List of cyberattacks

From Wikipedia, the free encyclopedia

A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

Indiscriminate attacks[edit]

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

Destructive attacks[edit]

These attacks relate to inflicting damage on specific organizations.

Cyberwarfare[edit]

These are politically motivated destructive attacks aimed at sabotage and espionage.

Government espionage[edit]

These attacks relate to stealing information from/about government organizations:

Corporate espionage[edit]

These attacks relate to stealing data of corporations related to proprietary methods or emerging products/services.

Stolen e-mail addresses and login credentials[edit]

These attacks relate to stealing login information for specific web resources.

  • 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
  • Vestige (online store) – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.[18]
  • IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.[19]
  • LivingSocial – in 2014, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.[20]
  • Adobe – in 2013, hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.[21] It attacked 150 million customers.[21]
  • RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
  • Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts.[22] Again in January 2013[23] and in January 2014[24]
  • World Health Organization – in March 2020, hackers leaked information on login credentials from the staff members at WHO.[25] In response to cyberattacks, they stated that “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic.”[26]

Stolen credit card and financial data[edit]

Blockchain and cryptocurrencies[edit]

  • 2014 Mt. Gox exchange exploits
  • The DAO fork - in June 2016, users exploited a vulnerability in The DAO, a decentralized autonomous organization formed as a venture capital fund, to siphon a third of the fund's ether (about $50 million at the time of the hack).[44]
  • Poly Network exploit - in August 2021, anonymous hackers transferred over $610 million in cryptocurrencies to external wallets. Although it was one of the largest DeFi hacks ever, all assets were eventually returned over the following two weeks.[45]
  • Wormhole hack - in early February 2022, an unknown hacker exploited a vulnerability on the DeFi platform Wormhole, making off with $320 million in wrapped ether.[46][47]
  • Ronin Network hack - in March 2022, North Korean state-sponsored Lazarus Group used hacked private keys to withdraw $625 million in ether and USDC from the Ronin bridge,[48][49] an Ethereum sidechain built for the NFT-based video game Axie Infinity.
  • Nomad bridge hack - in early August 2022, hackers targeted a misconfigured smart contract in a "free-for-all" attack,[50] withdrawing nearly $200 million in cryptocurrencies from the Nomad cross-chain bridge.[51]
  • The Uncle Maker attack - an attack on Ethereum by the F2Pool mining pool, which lasted between 2020 and 2022, but was only discovered in 2022 by Aviv Yaish, Gilad Stern and Aviv Zohar.[52][53]
  • BNB Chain hack - in early October 2022, about $570 million in cryptocurrency was stolen from a bridge for the BNB Chain, a blockchain operated by the Binance exchange.[54] Because a majority of the tokens could not be transferred off-chain, the hacker ultimately made off with about $100 million.[55]

Stolen medical-related data[edit]

Ransomware attacks[edit]

Notable hacker groups conducting ransomware attacks:

Hacktivism[edit]

See also[edit]

References[edit]

