Es muy interesante apreciar los que se realizaron sobre Ucrania. Quizá acciones previas al conflicto en desarrollo. Se presenta un interesante registro de incidentes cibernéticos desde el año 2006. También se muestra un resumen de los incidentes de durante el último año. El registro de incidentes se puede descargar desde el artículo. Se enfoca en los ataques cibernéticos a agencias gubernamentales, empresas de defensa y alta tecnología, o delitos económicos con pérdidas de más de un millón de dólares.
January 2022. A Belarusian hacktivist group accessed the networks of state-owned Belarusian Railway. The group encrypted the majority of the Railway’s servers and destroyed data held on a backup server, possibly to complicate Russian troop movements throughout the country.
January 2022. A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.
January 2022. Hackers shut down internet traffic to and from North Korea twice in two weeks from what researchers say was likely a series of DDoS attacks. The second attack came just after North Korea’s 5th missile test of the month.
January 2022. Hackers breached the Canadian Foreign Ministry, hampering some of the Ministry’s internet-connected services. The hack came a day after the government issued a warning to bolster network security in anticipation of Russia-based cyberattacks on critical infrastructure.
January 2022. A series of DDoS attacks targeted a high-stakes Minecraft tournament and ended up impacting Andorra Telecom, the country’s only internet service provider. The attack disrupted 4G and internet services for customers.
January 2022. The Informatic Directorate of the Greek Parliament identified an attempt to hack into 60 parliamentary email accounts. In response, authorities temporarily shut down the mailing system in the legislature.
January 2022. An Australian spokesman accused WeChat of taking down Prime Minister Scott Morrison’s account and redirecting users to a website that provides information for Chinese expatriates. The Government claims that they first encountered problems posting to the Prime Minister’s account in mid-2021.
January 2022. Hackers breached systems belonging to the International Committee of the Red Cross, gaining access to data on more than 500,000 people and disrupting their services around the world.
January 2022. A cyberattack targeted the Ukrainian government, hitting 90 websites and deploying malicious software masquerading as ransomware to damage dozens of computers in government agencies.
January 2022. Hackers attacked several Israeli media outlets, including Maariv and the Jerusalem Post, posting threatening messages on their websites. One message stated “we are close to you where you do not think about it” in English and Hebrew.
January 2022. A DRPK-affiliated group targeted multiple Russian diplomats with malware. The diplomats received an email disguised as a New Year greetings screensaver but which, after being opened, installed a remote access trojan.
December 2021 . A cyberattack on the Belgium Ministry of Defence forced part of its computer network, including the ministry’s mail system, to shut down for several days. Hackers exploited the Log4j vulnerability to compromise the network.
December 2021. Hackers targeted multiple Southeast Asian governments over the past 9 months using custom malware linked to Chinese state-sponsored groups. Many of the nations targeted are currently engaged in disputes with China over territorial claims in the South China Sea.
December 2021 . A breach of Prime Minster Modi’s Twitter allowed hackers to Tweet from the account that India officially adopted bitcoin as legal tender. The Tweet also included a scam link promising a bitcoin giveaway.
December 2021. A Bloomberg investigation publicly linked an intrusion into Australia’s telecommunications systems in 2012 to malicious code embedded in a software update from Huawei.
December 2021. Cybersecurity firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability.
December 2021. Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.
December 2021. A Russian group took responsibility for a ransomware attack on Australian utility company CS energy. This announcement came after Australian media outlets blamed Chinese government hackers for the attack.
November 2021 . A Russian-speaking group targeted the personal information of around 3,500 individuals, including government officials, journalists, and human rights activists. The group obtained access to private email accounts and financial details, and operated malware on Android and Windows devices.
November 2021. Hackers gained access to the social security and driver’s license numbers of employees after compromising a U.S. defense contractor.
November 2021. Chinese officials claim a foreign intelligence agency hacked into several airlines in China and stole passenger information. The officials stated the hacks are connected due to the use of a custom trojan in all the attacks.
