List of cyber-attacks
A cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.
This article contains a list of cyber-attacks.
Indiscriminate attacks
These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.
- Operation Shady RAT
- World of Hell
- Red October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.[1]
Destructive attacks
These attacks relate to inflicting damage on specific organizations.
- Great Hacker War, and purported "gang war" in cyberspace
- LulzRaft, hacker group known for a low impact attack in Canada
- Operation Ababil, conducted against American financial institutions
- TV5Monde April 2015 cyberattack
- Vulcanbot
- Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.[2][3]
- Wiper – in December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.[4][5]
- Stuxnet - A malicious computer worm believed to be a jointly built American-Israeli cyber weapon. Designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents .
Cyberwarfare
These are politically motivated destructive attacks aimed at sabotage and espionage.
- 2007 cyberattacks on Estonia, wide ranging attack targeting government and commercial institutions
- 2010 cyberattacks on Burma, related to the 2010 Burmese general election
- 2010 Japan–South Korea cyberwarfare
- 2013 Singapore cyberattacks, attack by Anonymous "in response to web censorship regulations in the country, specifically on news outlets"
- #OpIsrael, a broad "anti-Israel" attack
- Cyberattacks during the Russo-Georgian War
- July 2009 cyber attacks, against South Korea and United States
- Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted by the United States
Government espionage
These attacks relate to stealing information from/about government organizations.
- 2008 cyberattack on United States, cyber espionage targeting U.S. military computers
- Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information
- GhostNet
- Moonlight Maze
- Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran
- Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
- Shadow Network, attacks on India by China
- Titan Rain, targeting defense contractors in the United States
- Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.[6]
- Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.[7]
- Office of Personnel Management data breach—Dec 2014 breach of data on U.S. government employees
- A six-month-long cyber-attack on the German parliament for which the Sofacy Group is suspected took place in December 2014.[8]
- The Sofacy Group is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.[9][10][11][12] Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as Germany's next federal election due in September 2017.[9]
Corporate espionage
These attacks relate to stealing data from corporations related to proprietary methods or emerging products/services.
- Operation Aurora
- Operation Socialist, UK obtaining information from Belgian telecom company on call information
- Sony Pictures Entertainment hack
Stolen e-mail addresses and login credentials
These attacks relate to stealing login information for specific web resources.
- 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
- Gawker – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.[13]
- IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.[14]
- LivingSocial – in 2014 the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.[15]
- Adobe – in 2013, Hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.[16] It attacked 150 million customers.[16]
- RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
- Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts.[17] Again in January 2013[18] and in January 2014[19]
Stolen credit card and financial data
- 2016 Indian Banks data breach- It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.[20]
- 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers
- MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked.[21][22][23][24]
- VISA and MasterCard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards.[25][26]
- Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts.[27]
- StarDust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.[28]
- Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach.[29][30][31] According to another estimate, it compromised as many as 110 million Target customers.[32]
- Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected.[33][34]
- Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.[35]
Stolen medical-related data
- By May, three healthcare payer organizations had been attacked in the United States in 2014 and 2015: Anthem, Premera Blue Cross and CareFirst. The three attacks together netted information on more than 91 million people.[36]
Hacktivism
See also
References
- ↑ Goodin, Dan (January 14, 2013). "Massive espionage malware targeting governments undetected for 5 years". Ars Technica. Retrieved November 8, 2014.
- ↑ Perloth, Nicole (October 24, 2012). "Cyberattack On Saudi Firm Disquiets U.S.". New York Times. pp. A1. Retrieved October 24, 2012.
- ↑ Goodin, Dan (August 16, 2012). "Mystery malware wreaks havoc on energy sector computers". Ars Technica. Retrieved November 8, 2014.
- ↑ "Iranian Oil Sites Go Offline Amid Cyberattack". The New York Times. April 23, 2012. Retrieved November 8, 2014.
