715 Reasons Why

National Security encompasses a wide range of challenges and threats. What once seemed to be limited to government vs. government espionage and sabotage, National Security now encompasses a wide variety of targets and an ever increasing number of state and non-state actors.

The Center for Strategic and International Studies (CSIS) maintains a ongoing list of significant cyber incidents. They focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.

As of March, 2021, they have listed over 715 incidents. You can find their latest list here. Below are some of the highlights.

March 2021. A group of Chinese hackers used Facebook to send malicious links to Uyghur activists, journalists, and dissidents located abroad.

March 2021. The Indian Computer Emergency Response Team found evidence of Chinese hackers conducting a cyber espionage campaign against the Indian transportation sector.

February 2021. A Portuguese-speaking cyber criminal group accessed computer systems at a division of Oxford University researching COVID-19 vaccines, and are suspected to be selling the data they collected to nation states.

January 2021. Suspected Indian hackers active since 2012 were attacking business and governments across South and East Asia, with a particular emphasis on military and government organizations in Pakistan, China, Nepal, and Afghanistan, and businesses involved in defense technology, scientific research, finance, energy, and mining.

December 2020. Iranian state hackers used a Christmas theme for a spearphishing campaign targeting think tanks, research organizations, academics, journalists, and activists in the Persian Gulf, EU, and US.

December 2020. Over 200 organizations around the world—including multiple US government agencies—were revealed to have been breached by Russian hackers who compromised the software provider SolarWinds and exploited their access to monitor internal operations and exfiltrate data.

November 2020. Suspected Chinese government hackers conducted a cyber espionage campaign from 2018 to 2020 targeting government organizations in Southeast Asia.

October 2020. India’s National Cyber Security Coordinator announced that cyber crimes in India cost almost $17 billion in 2019.

October 2020. Iranian hackers targeted attendees of the Munich Security Conference in order to gather intelligence on foreign policy from the compromised individuals

October 2020. Iran announced that the country’s Ports and Maritime Organization and one other unspecified government agency had come under cyberattack.

October 2020. A cyber mercenary group targeted government officials and private organizations in South Asia and the Middle East using a combination of methods including zero-day exploits.

September 2020. American healthcare firm Universal Health Systems sustained a ransomware attack that caused affected hospitals to revert to manual backups, divert ambulances, and reschedule surgeries.

September 2020. Russian hackers targeted government agencies in NATO member countries, and nations who cooperate with NATO. The campaign uses NATO training material as bait fora phishing scheme that infects target computers with malware that creates a persistent backdoor.

August 2020. Suspected Pakistani hackers used custom malware to steal files from victims in twenty-seven countries, most prominently in India and Afghanistan.

June 2020. The Australian Prime Minister announced that an unnamed state actor had been targeting businesses and government agencies in Australia as part of a large-scale cyber attack.

May 2020. Israeli hackers disrupted operations at an Iranian port for several days, causing massive backups and delays. Officials characterized the attack as a retaliation against a failed Iranian hack in April targeting the command and control systems of Israeli water distribution systems.

December 2019. Unknown hackers stole login credentials from government agencies in 22 nations across North America, Europe, and Asia.

August 2019. Russian hackers were observed using vulnerable IoT devices like a printer, VOIP phone, and video decoder to break into high-value corporate networks

January 2019. Hackers release the personal details, private communications, and financial information of hundreds of German politicians, with targets representing every political party except the far-right AfD.

October 2018. The Security Service of Ukraine announced that a Russian group had carried out an attempted hack on the information and telecommunication systems of Ukrainian government groups.

July 2018. Russian hackers were found to have targeted the Italian navy with malware designed to insert a backdoor into infected networks.

October 2017. A major wave of ransomware infections hits media organizations, train stations, Center for Strategic and International Studies (CSIS) | Washington, D.C. airports, and government agencies in Russia and Eastern Europe. Security researchers found strong evidence linking the attack to the creators of NotPetya, and noted that the malware used leaked NSA-linked exploits to move through networks. Ukrainian police later reported that the ransomware was a cover for a quiet phishing campaign undertaken by the same actor to gain remote access to financial and other confidential data.

July 2017. The FBI and DHS announced that hackers had been targeting US energy facilities including the Wolf Creek Nuclear Operating Corporation in a campaign bearing resemblance to the operations of a known Russian hacking group

August 2016. Brazilian hackers ramped up phishing attacks against tourists visiting Rio de Janeiro for the 2016 Olympics. Security researchers ranked Brazil second only to Russia in the sophistication of its financial fraud gangs.

July 2015. United Airlines revealed that its computer systems were hacked in May or early June, compromising manifest data that detailed the movements of millions of Americans. The report, citing “several people familiar with the probe,” stated that the group behind this attack is the same group suspected of the Office of Personnel Management hack discovered in June.

July 2014. U.S. Office of Personnel Management networks that contain information on thousands of applicants for top secret clearances are breached.

June 2013. Edward Snowden, a former systems administrator at the NSA, reveals documents showing among other things that the US conducted cyber espionage against Chinese targets.

May 2013. India is believed to have used a zero-day exploit to penetrate Pakistani mining, automotive, legal, engineering, food service, military, and banks.

March 2012. Trend Micro uncovered a Chinese cyber campaign, dubbed ‘Luckycat’ that targeted U.S.-based activists and organizations, Indian and Japanese military research, as well as Tibetan activists.

September 2011. Australia’s Defense Signals Directorate says that defense networks are attacked more than 30 times a day, with the number of attacks increasing by more than 350 percent by 2009.

September 2011. A computer virus from an unknown source introduced “keylogger” malware onto ground control stations for US Air Force UAVs and, according to press reports, infected both classified and unclassified networks at Creech Air Force Base in Nevada.

October 2010. The Wall Street Journal reported that hackers using “Zeus” malware, available in cybercrime black markets for about $1200, were able to steal over $12 million from five banks in the US and UK.

March 2009. Reports in the press say that the plansfor Marine Corps 1, the new presidential helicopter, were found on a file-sharing network in Iran.

November 2008. Chinese hackers infiltrated the computer network of the White House and obtained emails between senior government officials.

October 2007. More than a thousand staffers at Oak Ridge National Labs received an email with an attachment that, when opened, provides unknown outsiders with access to the Lab’s databases.

May 2006. The Department of State’s networks were hacked, and unknown foreign intruders downloaded terabytes of information. If Chinese or Russian spies had backed a truck up to the State Department, smashed the glass doors, tied up the guards and spent the night carting off file cabinets, it would constitute an act of war. But when it happens in cyberspace, we barely notice.

2005. Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and the U.S. Army Space and Strategic Defense installation.

You can find their complete list here.