November 2021 . After CISA publicly shared details on a vulnerability, Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability.
November 2021. A vendor that handles data for the UK Labour Party was subject to a cyberattack, affecting the data of its members and affiliates.
November 2021. Hackers gained access to the FBI’s Law Enforcement Enterprise Portal—a system used to communicate to state and local officials—and sent a warning of a cyberattack in an email claiming to be from the Department of Homeland Security (DHS).
November 2021. The stock trading platform, Robinhood, disclosed a social engineering cyberattack that allowed a hacker to gain access to the personal information of around 7 million customers. The data included names, email addresses, and for some, data of birth, and zip codes. Following the breach, the hacker requested payment, presumably not to disclose the stolen data.
October 2021. A Chinese-linked hacking group gained access to calling records and text messages from telecommunication carriers across the globe, according to a report from CrowdStrike. The report outlines the group began its cyberattacks in 2016 and infiltrated at least 13 telecommunications networks.
October 2021. A cyberattack targeted the government-issued electronic cards Iranians use to buy subsidized fuel and altered the text of electronic billboards to display anti-regime messages against the Supreme Leader Ayatollah Ali Khamenei.
October 2021. A group with ties to Iran attempted to hack over 250 Office 365 accounts. All the targeted accounts were either U.S. and Israeli defense technology companies, had a focus on Persian Gulf ports of entry, or maritime transportation companies with a presence in the Middle East.
October 2021. Brazilian hackers carried out a cyberattack on the National Malware Center website belonging to Indonesia’s State Cyber and Password Agency. The hackers edited the contents of the webpage and indicated that the cyberattack was retribution for an Indonesian hack on the Brazilian state website.
October 2021. Hackers leaked data and photos from the Israeli Defense Ministry after gaining access to 165 servers and 254 websites, overall compiling around 11 terabytes of data.
October 2021. An American company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
September 2021. Chinese state-linked hackers targeted Afghan telecom provider Roshan and stole gigabytes of data from their corporate mail server over the past year.
September 2021. The EU formally blamed Russia for its involvement in the ‘Ghostwriter’ cybercampaign, which targeted the elections and political systems of several member states. Since 2017, Russian operators hacked the social media accounts of government officials and news websites, with the goal of creating distrust in U.S. and NATO forces.
September 2021. Hackers obtained 15 TB of data from 8,000 organizations working with Israel-based company, Voicenter and offered the data online for $1.5 million. Some experts have stipulated the hackers have ties to Iran, but no link has been confirmed.
September 2021. The Lithuanian Defense Ministry found hidden features in popular 5G smartphone models manufactured in China, according to its state-run cybersecurity body. The module embedded in the phones detects and censors 449 keywords or groups of keywords that are counter to the message of the Chinese government.
September 2021. Two hours after the vote opened for Hungary’s opposition primary elections, the polling systems in electoral districts nationwide fell victim to a cyberattack. The actor responsible is still unknown, but the cyberattack led to the government extending voting by two days.
September 2021. The U.S. Department of Justice sentenced Ghaleb Alaumary to more than 11 years in prison for aiding North Korean cybercriminals in money laundering. His assistance included ATM cash-out operations, cyber-enabled bank heists, and business email compromise (BEC) schemes. These attacks targeted banks, professional soccer clubs, and other unnamed companies in the U.S. and U.K.
September 2021. A cyberattack against the United Nations occurred in April 2021, targeting users within the UN network to further long-term intelligence gathering. The hacker was able to access their networks through stolen user credentials purchased on the dark web.
September 2021. The Norwegian Government stated a series of cyberattacks against private and state IT infrastructure came from bad actors sponsored by and operating from China. Their investigation of the hacks claims the actors attempted to capture classified information relating to Norway’s national defense and security intelligence.
