Significant Cyber ​​Incidents (2023)

This timeline lists significant cyber incidents since 2006. We focus on government actions, espionage, and cyber attacks costing more than $1 million in damage. This is a living document. When we learn of a cyber incident, we add it in chronological order. If you think we have missed something, please send us an email.Strategictech@csis.org.

Below is a summary of the events of the past year. To view the full list, click the download link above.

December 2022.A US lawmaker predicted that spyware hackers by US government officials could number in the hundreds, including diplomats in various countries. This follows an investigation into how many devices in the US government are affected by spyware.

November 2022.The United Arab Emirates hired three former US military and intelligence officials to help the government break into computers in the US and other countries.

November 2022.Microsoft led cyberattacks in the transportation and logistics-related sectors in Ukraine and Poland on a Russian GRU hacker group. The campaign started at the end of September 2022.

November 2022.Hackers attacked Bahraini government websites with DDoS attacks ahead of the country's general and local elections.

November 2022.Iranian government-sponsored hackers compromised the US Merit Systems Protection Board and exploited the log4shell vulnerability in February 2022. After a network breach, the hackers installed log4shell mining software cryptocurrencies and used malware to steal sensitive data.

November 2022.Hackers damaged the Danish State Railways network after attacking an IT subcontractor's software test environment. The attack paralyzed train operations for several hours.

November 2022.A group of India-based hackers attacked Pakistani politicians, generals and diplomats using malware that gives the attacker access to computer cameras and microphones.

November 2022.State-sponsored hackers with possible ties to the Chinese government have been targeting several Asian countries in a spying operation since March 2022, compromising a digital certificate authority in one country.

November 2022.Hackers disabled Vanuatu government digital services in a cyber attack. The attack affected all government services and disabled government emails, websites and systems, with only partial access restored a month later. Australian sources said the hack was a ransomware attack.

November 2022.The hackers targeted the Guadalupe government and forced all government computers to shut down to "protect data" during the incident response and to see the scale of the attack.

November 2022.Indian hackers have been targeting Pakistani government entities, including the military and companies, since April 2020. The attacks allowed the hackers to infiltrate systems and gain access to computer controls.

November 2022.Suspected hackers with ties to China have been running a spying campaign against public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to the organizations.

November 2022.Actors linked to the Chinese state have intensified attacks against the smaller nations of Southeast Asia for the purposes of cyber espionage.

October 2022.In a ransomware attack, hackers targeted a communications platform in Australia that processes data from the Ministry of Defense. The government believes that the hackers breached sensitive government data in this attack.

October 2022. Russian official Vladimir Shin accused the US government and its allies of a coordinated campaign of cyber attacks against Russia. Shin cited comments by General Paul Nakasone confirming that the United States had "carried out a series of operations" in response to Russia's invasion of Ukraine.

October 2022. A Ukrainian newspaper published hacked data claiming to be confidential information from Russian defense contractors. The hackers responsible belong to an anti-Putin group in Russia.

October 2022.Hackers attacked the Bulgarian websites of the Presidential Administration, the Ministry of Defense, the Ministry of the Interior, the Ministry of Justice and the Constitutional Court in a DDoS attack. A pro-Russian hacker group claimed responsibility for the attack, saying it was punishment "for betraying Russia and supplying weapons to Ukraine."

October 2022. Hackers targeted several major US airports with a DDoS attack, affecting their websites. A group of pro-Russian hackers organized the attack before it took place.

October 2022. Pro-Russian hackers have claimed responsibility for an attack that brought down US websites, including those in Colorado, Kentucky and Mississippi.

October 2022. CISA, the FBI and the NSA announced that beginning in January 2021, state-sponsored hacking groups had long-term access to a defense company and compromised sensitive company data.

September 2022.Iranian hackers attacked Albanian computer systems, forcing the Albanian authorities to temporarily shut down the Total Information Management System, a service used to track people entering and leaving Albania. This attack came on the heels of Albania's decision to sever diplomatic ties with Iran, as well as US sanctions and NATO's condemnation of an Iranian cyberattack against Albania in July. In the July attack, Iranian actors deployed ransomware on Albanian government networks, destroying data and disrupting government services.