  1. ^ Goodin, Dan (January 14, 2013). "Massive espionage malware targeting governments undetected for 5 years". Ars Technica. Retrieved November 8, 2014.
  2. ^ "WannaCry Ransomware: What We Know Monday". NPR.org. Retrieved 2017-05-15.
  3. ^ Perloth, Nicole (October 24, 2012). "Cyberattack On Saudi Firm Disquiets U.S." New York Times. pp. A1. Retrieved October 24, 2012.
  4. ^ Goodin, Dan (August 16, 2012). "Mystery malware wreaks havoc on energy sector computers". Ars Technica. Retrieved November 8, 2014.
  5. ^ "Iranian Oil Sites Go Offline Amid Cyberattack". The New York Times. April 23, 2012. Retrieved November 8, 2014.
  6. ^ Goodin, Dan (August 29, 2012). "The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?". Ars Technica. Retrieved November 8, 2014.
  7. ^ "Secret CIA assessment says Russia was trying to help Trump win White House". Washington Post. Retrieved 2019-04-01.
  8. ^ Goodin, Dan (May 21, 2013). "Chinese hackers who breached Google reportedly targeted classified data". Ars Technica. Retrieved November 8, 2014.
  9. ^ Goodin, Dan (August 9, 2012). "Nation-sponsored malware with Stuxnet ties has mystery warhead". Ars Technica. Retrieved November 8, 2014.
  10. ^ Sanders, Sam (June 4, 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR.
  11. ^ "Russian Hackers Suspected In Cyberattack On German Parliament". London South East. Alliance News. June 19, 2015.
  12. ^ a b "Hackers lurking, parliamentarians told". Deutsche Welle. Retrieved 21 September 2016.
  13. ^ "Hackerangriff auf deutsche Parteien". Süddeutsche Zeitung. Retrieved 21 September 2016.
  14. ^ Holland, Martin. "Angeblich versuchter Hackerangriff auf Bundestag und Parteien". Heise. Retrieved 21 September 2016.
  15. ^ Hemicker, Lorenz; Alto, Palo. ""Wir haben Fingerabdrücke"". Faz.net. Frankfurter Allgemeine. Retrieved 21 September 2016.
  16. ^ "In First Massive Cyberattack, China Targets Israel". Haaretz.
  17. ^ "Hackers breach Indian government emails multiple times". Arjun Ramprasad. Previewtech.net. June 30, 2021.
  18. ^ Gawker rooted by anonymous hackers, December 13, 2010, Dan Goodin, The Register, retrieved at 2014-11-08
  19. ^ Goodin, Dan (September 25, 2012). "Trade group exposes 100,000 passwords for Google, Apple engineers". Ars Technica. Retrieved November 8, 2014.
  20. ^ Goodin, Dan (April 27, 2013). "Why LivingSocial's 50-million password breach is graver than you may think". Ars Technica. Retrieved November 8, 2014.
  21. ^ a b Howley, Daniel (July 1, 2016). "7 biggest hacks". Yahoo Tech. Retrieved 1 July 2016.
  22. ^ Goodin, Dan (July 12, 2012). "Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated)". Ars Technica. Retrieved November 8, 2014.
  23. ^ Goodin, Dan (January 31, 2013). "How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated)". Ars Technica. Retrieved November 8, 2014.
  24. ^ Goodin, Dan (January 31, 2014). "Mass hack attack on Yahoo Mail accounts prompts password reset". Ars Technica. Retrieved November 8, 2014.
  25. ^ "Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike". Reuters. 24 March 2020.
  26. ^ "WHO reports fivefold increase in cyber attacks, urges vigilance". World Health Organization. Retrieved 29 April 2020.
  27. ^ "Equifax data breach". Federal Trade Commission. 8 September 2017. Retrieved December 10, 2017.
  28. ^ Shukla, Saloni; Bhakta, Pratik (20 October 2016). "3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit". The Economic Times. Retrieved 20 October 2016.
  29. ^ Gallagher, Sean (September 18, 2014). "Credit card data theft hit at least three retailers, lasted 18 months". Ars Technica. Retrieved November 8, 2014.
  30. ^ "Banks: Card Breach at Goodwill Industries – Krebs on Security".
  31. ^ Lemos, Robert (September 19, 2014). "Home Depot estimates data on 56 million cards stolen by cybercriminals". Ars Technica. Retrieved November 30, 2014.