September 2021. Researchers and cybersecurity experts revealed a mobile espionage campaign against the Kurdish ethnic group. Hackers targeted individuals on Facebook, persuading them to download apps that contain Android backdoors utilized for espionage.
September 2021. In April 2020, Chinese bots swarmed the networks of the Australian government days after Australia called for an independent international probe into the origins of the coronavirus. These bots looked for potential vulnerabilities on the network to exploit in future cyberattacks.
August 2021. A cyberattack on the government of Belarus compromised dozens of police and interior ministry databases. The hack claims to be a part of an attempt to overthrow President Alexander Lukashenko’s regime.
August 2021. A hacking group targeted a high-profile Iranian prison, uncovering documents, videos, and images that displayed the violent treatment of its prisoners. The group claims to be hacktivists demanding the release of political prisoners.
August 2021. A cyber-espionage group linked to one of Russia’s intelligence forces targeted the Slovak government from February to July 2021 through spear-fishing attempts.
August 2021. Russia targeted and blocked content on “smart voting” app created by Kremlin critic Alexei Navalny and his allies intended to organize voting against the Kremlin in next month’s parliamentary elections.
August 2021. Hacks initially attributed to Iran in 2019 and 2020 were found to be conducted by Chinese operatives. The cyberattack broke into computers across Israel’s government and tech companies.
August 2021. A cyberattack on the Covid-19 vaccine-scheduling website for the Italian region of Lazio forced the website to temporarily shut down. New vaccination appointments were unable to be scheduled for several days after the attack.
August 2021. Various Chinese cyber-espionage groups are responsible for the hacks of at least five major Southeast Asian telecommunication providers beginning in 2017. The attacks were carried out by three different hacking groups and are seemingly unlinked despite all groups having a connection to Chinese espionage efforts.
July 2021. Estonia stated a Tallinn-based hacker downloaded 286,438 ID photos from government database, exposing a vulnerability in a platform managed by their Information System Authority (RIA).
July 2021. A cyberattack gained access to 1 terabyte of data from the Saudi Arabian Oil Company through a zero-day exploitation. Hackers are offering to delete the data in exchange for $50 million in cryptocurrency.
July 2021. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. Researchers found a total of 100 victims in Myanmar and 1,400 in the Philippines, including many government entities.
July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack from early 2021 and the compromise of more than 100,000 servers worldwide.
July 2021. Transnet Port Terminals (TPT), South Africa’s state-run ports operator and freight rail monopoly, had its rail services disrupted after a hack by unknown actors. Transnet reportedly declared it an act “force majeure.”
July 2021. Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating systems, on devices belonging to activists, politicians, and journalists.
July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States.
July 2021. Iran used Facebook accounts to pose as recruiters, journalists, and NGO affiliates, targeting U.S. military personnel. The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites.
July 2021. The Russian defense ministry claimed it was hit with a DDoS attack that caused its website to shut down, stating the attack came from outside the Russian Federation.
July 2021. Norway attributed a March 2021 cyberattack on parliament’s e-mail system to China.
July 2021. Iran’s transport and urbanization ministry was the victim of a cyber attack that impacted display boards at stations throughout the country. The attack caused delays and cancellations of hundreds of trains across Iran.
July 2021. Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment.
July 2021. The Ukranian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills.
June 2021. Russia claimed that Vladimir Putin’s annual phone-in session was targeted by DDoS attacks.
June 2021. A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. Hackers posed as the Office of the President of Afghanistan and targeted the Afghan National Security Council.
June 2021. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists. The campaign aimed to advance political unrest and distrust in Israel.
June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.
June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government.
June 2021. The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services.
June 2021. United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base.
June 2021. A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists.
June 2021. Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil.
June 2021. A spreadsheet was leaked containing classified personal details of the 1,182 United Kingdom’s Special Forces soldiers on WhatsApp.
June 2021. A ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents.
June 2021. Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.
May 2021. LineStar Integrity Services, a pipeline-focused business, was hit by a ransomware attack the same time as the Colonial Pipeline, with 70 gigabytes of its internal files being stolen.