September 2022.A newly discovered group of hackers targeted telecommunications, Internet service providers and universities in the Middle East and Africa. The group installs malware platforms directly into system memory, bypassing native security solutions.

September 2022.Hackers targeted Montenegrin government networks, rendering key Montenegrin government websites and information platforms inaccessible. Montenegrin officials blamed Russia for the attack.

September 2022.Hackers attacked the website of the national parliament of Bosnia and Herzegovina, rendering the websites and servers inaccessible for several weeks.

September 2022.China has accused the US National Security Agency (NSA) of numerous cyberattacks against Northwest Polytechnic University in China. Authorities claim the NSA stole user data and infiltrated digital communication networks.

September 2022.The Anonymous group claimed responsibility for a series of cyberattacks against the Iranian government that shut down two key Iranian government websites and the websites of several state media organizations.

September 2022.The hackers targeted the Mexican Defense Secretariat and accessed six terabytes of data, including internal communications, criminal data, and data revealing Mexican surveillance of Ken Salazar, the US ambassador to Mexico. Mexican President Andrés Manuel López Obrador confirmed the authenticity of the data, including the personal health data that was released to the public.

September 2022.A group of Russian-based hackers attacked the website of British intelligence agency MI5 with a DDoS attack that temporarily took the site offline.

August 2022.The hackers breached the Italian energy agency Gestore dei Servizi Energetici (GSE), compromising servers, blocking access to systems, and blocking access to the GSE website for a week.

August 2022.Hackers used a DDoS attack to temporarily shut down the Taiwan Presidential Office website. The Taiwanese government blamed the attack on foreign hackers and said normal website operations resumed after 20 minutes. Taiwan's Ministry of Foreign Affairs also discovered that hackers had attacked its website and the main portal of the Taiwanese government.

August 2022.Hackers attacked the Finnish Parliament with a DDoS attack, making the parliamentary website inaccessible. A Russian group claimed responsibility for the attack on Telegram.

August 2022.The hackers targeted the website of the State Energy Agency of Ukraine, which is responsible for monitoring Ukraine's nuclear power plants. The agency said that Russian hackers carried out the attack.

August 2022.Hackers launched a DDoS attack on the Latvian Parliament's website, which temporarily disabled the website's server. A group of Russian hackers claimed responsibility for the attack on Telegram.

August 2022.The hackers targeted Greece's largest natural gas supplier, DESFA, leading to system failures and data disclosure.

August 2022.A Russian group has claimed responsibility for breaching a British private water company South Staffordshire Water and leaking files in a blackmail attempt.

August 2022.The hackers targeted Montenegrin government institutions and broke into the computer systems of various government agencies. Montenegro's defense minister said there was enough evidence to suspect that Russia was behind the attack.

August 2022.A DDoS campaign targeted the websites of state and private institutions in Estonia. Estonia claimed that the attack was largely repulsed and the impact was limited.

August 2022.Hackers used phishing emails to plant malware at government institutions and defense contractors in Eastern Europe in January 2022. A report by Russia-based Kaspersky linked the campaign to a Chinese hacker group.

July 2022.Hackers have targeted the Pakistan Air Force (PAF) in a spearfishing campaign to deploy malware and steal sensitive files. Pakistani and Chinese organizations claimed the attack came from hackers with ties to India.

July 2022.The hackers targeted Iran's Islamic Culture and Communications Organization (ICCO). The attack paralyzed at least 6 websites, posted images of Iranian resistance leaders on fifteen other websites, wiped databases and computers, and gave hackers access to sensitive ICCO data.

July 2022.A hacker claimed he obtained records of 1 billion Chinese from a Shanghai police database and put the data online for sale.

July 2022.The Belgian Foreign Ministry accused China of a cyber espionage campaign against Belgian targets, including the Belgian Interior and Defense ministries. A spokesman for the Chinese embassy in Belgium denied the allegations.

July 2022.The hackers targeted social media accounts belonging to the British Royal Army. The attack involved seizing the British Army's Twitter and YouTube accounts.

