Photo: Adobe Stock

Significant Cyber Incidents

This timeline records significant cyber incidents since 2006. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.

Download the Full Incidents List

Below is a summary of incidents from over the last year. For the full list, click the download link above.

December 2019.  Microsoft won a legal battle to take control of 50 web domains used by a North Korean hacking group to target government employees, think tank experts, university staff, and others involved in nuclear proliferation issues

December 2019.  An alleged Chinese state-sponsored hacking group attacked government entities and managed service providers by bypassing the two-factor authentication used by their targets
December 2019. Chinese hackers used custom malware to target a Cambodian government organization
December 2019. Unknown hackers stole login credentials from government agencies in 22 nations across North America, Europe, and Asia
December 2019.  Iran announced that it had foiled a major cyber attack by a foreign government targeting the country’s e-government infrastructure
December 2019. A suspected Vietnamese state-sponsored hacking group attacked BMW and Hyundai networks
December 2019. Russian government hackers targeted Ukrainian diplomats, government officials, military officers, law enforcement, journalists, and nongovernmental organizations in a spear phishing campaign
November 2019. A Russian-speaking hacking group targeted a wide range of Kazakh individuals and organizations including government agencies, military personnel, foreign diplomats, journalists, dissidents, and others through a combination of spear phishing and physical device compromise.
November 2019. Microsoft security researchers found that in the last year, an Iranian hacker group carried out "password-spraying attacks" on thousands of organizations, but since October, have focused on the employees of dozens of manufacturers, suppliers, or maintainers of industrial control system equipment and software.
November 2019.  An alleged non-state actor targeted the UK Labour party with a major DDoS attack that temporarily took the party’s computer systems offline.
October 2019. An Israeli cybersecurity firm was found to have sold spyware used to target senior government and military officials in at least 20 countries by exploiting a vulnerability in WhatsApp.
October 2019. A state-sponsored hacking campaign knocked offline more than 2,000 websites across Georgia, including government and court websites containing case materials and personal data.
October 2019. India announced that North Korean malware designed for data extraction had been identified in the networks of a nuclear power plant.
October 2019. Suspected North Korean hackers attempted to steal credentials from individuals working on North Korea-related issues at the UN and other NGOs.
October 2019. The NSA and GCHQ found that a Russian cyberespionage campaign had used an Iranian hacking group’s tools and infrastructure to spy on Middle Eastern targets.
October 2019. Russian hackers engaged in a campaign since 2013 targeting embassies and foreign affairs ministries in several European countries.
October 2019. Iranian hackers targeted more than 170 universities around the world between 2013 and 2017, stealing $3.4 billion worth of intellectual property and selling stolen data to Iranian customers.
October 2019. Chinese hackers engaged in a multi-year campaign between 2010 and 2015 to acquire intellectual property from foreign companies to support the development of the Chinese C919 airliner.
October 2019. A Chinese government-sponsored propaganda app with more than 100 million users was found to have been programmed to have a backdoor granting access to location data, messages, photos, and browsing history, as well as remotely activate audio recordings. 
October 2019. The Moroccan government targeted two human rights activists using spyware purchased from Israel.
October 2019. A state-sponsored hacking group targeted diplomats and high-profile Russian speaking users in Eastern Europe. 
October 2019.  Chinese hackers targeted entities in Germany, Mongolia, Myanmar, Pakistan, and Vietnam,  individuals involved in UN Security Council resolutions regarding ISIS, and members of religious groups and cultural exchange nonprofits in Asia.
October 2019.  Iranian hackers conducted a series of attacks against the Trump campaign, as well as current and former U.S. government officials, journalists, and Iranians living abroad.
October 2019.  State-sponsored Chinese hackers were revealed to have conducted at least six espionage campaigns since 2013 against targets in Myanmar, Taiwan, Vietnam, Indonesia, Mongolia, Tibet, and Xinjiang. 
October 2019.  The Egyptian government conducted a series of cyberattacks against journalists, academics, lawyers, human rights activists, and opposition politicians.
October 2019.  Chinese hackers were found to have targeted government agencies, embassies, and other government-related embassies across Southeast Asia in the first half of 2019.  
September 2019. The United States carried out cyber operations against Iran in retaliation for Iran’s attacks on Saudi Arabia’s oil facilities. The operation affected physical hardware, and had the goal of disrupting Iran’s ability to spread propaganda.
September 2019.  Airbus revealed that hackers targeting commercial secrets engaged in a series of supply chain attacks targeting four of the company’s subcontractors.
September 2019.  A Chinese state-sponsored hacking group responsible for attacks against three U.S. utility companies in July 2019 was found to have subsequently targeted seventeen others.
September 2019.  Hackers with ties to the Russian government conducted a phishing campaign against the embassies and foreign affairs ministries of countries across Eastern Europe and Central Asia.
September 2019.  Alleged Chinese hackers used mobile malware to target senior Tibetan lawmakers and individuals with ties to the Dalai Lama.
September 2019.  North Korean hackers were revealed to have conducted a phishing campaign over the summer of 2019 targeted U.S. entities researching the North Korean nuclear program and economic sanctions against North Korea. 