May 2021. A North Korean cyberattack on South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) occurred through a vulnerability in a vendor’s VPN.
May 2021. The world’s largest meat processing company, Brazilian-based JBS, was the victim of a ransomware attack. The attack shut down facilities in the United States, Canada and Australia. The attack was attributed to the Russian speaking cybercrime group, REvil.
May 2021. On May 24th, hackers gained access to Fujitsu’s systems and stole files belonging to multiple Japanese government entities. So far four government agencies have been impacted.
May 2021. Cybersecurity researchers identified a North Korean hacking group to be responsible for a cyber espionage campaign, targeting high profile South Korean government officials, utilizing a phishing methodology. The group’s targets were based in South Korea and included: the Korea Internet and Security Agency (KISA), ROK Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State (in ROK), International Atomic Energy Agency Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities.
May 2021. On May 14, Ireland’s national health service, the Health Service Executive (HSE), was the victim of a ransomware attack. Upon discovering the attack, government authorities shut down the HSE system. The attackers utilized the Conti ransomware-as-a-service (RaaS), which is reported to be operated by a Russia-based cybercrime group.
May 2021. The FBI and the Australian Cyber Security Centre warned of an ongoing Avaddon ransomware campaign targeting multiple sectors in various countries. The reported targeted countries are Australia, Belgium, Brazil, Canada, China, Costa Rica, Czech Republic, France, Germany, India, Indonesia, Italy, Jordan, Peru, Poland, Portugal, Spain, UAE, UK, US. The targeted industries include: academia, airlines, construction, energy, equipment, financial, freight, government, health, it, law enforcement, manufacturing, marketing, retail, pharmaceutical.
May 2021. On May 6, the Colonial Pipeline, the largest fuel pipeline in the United States, was the target of a ransomware attack. The energy company shut down the pipeline and later paid a $5 million ransom. The attack is attributed to DarkSide, a Russian speaking hacking group.
May 2021. On May 4th and 5th, the Norwegian energy technology company Volue was the victim of a ransomware attack. The attack resulted in the shutdown of water and water treatment facilities in 200 municipalities, affecting approximately 85% of the Norwegian population.
May 2021. A large DDoS attack disabled the ISP used by Belgium’s government, impacting more than 200 organizations causing the cancellation of multiple Parliamentary meetings
May 2021. A Chinese hacking group compromised a Russian defense contractor involved in designing nuclear submarines for the Russian navy.
April 2021. A hacking group compromised the social media accounts of Polish officials and used them to disseminate narratives critical of NATO. German authorities have reported that the same group has also attempted to compromise members of the Bundestag and state parliament.
April 2021. Hackers linked to the Chinese military conducted an espionage campaign targeting military and government organizations in Southeast Asia beginning in 2019
April 2021. Malware triggered an outage for airline reservation systems that caused the networks of 20 low-cost airlines around the world to crash.
April 2021. Russian hackers targeted Ukrainian government officials with spearphishing attempts as tensions between the two nations rose during early 2021.
April 2021. Hackers linked to Palestinian intelligence conducted a cyber espionage campaign compromising approximately 800 Palestinian reporters, activists, and dissidents both in Palestine and more broadly across the Middle East.
April 2021. Two state-backed hacking groups—one of which works on behalf of the Chinese government—exploited vulnerabilities in a VPN service to target organizations across the U.S. and Europe with a particular focus on U.S. defense contractors.
April 2021. MI5 warned that over 10,000 UK professional shave been targeted by hostile states over the past five years as part of spearphishing and social engineering campaigns on LinkedIn.
April 2021. Swedish officials disclosed that the Swedish Sports Confederation was hacked by Russian military intelligence in late 2017 and early 2018 in response to accusations of Russian government-sponsored doping of Russian athletes.