July 2022.Hackers targeted Lithuania's state energy company in a DDoS attack. Killnet, which Lithuanian authorities link to Russia, claimed responsibility for the attack.

July 2022.The hackers temporarily paralyzed the websites of the Albanian prime minister and parliament, as well as the e-Albania portal used to access public services.

July 2022.Hackers broke into a Ukrainian media outlet to broadcast to various radio stations that Ukrainian President Volodymyr Zelenskyy is in critical condition. Zelenskyy denied the allegations and blamed Russia for the attack.

July 2022.China said the United States stole 97 billion global Internet records and 124 billion phone records in June, specifically blaming the National Security Agency's (NSA) Adaptive Access Operations Office (TAO).

June 2022.Hackers targeted Lithuanian railways, airports, media companies and government departments with DDoS attacks. A Russian-backed group of hackers claimed responsibility for the attack.

June 2022.The FBI, the National Security Agency (NSA) and CISA announced that Chinese state-sponsored hackers have been attacking and breaching major telecommunications companies and network service providers since at least 2020.

June 2022.The hackers targeted former Israeli officials, military personnel, and a former US ambassador to Israel. An Israeli cybersecurity firm said Iran-affiliated actors used a phishing campaign to gain access to targets' inboxes, personal information and identification documents.

June 2022.Hackers targeted three Iranian steel companies, forcing the country's state-owned steelmaker to halt production.

June 2022.Hackers leaked files and photos known as the "Xinjiang Police Files," showing human rights abuses committed by the Chinese government against the Uyghur population.

June 2022.One attack targeted users of Australia's largest Chinese-language platform, Media Today. Hackers made more than 20 million attempts to reset user passwords in the platform's registration system.

June 2022.The hackers attacked the city's loudspeaker systems in Jerusalem and Eliat, triggering air-raid sirens in both cities. An Israeli industrial cybersecurity company blamed the attack on Iran.

June 2022.A China-linked disinformation campaign has targeted Australian miner Lynas Rare Earths. The campaign included the spread of misinformation on social media platforms and websites about the alleged environmental footprint of Lynas Rare Earths.

June 2022.The hackers made their way to Harmony's Horizon, a blockchain bridge, and accessed personal data that led to the theft of around $100 million. Blockchain analysis firm Elliptic has linked North Korea to the attack.

June 2022.A phishing campaign targeted US military, software, supply chain, healthcare, and pharmaceutical organizations to compromise Microsoft Office 365 and Outlook accounts.

June 2022.The hackers compromised the accounts of employees of Germany's Green Party, including those previously used by Annalena Baerbock and Robert Habeck, who now serve as foreign ministers and ministers for economic affairs and climate protection.

June 2022.Hackers attacked Norwegian public institutions with DDoS attacks and disrupted government websites. The Norwegian security agency NSM blamed the attack on pro-Russian hackers.

Mayo 2022.A DDoS attack targeted the Port of London Authority, forcing its website to go offline. A group linked to Iran claimed responsibility for the hack.

Mayo 2022.A phishing campaign targeted the Jordanian Ministry of Foreign Affairs. Investigators attributed the attack to an Iranian cyber espionage agent.

Mayo 2022.The Ethiopian Information Network Security Agency (INSA) said the hackers targeted the Grand Ethiopian Renaissance Dam (GERD). The Ethiopian Communications Security Agency thwarted the attacks before the hackers could gain access to the networks.

mayo 2022. Hackers attacked Greenland's healthcare system and caused network outages across the island. While an initial diagnosis found that the attack did not corrupt or expose citizen data, it severely crippled healthcare services.

mayo 2022. A group of Chinese hackers has been stealing intellectual property from US and European companies since 2019, largely undetected. Investigators believe the group has the support of the Chinese government.

Mayo 2022.According to the company, state-sponsored hackers shut down RuTube, the Russian version of YouTube.

mayo 2022. Russian hackers attacked Italian websites with a DDoS attack, including the Senate, the Ministry of Defense and the National Institute of Health. The group says its goal is to attack NATO countries and Ukraine.

