers worldwide in a campaign the FBI linked to state-sponsored Russian hackers.
July 2018. The U.S. Department of Justice announced the indictments of 12 Russian intelligence officers for carrying out large-scale cyber operations against the Democratic Party in advance of the 2016 Presidential election. The officers’ alleged crimes included the theft and subsequent leakage of emails from the Democratic National Committee and Hillary Clinton campaign, and the targeting of election infrastructure and local election officials in an attempt to interfere with the election.
July 2018. Security researchers report that Chinese hackers had been actively spying on political actors on both sides of the upcoming Cambodian elections. Targets include the country’s National Election Commission, several government ministries, the Cambodian Senate, at least one Member of Parliament, and multiple media outlets and human rights activists.
July 2018. Hackers targeted the campaigns of at least two local Democratic candidates during 2018’s primary season, reportedly using DDoS attacks to disrupt campaign websites during periods of active fundraising and positive news publicity.
July 2018. Australian National University (ANU) was found to have been breached by Chinese hackers in an attack believed to be motivated by a desire to siphon intellectual property from the institution.
June 2018. Marketing data firm Exactis suffered a data breach exposing the information of 340 million people, including their political preferences, browsing habits, and purchase data.
June 2018. Ukraine police claim that Russian hackers have been systematically targeting Ukrainian banks, energy companies, and other organizations to establish backdoors in preparation for a wide-scale strike against the country.
June 2018. Chinese hackers were found to be engaged in a cyber espionage campaign to collect data from satellite, telecom, and defense organizations in the U.S. and Southeast Asia.
June 2018. A Russian hacking group linked to disrupting the Peyongchang Olympics targeted individuals in France, Germany, Switzerland, Russia, and Ukraine linked to a biochemical threat conference organized by a company involved in the investigation of the poisoning of Sergei Skripal in March 2018.
June 2018. A Chinese hacking group targeted a national data center in a Central Asian country, preparing a watering hole attack to inject malicious code onto other government websites connecting to the data center.
June 2018. Researchers reveal that North Korean hackers targeted a South Korean think tank focused on national security issues. The hackers used a zero-day exploit to compromise the organization’s website and insert a backdoor for injecting code.
June 2018. The U.S. Treasury Department announced sanctions against five Russian companies and three individuals for enabling Russian intelligence and military units to conduct cyberattacks against the U.S.
June 2018. Chinese government hackers compromised the networks of a U.S. Navy contractor, stealing 614 GB of data related to weapons, sensor, and communication systems under development for U.S. submarines.
May 2018. Cyber security researchers reported that North Korean hackers had been targeting defectors through compromised Android apps hosted through the Google Play market, stealing device information and allowing the insertion of executable code stealing photos, contact lists, and text messages.
May 2018. Security researchers reveal that the Pakistani military used Facebook Messenger to distribute spyware to targets in the Middle East, Afghanistan, and India in an attempt to compromise government officials, medical professionals, and others.
May 2018. Turkish government hackers were discovered to be using surveillance software FinFisher to infect Turkish dissidents and protesters.
May 2018. An unknown group of hackers stole between $18 and $20 million dollars from Mexican banks by exploiting the SWIFT transfer system, submitting a series of false transfer orders to phantom accounts in other banks and emptying the accounts in dozens of branch offices.
May 2018. Within 24 hours of President Trump’s announcement that the US would withdraw from the Iran nuclear agreement, security firms reported increases in Iranian hacking activity, including the sending of emails containing malware to diplomats in the Foreign Affairs ministries of US allies, as well as global telecommunication companies.
May 2018. Researchers reveal that a hacking group connected to Russian intelligence services had been conducting reconnaissance on the business and ICS networks of electric utilities in the US and UK since May 2017.
April 2018. Security researchers report that an Indian hacking group had been targeting government agencies and research institutions in China and Pakistan since 2013.
April 2018. Cyber security researchers reveal that North Korean hackers targeted critical infrastructure, finance, healthcare, and other industries in 17 countries using malware resembling the code used in the 2014 Sony Pictures attack.