  32. ^ Goodin, Dan (December 4, 2013). "Credit card fraud comes of age with advances in point-of-sale botnets". Ars Technica. Retrieved November 8, 2014.
  33. ^ Farivar, Cyrus (December 19, 2013). "Secret Service investigating massive credit card breach at Target (Updated)". Ars Technica. Retrieved November 8, 2014.
  34. ^ Goodin, Dan (December 20, 2013). "Cards stolen in massive Target breach flood underground "card shops"". Ars Technica. Retrieved November 8, 2014.
  35. ^ Goodin, Dan (February 5, 2014). "Target hackers reportedly used credentials stolen from ventilation contractor". Ars Technica. Retrieved November 8, 2014.
  36. ^ Goodin, Dan (January 16, 2014). "Point-of-sale malware infecting Target found hiding in plain sight". Ars Technica. Retrieved November 8, 2014.
  37. ^ Goodin, Dan (April 1, 2012). "After the hack: FAQ for breach affecting up to 10 million credit cards". Ars Technica. Retrieved November 8, 2014.
  38. ^ Goodin, Dan (March 30, 2012). ""Major" credit-card breach hits Visa, MasterCard (Updated)". Ars Technica. Retrieved November 8, 2014.
  39. ^ Goodin, Dan (September 18, 2012). "Two men admit to $10 million hacking spree on Subway sandwich shops". Ars Technica. Retrieved November 8, 2014.
  40. ^ Bangeman, Eric (June 20, 2005). "CardSystems should not have retained stolen customer data". Ars Technica. Retrieved November 8, 2014.
  41. ^ "Lost Credit Data Improperly Kept, Company Admits". The New York Times. June 20, 2005. Retrieved November 8, 2014.
  42. ^ Bangeman, Eric (June 23, 2005). "Scope of CardSystems-caused credit card data theft broadens". Ars Technica. Retrieved November 8, 2014.
  43. ^ Jonathan M. Gitlin (July 22, 2005). "Visa bars CardSystems from handling any more transactions". Ars Technica. Retrieved November 8, 2014.
  44. ^ Popper, Nathaniel (2016-06-17). "A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency". The New York Times. ISSN 0362-4331. Retrieved 2022-07-17.
  45. ^ Browne, Ryan (2021-08-23). "Hacker behind $600 million crypto heist returns final slice of stolen funds". CNBC. Retrieved 2022-07-17.
  46. ^ Faife, Corin (2022-02-03). "Wormhole cryptocurrency platform hacked for $325 million after error on GitHub". The Verge. Retrieved 2022-07-17.
  47. ^ "Wormhole Hack: Lessons From The Wormhole Exploit". Chainalysis. 2022-02-03. Retrieved 2022-07-17.
  48. ^ Browne, Ryan (2022-04-15). "U.S. officials link North Korean hackers to $615 million cryptocurrency heist". CNBC. Retrieved 2022-07-17.
  49. ^ "North Korea's Lazarus Group moves funds through Tornado Cash | TRM Insights". www.trmlabs.com. Retrieved 2022-07-17.
  50. ^ Twitter https://twitter.com/samczsun/status/1554252024723546112. Retrieved 2022-08-02. {{cite web}}: Missing or empty |title= (help)
  51. ^ Faife, Corin (2022-08-02). "Nomad crypto bridge loses $200 million in "chaotic" hack". The Verge. Retrieved 2022-08-02.
  52. ^ "NVD - CVE-2022-37450". nvd.nist.gov. Retrieved 2022-08-19.
  53. ^ admin_afhu (2022-08-10). "Hebrew University Researchers Uncover Proof of Ethereum Pool Miners Manipulation". American Friends of the Hebrew University. Retrieved 2022-08-19.
  54. ^ Howcroft, Elizabeth (2022-10-07). "Binance-linked blockchain hit by $570 million crypto hack". Reuters. Retrieved 2022-10-17.
  55. ^ Movement, Q. ai-Powering a Personal Wealth. "What Happened With The $570 Million Binance (BNB) Hack? And What Does It Really Mean For Crypto Investors?". Forbes. Retrieved 2022-10-17.
  56. ^ Dance, Scott (20 May 2015). "Cyberattack affects 1.1 million CareFirst customers". Baltim. Sun.
  57. ^ "Red Cross appeals to hackers after major cyberattack". TheJournal.ie. 2022-01-20. Retrieved 2022-01-22.
  58. ^ Alert (AA22-294A) #StopRansomware: Daixin Team