April 2022.The Romanian National Directorate for Cybersecurity said several public and private sector websites were hit by DDoS attacks. Among the victims were the Ministry of Defence, the Border Police, the National Railway Company and the OTP Bank. A group blamed for the attack said on Telegram that it hacked the sites because Romania has supported Ukraine since the country was invaded by Russia.

April 2022.Cybersecurity researchers have identified a new hacking campaign with ties to Russia that began in January and targeted diplomats and embassy staff from France, Poland, Portugal and other countries. The attacks started with a phishing email to send a malware-laden file to the target.

April 2022.Iranian state television said the government thwarted cyberattacks targeting more than 100 public sector agencies. They did not provide any further information about the incident.

April 2022. Russian hackers targeted the Costa Rican Treasury Department in a cyberattack, crippling tax collection and export systems. Costa Rica's newly elected president declared a national emergency as a result of the attack and the group demanded a $20 million ransom or plans to release the stolen data.

April 2022.Hackers attacked members of the European Commission using spyware developed by NSO Group. A November notification from Apple to thousands of iPhone users that they were being attacked by state-sponsored actors drew the Commission's attention to the use of spyware.

April 2022.A North Korea-related hacking campaign that used phishing emails sent by fake employment agencies targeted chemical companies in South Korea.

April 2022.A Citizen Lab study found that actors used NSO Group spyware to target at least 65 Catalan activists and political figures.

April 2022.The US Treasury Department's Office of Foreign Assets Control blamed the March 29 Ronin Network hack on a group of North Korean hackers and announced sanctions against the hackers. The group stole more than $540 million worth of Ethereum and USDC.

April 2022.Hackers carried out DDoS attacks against the websites of the Finnish Ministry of Foreign Affairs and Defense. The attack botnet used more than 350 IP addresses from around the world and the denial of service lasted four hours.

April 2022.Hamas-linked cyber actors used a network of fake Facebook and Twitter profiles to monitor members of the Israeli security apparatus. The actors also used WhatsApp to gain the trust of their targets and then asked them to download an app that contained malware.

April 2022.Hackers targeted the Telegram accounts of Ukrainian government officials with a phishing attack to gain access to the accounts.

April 2022.Cyber ​​security researchers have observed hackers breaking into the networks of at least 7 Indian State Load Dispatch Centers (SLDCs) that oversee the operation of power grid controls. The SLDCs manage the SCADA systems and researchers have suggested that PLA-connected hackers may be involved.

April 2022.A social media platform has disrupted two Iran-linked cyber-espionage campaigns targeting activists, academics and private companies. The campaign targeted energy, semiconductor and telecommunications companies in countries including the United States, Israel, Russia and Canada, using phishing and other social engineering techniques.

April 2022.According to investigators, a group targeted several Ukrainian media organizations to gain long-term access to their networks and collect sensitive information. The group has links to the Russian GRU.

April 2022. The United States has removed Russian malware from computer networks around the world, a move announced by Attorney General Merrick B. Garland. While it's unclear what the malware's intent was, authorities noted that it could be used for anything from surveillance to destructive attacks. The malware created a botnet controlled by the Russian GRU.

April 2022. Hackers attacked a Ukrainian power plant, but CERT-UA and private sector support largely thwarted attempts to shut down substations in Ukraine. Researchers believe the attack came from the same GRU-linked Russian group that attacked Ukraine's power grid in 2016 using an updated form of the same malware.

April 2022:Hackers attacked the National Post Office of Ukraine with a DDoS attack days after the release of a new stamp honoring a Ukrainian border guard. The attack affected the agency's ability to operate its online store.

March 2022.Hackers used a DDoS attack to bring down the Marshall Islands National Telecommunications Authority. The attack disrupted internet services on the islands for more than a week.

March 2022.Pakistani government-linked hackers targeted Indian government officials in a spying operation. The group also created fake government and military websites to deliver malware to its targets.

March 2022.An attack on a satellite broadband service operated by the US company Viasat disrupted Internet services across Europe, including Ukrainian military communications at the start of the Russian invasion. The attackers hacked into the satellite modems of thousands of Europeans to disrupt the company's service.

