List of cyber-attacks

A cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

This article contains a list of cyber-attacks.

Indiscriminate attacks

These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.

• Operation Shady RAT
• World of Hell
• Red October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.^[1]

Destructive attacks

These attacks relate to inflicting damage on specific organizations.

• Great Hacker War, and purported "gang war" in cyberspace
• LulzRaft, hacker group known for a low impact attack in Canada
• Operation Ababil, conducted against American financial institutions
• TV5Monde April 2015 cyberattack
• Vulcanbot
• Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.^[2][3]
• Wiper – in December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.^[4][5]
• Stuxnet - A malicious computer worm believed to be a jointly built American-Israeli cyber weapon. Designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents .

Cyberwarfare

These are politically motivated destructive attacks aimed at sabotage and espionage.

• 2007 cyberattacks on Estonia, wide ranging attack targeting government and commercial institutions
• 2010 cyberattacks on Burma, related to the 2010 Burmese general election
• 2010 Japan–South Korea cyberwarfare
• 2013 Singapore cyberattacks, attack by Anonymous "in response to web censorship regulations in the country, specifically on news outlets"
• #OpIsrael, a broad "anti-Israel" attack
• Cyberattacks during the Russo-Georgian War
• July 2009 cyber attacks, against South Korea and United States
• Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted by the United States

Government espionage

These attacks relate to stealing information from/about government organizations.

• 2008 cyberattack on United States, cyber espionage targeting U.S. military computers
• Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information
• GhostNet
• Moonlight Maze
• Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran
• Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
• Shadow Network, attacks on India by China
• Titan Rain, targeting defense contractors in the United States
• Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.^[6]
• Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.^[7]
• Office of Personnel Management data breach—Dec 2014 breach of data on U.S. government employees
• A six-month-long cyber-attack on the German parliament for which the Sofacy Group is suspected took place in December 2014.^[8]
• The Sofacy Group is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.^{[9][10][11][12]} Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as Germany's next federal election due in September 2017.^[9]

Corporate espionage

These attacks relate to stealing data from corporations related to proprietary methods or emerging products/services.

• Operation Aurora
• Operation Socialist, UK obtaining information from Belgian telecom company on call information
• Sony Pictures Entertainment hack

Stolen e-mail addresses and login credentials

These attacks relate to stealing login information for specific web resources.

• 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption
• Gawker – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.^[13]
• IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members.^[14]
• LivingSocial – in 2014 the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users.^[15]
• Adobe – in 2013, Hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs.^[16] It attacked 150 million customers.^[16]
• RockYou – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts.
• Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts.^[17] Again in January 2013^[18] and in January 2014^[19]

Stolen credit card and financial data

• 2016 Indian Banks data breach- It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.^[20]
• 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers
• MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked.^{[21][22][23][24]}
• VISA and MasterCard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards.^[25][26]
• Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts.^[27]
• StarDust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.^[28]
• Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach.^[29][30][31] According to another estimate, it compromised as many as 110 million Target customers.^[32]
• Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected.^[33][34]
• Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.^[35]

Stolen medical-related data

• By May, three healthcare payer organizations had been attacked in the United States in 2014 and 2015: Anthem, Premera Blue Cross and CareFirst. The three attacks together netted information on more than 91 million people.^[36]

Hacktivism

See also

• List of data breaches

References