September 2019. Iranian hackers targeted more than 60 universities in the U.S., Australia, UK, Canada, Hong Kong, and Switzerland in an attempt to steal intellectual property.
September 2019. Huawei accused the U.S. government of hacking into its intranet and internal information systems to disrupt its business operations.
August 2019. China used compromised websites to distribute malware to Uyghur populations using previously undisclosed exploits for Apple, Google, and Windows phones.
August 2019. Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer institutes to take information relating to cutting edge cancer research.
August 2019. North Korean hackers conducted a phishing campaign against foreign affairs officials in at least three countries, with a focus on those studying North Korean nuclear efforts and related international sanctions.
August 2019. Huawei technicians helped government officials in two African countries track political rivals and access encrypted communications.
August 2019. The Czech Republic announced that the country’s Foreign Ministry had been the victim of a cyberattack by an unspecified foreign state, later identified as Russia
August 2019. A suspected Indian cyber espionage group conducted a phishing campaign targeting Chinese government agencies and state-owned enterprises for information related to economic trade, defense issues, and foreign relations.
August 2019. Networks at several Bahraini government agencies and critical infrastructure providers were infiltrated by hackers linked to Iran
August 2019.  A previously unidentified Chinese espionage group was found to have worked since 2012 to gather data from foreign firms in industries identified as strategic priorities by the Chinese government, including telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies and the monitoring of dissidents in Hong Kong.
August 2019.  Russian hackers were observed using vulnerable IoT devices like a printer, VOIP phone, and video decoder to break into high-value corporate networks
August 2019.  A seven-year campaign by an unidentified Spanish-language espionage group was revealed to have resulted in the theft of sensitive mapping files from senior officials in the Venezuelan Army
July 2019. State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major U.S. utility companies
July 2019.  Capital One reveals that a hacker accessed data on 100 million credit card applications, including Social Security and bank account numbers. 
July 2019.  Encrypted email service provider ProtonMail was hacked by a state-sponsored group looking to gain access to accounts held by reporters and former intelligence officials conducting investigations of Russian intelligence activities.
July 2019.  Several major German industrial firms including BASF, Siemens, and Henkel announced that they had been the victim of a state-sponsored hacking campaign reported to be linked to the Chinese government
July 2019.  A Chinese hacking group was discovered to have targeted government agencies across East Asia involved in information technology, foreign affairs, and economic development.
July 2019.  The U.S. Coast Guard issued a warning after it received a report that a merchant vessel had its networks disrupted by malware while traveling through international waters
July 2019.  An Iranian hacking group targeted LinkedIn users associated with financial, energy, and government entities operating in the Middle East
July 2019.  Microsoft revealed that it had detected almost 800 cyberattacks over the past year targeting think tanks, NGOs, and other political organizations around the world, with the majority of attacks originating in Iran, North Korean, and Russia.
July 2019.  Libya arrested two men who were accused of working with a Russian troll farm to influence the elections in several African countries.
July 2019.  Croatian government agencies were targeted in a series of attacks by unidentified state sponsored hackers
July 2019.  U.S. Cybercommand issued an alert warning that government networks were being targeted with malware associated with a known Iran-linked hacking group
June 2019.  Western intelligence services were alleged to have hacked into Russian internet search company Yandex in late 2018 to spy on user accounts
June 2019.  Over the course of seven years, a Chinese espionage group hacked into ten international cellphone providers operating across thirty countries to track dissidents, officials, and suspected spies.
June 2019.  The U.S. announced it had launched offensive cyber operations against Iranian computer systems used to control missile and rocket launches.
June 2019.  Iran announced that it had exposed and helped dismantle an alleged CIA-backed cyber espionage network across multiple countries
June 2019.  U.S. officials reveal ongoing efforts to deploy hacking tools against Russian grid systems as a deterrent and warning to Russia
June 2019.  U.S. grid regulator NERC issued a warning that a major hacking group with suspected Russian ties was conducting reconnaissance into the networks of electrical utilities.
June 2019.  China conducted a denial of service attack on encrypted messaging service Telegram in order to disrupt communications among Hong Kong protestors
June 2019.  A suspected Iranian group was found to have hacked into telecommunications services in Iraq, Pakistan, and Tajikistan
June 2019.  Chinese intelligence services hacked into the Australian University to collect data they could use to groom students as informants before they were hired into the civil service.
May 2019.  Government organizations in two different Middle Eastern countries were targeted by Chinese state-sponsored hackers.
May 2019.  A Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines.
May 2019.  Iran developed a network of websites and accounts that were being used to spread false information about the U.S., Israel, and Saudi Arabia.
May 2019.  The Israeli Defense Forces launched an airstrike on the Hamas after they unsuccessfully attempted to hack Israeli targets.
May 2019.  Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.