March 2022.The hackers penetrated the websites of several Russian agencies, including the Department of Energy, the State Statistical Office, the Federal Penitentiary Service and the Federal Correctional Service. The websites displayed various anti-government and anti-theft images and messages before authorities could evict the trespassers.

March 2022.Hackers targeted Greenland's parliamentary authority in an apparent spying operation, forcing parliament to cancel sessions and delaying welfare payments.

March 2022.The China National Computer Network Emergency Response Coordination Center/Technical Team (CNCERT/CC) said US hackers had attacked Chinese computers to launch attacks against Russia, Ukraine and Belarus.

March 2022.The European Banking Authority was attacked using a vulnerability in Microsoft's mail server software, but no data was compromised. Several attacks exploiting this vulnerability have been attributed to a Chinese government-backed actor.

March 2022.The US Department of Justice indicted four Russian government officials involved in hacking campaigns that took place between 2012 and 2018. The attacks targeted companies and organizations with critical infrastructure, particularly in the energy sector. Hackers attempted to install backdoors and insert malware into the operating technology of their targets.

March 2022.According to Russia's Ministry of Communications and Digital Development, the hackers defaced and disrupted several Russian government and state media websites. The Emergencies Ministry website was hacked and the attackers wrote messages encouraging Russian soldiers to defect. Tass, a state news agency, was also hacked, with the hackers urging people to "take to the streets against the war."

March 2022.The National Research Council, Canada's largest government-funded research agency, said its networks had been breached by hackers. An announcement on the Council's website explained that parts of its online presence went offline as a result of this incident.

March 2022.Chinese government-linked hackers penetrated the networks of government agencies in at least 6 different US states in a spying operation. Hackers exploited the Log4j vulnerability to access networks, as well as several other vulnerable Internet-facing web applications.

March 2022.Hackers used a DDoS attack to attack a major Israeli telecom operator. As a result, several Israeli government websites were taken down.

February 2022.Investigators identified campaigns by two North Korean government-backed groups targeting employees of various media, fintech, and software companies. Hackers used phishing emails advertising fake jobs and exploited a vulnerability in Google Chrome to compromise company websites and distribute malware.

February 2022.The websites of the Cabinet of Ministers and the Ministries of Foreign Affairs, Infrastructure and Education of Ukraine were disrupted days before Russian troops invaded Ukraine. Wiper malware was also used to penetrate the networks of a Ukrainian financial institution and two government contractors.

February 2022.A Beijing-based cybersecurity firm has accused the US National Security Agency of developing a backdoor to monitor businesses and governments in more than 45 countries around the world. A Foreign Ministry spokesman said operations like this could threaten the security of China's critical infrastructure and compromise trade secrets.

February 2022.On February 15, a DDoS attack brought down websites belonging to the Ukrainian Ministry of Defense and two of the country's largest banks. The US and UK blame the attack on the Russian GRU. The Ukrainian Cyber ​​Police claimed that the attack was related to another "information attack", in which Ukrainian citizens received spam text messages claiming that ATMs were not working.

February 2022.A Beijing-based cybersecurity firm has accused the US National Security Agency of developing a backdoor to monitor businesses and governments in more than 45 countries around the world. A Foreign Ministry spokesman said operations like this could threaten the security of China's critical infrastructure and compromise trade secrets.

February 2022.A Pakistani group used a remote access Trojan to conduct espionage against Indian military and diplomatic targets. The group often uses social engineering and/or USB-based worms to break into a network.

February 2022.An Iran-affiliated group carried out espionage and other malicious cyber operations against a variety of private companies and local and federal governments.

February 2022.Between January 2020 and February 2022, state-sponsored Russian actors raided several US defense contractors. The hackers extracted sensitive emails and data related to the companies' export-controlled products, as well as proprietary information and interactions with foreign governments.

February 2022.Several oil terminals in some of Europe's largest ports in Belgium and Germany have been the victims of a cyber attack, preventing them from processing incoming barges. A ransomware strain linked to a group of Russian-speaking hackers was used to disrupt payment processing at energy companies.

