Below is a summary of incidents from over the last months. For the full list, click the download link at the end of this article.
July 2023: China claims that an earthquake monitoring system in Wuhan was hacked by “U.S. cybercriminals.” Chinese state media asserts that a backdoor program with the capacity to steal seismic data was inserted into the program.
July 2023: Kenya’s eCitizen service was disrupted by pro-Russian cybercriminals for several days. Kenya’s Ministry of Information, Communications, and the Digital Economy claimed that no data was accessed or lost.
July 2023: Russian-linked cyber hackers have targeted Ukrainian state services such as the app “Diia” using malware and phishing attacks. The primary targets are Ukrainian defense and security services.
July 2023: The Ministry of Justice in Trinidad and Tobago was hit with a DDoS attack that disrupted court operations across the country. The ministry reported outages beginning in late June, which are believed to be linked to this same attack.
July 2023: New Zealand’s parliament was hit by a cyberattack from a Russian hacking group. The group said their attack was retaliation against New Zealand’s support for Ukraine, such as its assistance with training Ukrainian troops and sanctions against Russia. Heckers temporarily shut down the New Zealand Parliament, Parliamentary Counsel Office (PCO) and Legislation websites in a DDoS attack.
July 2023: Russian hackers targeted twelve government ministries in Norway to gain access to sensitive information. The hackers exploited a vulnerability in a software platform used by the ministries.
July 2023: A South Korean government-affiliated institution fell victim to a phishing scandal that resulted in a loss of 175 million wons, reportedly the first phishing incident against a South Korean government public organization.
July 2023: Chinese-linked hackers infected a Pakistani government app with malware. A state bank and telecoms provider were also targeted in the attack.
July 2023: Chinese hackers breached the emails of several prominent U.S. government employees in the State Department and Department of Commerce through a vulnerability in Microsoft’s email systems.
July 2023: Russian hackers targeted numerous attendees of the latest NATO Summit in Vilnius. The assailants used a malicious replica of the Ukraine World Congress website to target attendees.
July 2023: A Polish diplomat’s advertisement to purchase a used BMW was corrupted by Russian hackers and used to target Ukrainian diplomats. The hackers copied the flyer, imbedded it with malicious software and distributed it to foreign diplomats in Kyiv.
June 2023: A group allegedly tied to the private military corporation Wagner hacked a Russian satellite telecommunications provider that services the Federal Security Service (FSB) and Russian military units. The attack comes after Wagner’s attempted rebellion against President Vladimir Putin over the war in Ukraine.
June 2023: A Pakistani-based hacker group infiltrated the Indian army and education sector in the group’s latest wave of attacks against Indian government institutions.The hack is the latest in a series of targeted attacks from this group that have intensified over the past year.
June 2023: Pro-Russian hacktivists attacked several European banking institutions, including the European Investment Bank, in retaliation against Europe’s continued support of Ukraine. The hacktivists used a DDoS attack to disrupt EIB.
June 2023:Several U.S. federal government agencies, including Department of Energy entities, were breached in a global cyberattack by Russian-linked hackers. Cybercriminalstargeted a vulnerability in software that is widely used by the agencies, according to a US cybersecurity agent.
June 2023:An Illinois hospital became the first health care facility to publicly list a ransomware attack as a primary reason for closing. The attack, which occurred in 2021,permanently crippled the facility’s finances.
June 2023: Pro-Russian hackers targeted several Swiss government websites, including those for Parliament, the federal administration, andthe Geneva airport. The DDoS attacks coincide in conjunction with preparations for Ukrainian President Volodimir Zelensky’s virtual address before the Swiss parliament.
June 2023:According to new reporting,North Korean hackers have been impersonating tech workers or employers to steal more than $3 billion since 2018. The money has reportedly beenused to fundthe country’s ballistic missiles program, according to U.S. officials.
June 2023: Ukrainian hackers claimed responsibility for an attack on a Russian telecom firm that provides critical infrastructure to the Russian banking system. The attack occurred in conjunction with Ukraine’s counteroffensive.
June 2023: Russia’s Federal Security Services (FSB) alleged that Apple worked closely with US intelligence agencies to hack thousands of iPhones belonging to Russian users and foreign diplomats. Apple denied theclaims, and the NSA declined to comment.
May 2023: Belgium’s cyber security agency has linked China-sponsored hackers to a spearfishing attack on a prominent politician. The attack comes as European governments are increasingly willing to challenge China over cyber offences.
May 2023: Chinese hackers breached communications networks at a U.S. outpost in Guam. The hackers used legitimate credentials, making it harder to detect them.