April 2019.  Amnesty International’s Hong Kong office announced it had been the victim of an attack by Chinese hackers who accessed the personal information of the office’s supporters.
April 2019.  Ukrainian military and government organizations had been targeted was part of a campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared independence from Ukraine in 2014.
April 2019.  Hackers used spoofed email addresses to conduct a disinformation campaign in Lithuania to discredit the Defense Minister by spreading rumors of corruption.
April 2019.  The Finnish police probed a denial of service attack against the web service used to publish the vote tallies from Finland’s elections.
April 2019.   Iranian hackers reportedly undertook a hacking campaign against banks, local government networks, and other public agencies in the UK.
April 2019.  Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.
March 2019.  The Australian Signals Directorate revealed that it had conducted cyber attacks against ISIS targets in the Middle East to disrupt their communications in coordination with coalition forces.
March 2019.  An Iranian cyber espionage group targeted government and industry digital infrastructure in Saudi Arabia and the U.S.
March 2019.   State supported Vietnamese hackers targeted foreign automotive companies to acquire IP. 
March 2019.   Iran's intelligence service hacked into former IDF Chief and Israeli opposition leader Benny Gantz’ cellphone ahead of Israel’s April elections.
March 2019.  North Korean hackers targeted an Israeli security firm as part of an industrial espionage campaign.
March 2019.  Russian hackers targeted a number of European government agencies ahead of EU elections in May.
March 2019.  Indonesia’s National Election Commission reported that Chinese and Russian hackers had probed Indonesia’s voter database ahead of presidential and legislative elections in the country.
March 2019.  Civil liberties organizations claimed that government-backed hackers targeted Egyptian human rights activists, media, and civil society organizations throughout 2019.
March 2019.  The UN Security Council reported that North Korea has used state-sponsored hacking to evade international sanctions, stealing $670 million in foreign currency and cryptocurrency between 2015 and 2018.
March 2019.  Iranian hackers targeted thousands of people at more than 200 oil-and-gas and heavy machinery companies across the world, stealing corporate secrets and wiping data from computers.
March 2019.  Following an attack on Indian military forces in Kashmir, Pakistani hackers targeted almost 100 Indian government websites and critical systems. Indian officials reported that they engaged in offensive cyber measures to counter the attacks.
March 2019.  U.S. officials reported that at least 27 universities in the U.S. had been targeted by Chinese hackers as part of a campaign to steal research on naval technologies.
February 2019.  The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.
February 2019.  Prior to the Vietnam summit of Kim Jong Un and Donald Trump, North Korean hackers were found to have targeted South Korean institutions in a phishing campaign using documents related to the diplomatic event as bait.
February 2019.  U.S. Cybercommand revealed that during the 2018 U.S. midterm elections, it had blocked internet access to the Internet Research Agency, a Russian company involved in information operations against the U.S. during the 2016 presidential election.
February 2019.  A hacking campaign targeted Russian companies linked to state-sponsored North Korean hackers. 
February 2019. Hackers associated with the Russian intelligence services had targeted more than 100 individuals in Europe at civil society groups working on election security and democracy promotion. 
February 2019.  State-sponsored hackers were caught in the early stages of gaining access to computer systems of several political parties as well as the Australian Federal Parliament.
February 2019.  European aerospace company Airbus reveals it was targeted by Chinese hackers who stole the personal and IT identification information of some of its European employees.  
February 2019.  Norwegian software firm Visma revealed that it had been targeted by hackers from the Chinese Ministry of State Security who were attempting to steal trade secrets from the firm’s clients.
January 2019.  Hackers associated with the Russian intelligence services were found to have targeted the Center for Strategic and International Studies.
January 2019.  The U.S. Department of Justice announced an operation to disrupt a North Korean botnet that had been used to target companies in the media, aerospace, financial, and critical infrastructure sectors.
January 2019.  Former U.S. intelligence personnel were revealed to be working for the UAE to help the country hack into the phones of activists, diplomats, and foreign government officials
January 2019.  U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng Wanzhou alleging crimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets
January 2019.  Security researchers reveal that Iranian hackers have been targeting the telecom and travel industries since at least 2014 in an attempt to surveil and collect the personal information of individuals in the Middle East, U.S., Europe, and Australia
January 2019.  The U.S. Democratic National Committee revealed that it had been targeted by Russian hackers in the weeks after the 2018 midterm elections
January 2019.  South Korea’s Ministry of National Defense announced that unknown hackers had compromised computer systems at the ministry’s procurement office
January 2019.  The U.S. Securities and Exchange Commission charged a group of hackers from the U.S., Russia, and Ukraine with the 2016 breach of the SEC’s online corporate filing portal exploited to execute trades based on non-public information
January 2019.  Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers as well as government entities in the Middle East, Europe, and North America.
January 2019.  Hackers release the personal details, private communications, and financial information of hundreds of German politicians, with targets representing every political party except the far-right AfD.