February 2022.Since October 2021, a group of hackers has been targeting Palestinian individuals and organizations with malware. Investigators suspect the operation may be linked to a broader campaign by a hacking group widely attributed to Hamas's cyber arm that began in 2017.

February 2022.A UN report indicates that North Korean hackers stole more than $50 million from three cryptocurrency exchanges between 2020 and mid-2021. The report also added that this amount is likely to have increased in 2021 as the DPRK launched seven attacks on cryptocurrency platforms to finance its nuclear. program in the midst of a major sanctions regime.

February 2022.An investigation led by Mandiant found that Chinese government-linked hackers had compromised the email accounts of Wall Street Journal journalists. Hackers allegedly monitored and extracted data from the newspaper for more than two years, starting at least in February 2020.

February 2022.The networks of the British Foreign Office have been hacked. All details of the incident remain confidential.

January 2022.A group of Chinese hackers attacked several German pharmaceutical and technology companies. According to the federal government, the attack on the networks of service providers and companies was primarily an attempt to steal intellectual property.

January 2022.Hackers disrupted Internet traffic to and from North Korea twice in two weeks in what researchers say was likely a series of DDoS attacks. The second attack came shortly after North Korea's fifth missile test of the month.

January 2022.Hackers broke into the Canadian Department of Foreign Affairs and disrupted some of the department's Internet-connected services. The attack came a day after the government issued an alert to strengthen network security in anticipation of Russian cyberattacks on critical infrastructure.

January 2022.A series of DDoS attacks targeted a high-stakes Minecraft tournament and ended up affecting Andorra Telecom, the only ISP in the country. The attack disrupted Internet and 4G services for customers.

January 2022.The IT Directorate of the Greek Parliament identified an attempt to hack 60 parliamentary email accounts. In response, the authorities temporarily closed the postal system during the legislature.

January 2022.An Australian spokesperson accused WeChat of deleting Prime Minister Scott Morrison's account and redirecting users to a website that provides information to Chinese expatriates. The government claims it first encountered booking problems in the prime minister's account in mid-2021.

January 2022.Hackers broke into the systems of the International Committee of the Red Cross, gaining access to the data of more than 500,000 people and disrupting its services around the world. Investigators found that the operation may be linked to a widespread influence operation in Iran.

January 2022.A cyberattack targeted the Ukrainian government, affecting 90 websites and using malware disguised as ransomware to damage dozens of computers at government agencies.

January 2022.The hackers attacked several Israeli media outlets, including Maariv and the Jerusalem Post, posting threatening messages on their websites. One message read in English and Hebrew: "We are close to you where you don't think."

January 2022.A DRPK-linked group is targeting several Russian diplomats with malware. The diplomats received an email disguised as a New Year's greetings screen saver, but once opened, they installed a Trojan horse for remote access.

December 2021.A cyberattack on the Belgian Ministry of Defense forced the shutdown of part of its computer network, including the ministry's mail system, for several days. Hackers exploited the Log4j vulnerability to compromise the network.

December 2021.Hackers have been targeting various governments in Southeast Asia over the past 9 months using custom malware linked to state-sponsored groups in China. Many of the nations involved are currently locked in disputes with China over territorial claims in the South China Sea.

December 2021. A breach of Prime Minister Modi's Twitter account allowed hackers to tweet from the account that India has officially adopted Bitcoin as legal tender. The tweet also included a fraudulent link promising a bitcoin offer.

December 2021.A Bloomberg investigation publicly linked a 2012 breach of Australia's telecommunications systems to malicious code embedded in a Huawei software update.

December 2021.Cybersecurity companies have found pro-government hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the Log4j announcement, researchers found more than 600,000 attempts to exploit the vulnerability.

December 2021.Chinese hackers attacked four other US defense and technology companies in December, as well as an organization in November. Hackers obtained passwords to access organizations' systems and attempted to intercept sensitive communications.

December 2021.A Russian group has claimed responsibility for a ransomware attack against Australian utility CS Energy. The announcement came after Australian media blamed the attack on Chinese government hackers.