- ↑ Goodin, Dan (August 29, 2012). "The perfect crime: Is Wiper malware connected to Stuxnet, Duqu?". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (May 21, 2013). "Chinese hackers who breached Google reportedly targeted classified data". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (August 9, 2012). "Nation-sponsored malware with Stuxnet ties has mystery warhead". Ars Technica. Retrieved November 8, 2014.
- ↑ "Russian Hackers Suspected In Cyberattack On German Parliament". London South East. Alliance News. June 19, 2015.
- 1 2 "Hackers lurking, parliamentarians told". Deutsche Welle. Retrieved 21 September 2016.
- ↑ "Hackerangriff auf deutsche Parteien". Süddeutsche Zeitung. Retrieved 21 September 2016.
- ↑ Holland, Martin. "Angeblich versuchter Hackerangriff auf Bundestag und Parteien". Heise. Retrieved 21 September 2016.
- ↑ "„Wir haben Fingerabdrücke"". Frankfurter Allgemeine. Retrieved 21 September 2016.
- ↑ Gawker rooted by anonymous hackers, December 13, 2010, Dan Goodin, The Register, retrieved at 2014-11-08
- ↑ Goodin, Dan (September 25, 2012). "Trade group exposes 100,000 passwords for Google, Apple engineers". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (April 27, 2013). "Why LivingSocial's 50-million password breach is graver than you may think". Ars Technica. Retrieved November 8, 2014.
- 1 2 Howley, Daniel (July 1, 2016). "7 biggest hacks". Yahoo Tech. Retrieved 1 July 2016.
- ↑ Goodin, Dan (July 12, 2012). "Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated)". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (January 31, 2013). "How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated)". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (January 31, 2014). "Mass hack attack on Yahoo Mail accounts prompts password reset". Ars Technica. Retrieved November 8, 2014.
- ↑ "3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit". The Economic Times. 20 October 2016. Retrieved 20 October 2016.
- ↑ Bangeman, Eric (June 20, 2005). "CardSystems should not have retained stolen customer data". Ars Technica. Retrieved November 8, 2014.
- ↑ "Lost Credit Data Improperly Kept, Company Admits". The New York Times. June 20, 2005. Retrieved November 8, 2014.
- ↑ Bangeman, Eric (June 23, 2005). "Scope of CardSystems-caused credit card data theft broadens". Ars Technica. Retrieved November 8, 2014.
- ↑ Jonathan M. Gitlin (July 22, 2005). "Visa bars CardSystems from handling any more transactions.". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (April 1, 2012). "After the hack: FAQ for breach affecting up to 10 million credit cards". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (March 30, 2012). ""Major" credit-card breach hits Visa, MasterCard (Updated)". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (September 18, 2012). "Two men admit to $10 million hacking spree on Subway sandwich shops". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (December 4, 2013). "Credit card fraud comes of age with advances in point-of-sale botnets". Ars Technica. Retrieved November 8, 2014.
- ↑ Farivar, Cyrus (December 19, 2013). "Secret Service investigating massive credit card breach at Target (Updated)". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (December 20, 2013). "Cards stolen in massive Target breach flood underground "card shops"". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (February 5, 2014). "Target hackers reportedly used credentials stolen from ventilation contractor". Ars Technica. Retrieved November 8, 2014.
- ↑ Goodin, Dan (January 16, 2014). "Point-of-sale malware infecting Target found hiding in plain sight". Ars Technica. Retrieved November 8, 2014.
- ↑ Gallagher, Sean (September 18, 2014). "Credit card data theft hit at least three retailers, lasted 18 months". Ars Technica. Retrieved November 8, 2014.
- ↑ http://krebsonsecurity.com/2014/07/banks-card-breach-at-goodwill-industries/
- ↑ Lemos, Robert (September 19, 2014). "Home Depot estimates data on 56 million cards stolen by cybercriminals". Ars Technica. Retrieved November 30, 2014.
- ↑ Dance, Scott (20 May 2015). "Cyberattack affects 1.1 million CareFirst customers". Baltim. Sun.