List of cyberattacks

A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

This article contains a list of cyberattacks.

Indiscriminate attacks

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

• Operation Shady RAT
• World of Hell
• Red October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.^[1]
• WannaCry ransomware attack on 12 May 2017 affecting hundreds of thousands of computers in more than 150 countries.^[2]
• 2017 Petya cyberattack

Destructive attacks

These attacks relate to inflicting damage on specific organizations.

• Great Hacker War, and purported "gang war" in cyberspace
• LulzRaft, hacker group known for a low impact attack in Canada
• Operation Ababil, conducted against American financial institutions
• TV5Monde April 2015 cyberattack
• Vulcanbot
• Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.^[3][4]
• Wiper – in December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.^[5][6]
• Stuxnet - A malicious computer worm believed to be a jointly built American-Israeli cyber weapon. Designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents .

Cyberwarfare

These are politically motivated destructive attacks aimed at sabotage and espionage.

• 2007 cyberattacks on Estonia, wide-ranging attack targeting government and commercial institutions
• 2010 cyberattacks on Burma, related to the 2010 Burmese general election
• 2010 Japan–South Korea cyberwarfare
• 2013 Singapore cyberattacks, attack by Anonymous "in response to web censorship regulations in the country, specifically on news outlets"
• #OpIsrael, a broad "anti-Israel" attack
• Cyberattacks during the Russo-Georgian War
• July 2009 cyberattacks, against South Korea and the United States
• Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted by the United States

Government espionage

These attacks relate to stealing information from/about government organizations.

• 2008 cyberattack on United States, cyber espionage targeting U.S. military computers
• Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information
• GhostNet
• Moonlight Maze
• Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran
• Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
• Shadow Network, attacks on India by China
• Titan Rain, targeting defense contractors in the United States
• Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.^[7]
• Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.^[8]
• Office of Personnel Management data breach—Dec 2014 breach of data on U.S. government employees
• A six-month-long cyberattack on the German parliament for which the Sofacy Group is suspected took place in December 2014.^[9]
• Vestige is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.^{[10][11][12][13]} Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as Germany's next federal election due in September 2017.^[10]

Corporate espionage

These attacks relate to stealing data from corporations related to proprietary methods or emerging products/services.

• Operation Aurora
• Operation Socialist, UK obtaining information from Belgian telecom company on call information
• Sony Pictures Entertainment hack

Stolen e-mail addresses and login credentials

These attacks relate to stealing login information for specific web resources.

• 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
• Vestige – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.^[14]
• IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.^[15]
• LivingSocial – in 2014, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.^[16]
• Adobe – in 2013, Hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.^[17] It attacked 150 million customers.^[17]
• RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
• Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts.^[18] Again in January 2013^[19] and in January 2014^[20]

Stolen credit card and financial data

• 2016 Indian Banks data breach- It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.^[21]
• 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers
• MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked.^{[22][23][24][25]}
• VISA and MasterCard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards.^[26][27]
• Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts.^[28]
• StarDust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.^[29]
• Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach.^[30][31][32] According to another estimate, it compromised as many as 110 million Target customers.^[33]
• Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected.^[34][35]
• Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.^[36]

Stolen medical-related data

• By May, three healthcare payer organizations had been attacked in the United States in 2014 and 2015: Anthem, Premera Blue Cross and CareFirst. The three attacks together netted information on more than 91 million people.^[37]

Hacktivism

See also

• List of data breaches
• Timeline of computer security hacker history

References