May 2023: Chinese hackers targeted Kenyan government ministries and state institutions, including the presidential office. The hacks appeared to be aimed at gaining information on debt owed to Beijing.
May 2023: A likely Russia state group has targeted government organizations in Central Asia. The group is using previously unknown malware, and the attacks focused on document exfiltration.
May 2023: An unidentified group hacked targets in both Russia and Ukraine. The motive for the attacks was surveillance and data gathering,
May 2023: Russian-linked hackivist conducted an unsuccessful cyberattack against Ukraine’s system for managing border crossings by commercial trucks through a phishing campaign
April 2023: Sudan-linked hackers conducted a DDoS attack on Israel’s Independence Day, taking the Israeli Supreme Court’s website offline for several hours. Israeli cyber authorities reported no lasting damage to network infrastructure. Hackers claimed to have also attacked several other Israeli government and media sites, but those attacks could not be confirmed. The group has been active since at least January 2023, attacking critical infrastructure in Northern Europe and is considered religiously motivated.
April 2023: NSA cyber authorities reported evidence of Russian ransomware and supply chain attacks against Ukraine and other European countries who have provided Ukraine with humanitarian aid during the war in Ukraine. There were no indications of these attacks against U.S. networks.
April 2023: Iranian state-linked hackers targeted critical infrastructure in the U.S. and other countries in a series of attacks using a previously unseen customized dropper malware. The hacking group has been active since at least 2014, conducting social engineering and espionage operations that support the Iranian government’s interests.
April 2023: Recorded Future released a report revealing data exfiltration attacks against South Korean research and academic institutions in January 2023. The report identified Chinese-language hackers. Researchers believe that this is a hacktivist group motivated by patriotism for China.
April 2023: Researchers at Mandiant attributed a software supply chain attack on 3CX Desktop App software to North Korea-linked hackers. During its investigation, Mandiant found that this attack used a vulnerability previously injected into 3CX software. This is Mandiant’s first discovery of a software supply chain attack leveraging vulnerabilities from a previous software supply chain attack.
April 2023: Chinese hackers targeted telecommunication services providers in Africa in an espionage campaign since at least November 2022. Researchers believe the group has targeted pro-domestic human rights and pro-democracy advocates, including nation-states, since at least 2014. Using the access from the telecom providers, the group gathers information including keystrokes, browser data, records audio, and captures data from individual targets on the network.
April 2023: A Russia-linked threat group launched a DDoS attack against Canadian prime Minister Justin Trudeau, blocking access to his website for several hours. The operation’s timing coincided with the Canadian government’s meeting with Ukrainian Prime Minister Denys Shmyhal, suggesting that the operation was retaliation.
April 2023: North Korea-linked hackers are operating an ongoing espionage campaign targeting defense industry firms in Eastern Europe and Africa. Researchers at Kaspersky believe the hacking group shifted its focus in 2020 from financially motivated coin-mining attacks to espionage.
April 2023: Researchers discovered Israeli spyware on the iPhones of over 5 journalists, political opposition figures, and an NGO worker. Hackers initially compromised targets using malicious calendar invitations. The hackers’ origin and motivations are unclear.
April 2023: Ukraine-linked hacktivists targeted the email of Russian GRU Unit26165’s leader, Lieutenant Colonel Sergey Alexandrovich, leaking his correspondence to a volunteer intelligence analysis group. The exfiltrated data contained Alexandrovich’s personal information, unit personnel files, and information on Russian cyberattack tools.
April 2023: North Korean-linked hackers targeted people with expertise on North Korea policy issues in a phishing campaign. Hackers posed as journalists requesting interviews from targets, inviting them to use embedded links for scheduling and stealing their login credentials. The amount of information stolen and number of targets are unclear.
March 2023. Russian hackers brought down the French National Assembly’s website for several hours using a DDoS attack. In a Telegram post, hackers cited the French government’s support for Ukraine as the reason for the attack.
March 2023. CISA and FBI reported that a U.S. federal agency was targeted by multiple attackers, including a Vietnamese espionage group, in a cyberespionage campaign between November 2022 and January 2023. Hackers used a vulnerability in the agency’s Microsoft Internet Information Services (IIS) server to install malware.
March 2023. A Chinese cyberespionage group targeted an East Asian data protection company who serves military and government entities that lasted approximately a year.
March 2023: (3/24) A South Asian hacking group targeted firms in China’s nuclear energy industry in an espionage campaign. Researchers believe the group commonly targets the energy and government sectors of Pakistan, China, Bangladesh, and Saudi Arabia.