April 2018. Israeli cyber researchers revealed that Hamas had planted spyware in mobile phones owned by members of Fatah, a rival Palestinian faction
April 2018. Reports from cyber security researchers indicate that Chinese state-sponsored hacking groups have targeted Japanese defense companies in an attempt to gain information on Tokyo’s policies towards North Korea
April 2018. US and UK officials issued a joint warning that Russia was deliberately targeting western critical infrastructure by compromising home and business routers
April 2018. The director of the UK’s Government Communications Headquarters (GCHQ) announced that the organization had been conducting offensive cyber operations against ISIS to suppress their propaganda, disrupt their coordination, and protect deployed military personnel
April 2018. The chief of Germany’s domestic intelligence services accused Russia of being behind the December 2017 attack on the government’s computer networks
April 2018. The UK’s National Cyber Security Centre released an advisory note warning that Russian state actors were targeting UK critical infrastructure by infiltrating supply chains
April 2018. All government services of Sint. Maarten, a Caribbean island and constitute country of the Netherlands, were taken offline for a week after a cyber attack. According to local authorities, this is the third cyber attack the country has faced in just over a year.
April 2018. The North Korean hacking group responsible for the SWIFT attacks was found to have targeted a Central American online casino in an attempt to siphon funds
March 2018. Online services for the city of Atlanta were disrupted after a ransomware attack struck the city’s networks, demanding $55,000 worth of bitcoin in payment. The city would eventually spend approximately $2.6 million recovering from the attack.
March 2018. Baltimore’s 911 dispatch system was taken down for 17 hours after a ransomware attack, forcing the city to revert to manual dispatching of emergency services
March 2018. The US Departments of Justice and Treasury accused Iran in an indictment of stealing intellectual property from more than 300 universities, as well as government agencies and financial services companies.
March 2018. The FBI and Department of Homeland Security issued a joint technical alert to warn of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water, aviation, and manufacturing facilities.
March 2018. A data breach of the company Under Armor compromised the information of 150 million users of its fitness and nutrition tracking app MyFitnessPal
March 2018. Cybersecurity researchers reveal that a Chinese hacking group used malware to attack the service provider for the UK government in an attempt to gain access to contractors at various UK government departments and military organizations
March 2018. Cybersecurity researchers announce evidence that the same North Korean hacking group linked to the SWIFT financial network attacks has been targeting several major Turkish banks and government finance agencies.
March 2018. A UN report details attempts by North Korean hackers to compromise email accounts of the members of a UN panel enforcing trade sanctions against North Korea.
February 2018. German news reported that a Russian hacking group had breached the online networks of Germany’s foreign and interior ministries, exfiltrating at least 17 gigabytes of data in an intrusion that went undetected for a year.
February 2018. The Justice Department indicted 13 Russians and three companies for their online efforts to interfere in the 2016 US presidential elections.
February 2018. The US and UK formally blame Russia for the June 2017 NotPetya ransomware attack that caused billions of dollars in damages across the world.
February 2018. A cyberattack on the Pyeongchang Olympic Games attributed to Russia took the official Olympic website offline for 12 hours and disrupted wifi and televisions at the Pyeongchang Olympic stadium.
February 2018. Officials at the Department of Homeland Security confirmed that Russian hackers successfully penetrated the voter registration rolls of several US states prior to the 2016 election.
January 2018. China denied that the computer network it supplied to the African Union allowed it access the AU’s confidential information and transfer it to China, or that it had bugged offices in the AU headquarters that it had built.
January 2018. A Japan-based cryptocurrency exchange reveals that it lost $530 million worth of the cryptocurrency NEM in a hack, in what amounts to possibly the largest cryptocurrency heist of all time.
January 2018. Norwegian officials discover a “very professional” attempt to steal patient data from a Norwegian hospital system, in an attack they speculate was connected to the upcoming NATO Trident Juncture 18 military exercise.
January 2018. A hacking group with ties to the Lebanese General Directorate of General Security was revealed to have been involved in a six-year campaign to steal text messages, call logs, and files from journalists, military officers, corporations, and other targets in 21 countries worldwide.
January 2018. The Unique Identification Authority of India and its Aadhaar system are hacked by unknown actors, resulting in the personal data of more than 1 billion people being available for purchase.