March 2023. Estonian officials claim that hackers unsuccessfully targeted the country’s internet voting system during its recent parliamentary elections. Officials did not release details about the attacks or provide attribution.
March 2023. North Korean hackers targeted U.S.-based cybersecurity research firms in a phishing campaign. The campaign was meant to deliver malware for cyberespionage.
March 2023. A Chinese cyber espionage group targeted government entities in Vietnam, Thailand, and Indonesia, using newly developed malware optimized to evade detection.
March 2023. Russian hackers launched social engineering campaigns targeting U.S. and European politicians, businesspeople, and celebrities who have publicly denounced Vladimir Putin’s invasion of Ukraine. Hackers persuaded victims to participate in phone or video calls, giving misleading prompts to obtain pro-Putin or pro-Russian soundbites. They published these to discredit victims’ previous anti-Putin statements.
March 2023. Slovakian cybersecurity researchers discovered a new exploit from a Chinese espionage group targeting political organizations in Taiwan and Ukraine.
March 2023. Poland blamed Russia hackers for a DDoS attack on its official tax service website. Hackers blocked users’ access to the site for approximately an hour, but no data was leaked in the attack. A pro-Russian hacking group had earlier published a statement on Telegram about its intention to attack the Polish tax service.
February 2023. Russian hackers deployed malware to steal information from Ukrainian organizations in a phishing campaign. The malware is capable of extracting account information and files, as well as taking screenshots. Researchers believe the group is a key player in Russia’s cyber campaigns against Ukraine.
February 2023. A pro-Russian hacking group claimed responsibility for DDoS attacks against NATO networks used to transmit sensitive data. The attack disrupted communications between NATO and airplanes providing earthquake aid to a Turkish airbase. The attack also took NATO’s sites offline temporarily.
February 2023. Polish officials reported a disinformation campaign targeting the Polish public. Targets received anti-Ukrainian refugee disinformation via email. Officials claimed these activities may be related to Russia-linked hackers.
February 2023. A North Korean hacking group conducted an espionage campaign between August and November 2022. Hackers targeted medical research, healthcare, defense, energy, chemical engineering and a research university, exfiltrating over 100MB of data from each victim while remaining undetected. The group is linked to the North Korean government.
February 2023. Latvian officials claimed that Russian hackers launched a phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.
February 2023. Iranian hacktivists disrupted the state-run television broadcast of a speech by Iranian president Ebrahim Raisi during Revolution Day ceremonies. Hackers aired the slogan “Death to Khamenei” and encouraged citizens to join antigovernment protests.
February 2023. An Iranian hacking group launched an espionage campaign against organizations in the Middle East. Hackers used a backdoor malware to compromise target email accounts. Researchers claim the hacking group is linked to Iranian intelligence services.
February 2023. Iranian hacktivists claimed responsibility for taking down websites for the Bahrain international airport and state news agency.
February 2023. Hackers launched a ransomware attack against Technion University, Israel’s top technology education program. Hackers demanded 80 bitcoin ($1.7 million USD) to decrypt the university’s files. Israeli cybersecurity officials blamed Iranian state-sponsored hackers for the attack.
February 2023. Hackers disabled Italy’s Revenue Agency (Agenzia delle Entrane) website. While the website was disabled, users received phishing emails directing them to a false login page that mirrored the official agency site.
February 2023. Chinese cyberespionage hackers performed a spear-phishing campaign against government and public sector organizations in Asia and Europe. The emails used a draft EU Commission letter as its initial attack vector. These campaigns have occurred since at least 2019.
January 2023. Latvian officials claimed that Russia-linked hackers launched a cyber espionage phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.
January 2023. CISA, the NSA, and the Multi-State Information Sharing and Analysis Center released a joint advisory warning of an increase in hacks on the federal civilian executive branch utilizing remote access software. This follows an October 2022 report on a financially motivated phishing campaign against multiple U.S. federal civilian executive branch agencies.
January 2023. Russia-linked hackers deployed a ransomware attack against the UK postal service, the Royal Mail. The attack disrupted the systems used to track international mail.
January 2023. Iran-linked hackers executed ransomware attacks and exfiltrated data from U.S. public infrastructure and private Australian organizations. Australian authorities claim that the data exfiltrated was for use in extortion campaigns.
January 2023. Hackers used ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline.
January 2023. Albanian officials reported that its government servers were still near-daily targets of cyber-attacks following a major attack by Iran-linked hackers in 2022.
January 2023. Hackers launched a series of cyber-attacks against Malaysian national defense networks. Malaysian officials stated that the hacking activities were detected early enough to prevent any network compromise.
January 2023. Hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.