April 2021. New York City’s Metropolitan Transportation Authority (MTA) was hacked by Chinese-backed actors but were unable to gain access to user data or information systems.
April 2021. French security researchers found that the number of attacks hitting critical French businesses increased fourfold in 2020 during the COVID-19 pandemic.
April 2021. The European Commission announced that the EC and multiple other EU organizations were hit by a major cyberattack by unknown hackers.
April 2021. Chinese hackers launched a months-long cyber espionage campaign during the second half of 2020 targeting government agencies in Vietnam with the intent of gathering political intelligence
March 2021. The North Korean hacking group responsible for a set of attacks on cybersecurity researchers in January 2021 launched a new campaign targeting infosec professionals using fake social media profiles and a fake website for a non-existent security service company target.
March 2021. Suspected Iranian hackers targeted medical researchers in Israel and the U.S. in an attempt to steal the credentials of geneticists, neurologists, and oncologists in the two countries.
March 2021. Suspected Russian hackers stole thousands of emails after breaching the email server of the U.S. State Department.
March 2021. Suspected state hackers targeted the Australian media company Nine Entertainment with a ransomware variant, disrupting live broadcasts and print production systems.
March 2021. Suspected Russian hackers attempted to gain access to the personal email accounts of German parliamentarians in the run-up to Germany’s national elections.
March 2021. U.S. Cyber Command confirmed that it was assisting Columbia in responding to election interference and influence operations.
March 2021. The head of U.S. Cyber Command testified that the organization had conducted more than two dozen operations to confront foreign threats ahead of the 2020 U.S. elections, including eleven forward hunt operations in nine different countries.
March 2021. A group of Chinese hackers used Facebook to send malicious links to Uyghur activists, journalists, and dissidents located abroad.
March 2021. The Indian Computer Emergency Response Team found evidence of Chinese hackers conducting a cyber espionage campaign against the Indian transportation sector.
March 2021. Polish security services announced that suspected Russian hackers briefly took over the websites of Poland’s National Atomic Energy Agency and Health Ministry to spread false alerts of a nonexistent radioactive threat.
March 2021. Both Russian and Chinese intelligence services targeted the European Medicines Agency in 2020 in unrelated campaigns, stealing documents relating to COVID-19 vaccines and medicines.
March 2021. Ukraine’s State Security Service announced it had prevented a large-scale attack by Russian FSB hackers attempting to gain access to classified government data.
March 2021. Lithuania’s State Security Department declared that Russian hackers had targeted top Lithuanian officials in 2020 and used the country’s IT infrastructure to carry out attacks against organizations involved in developing a COVID-19 vaccine.
March 2021. Suspected Iranian hackers targeted government agencies, academia, and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia, and the UAE as part of a cyber espionage campaign.
March 2021. Chinese government hackers targeted Microsoft’s enterprise email software to steal data from over 30,000 organizations around the world, including government agencies, legislative bodies, law firms, defense contractors, infectious disease researchers, and policy think tanks.
March 2021. Suspected Chinese hackers targeted electricity grid operators in India in an apparent attempt to lay the groundwork for possible future attacks.
February 2021. A Portuguese-speaking cyber criminal group accessed computer systems at a division of Oxford University researching COVID-19 vaccines, and are suspected to be selling the data they collected to nation states.
February 2021. North Korean hackers targeted defense firms in more than a dozen countries in an espionage campaign starting in early 2020.
February 2021. Hackers associated with the Chinese military conducted a surveillance campaign against Tibetans both in China and abroad.
February 2021. Russian hackers compromised a Ukrainian government file-sharing system and attempted to disseminate malicious documents that would install malware on computers that downloaded the planted files.
February 2021. Hackers linked to the Vietnamese government conducted a nearly three-year cyber espionage campaign against human rights advocates in the country by using spyware to infiltrate individuals’ systems, spy on their activity, and exfiltrate data.
February 2021. Ukrainian officials reported that a multi-day distributed denial-of-service attack against the website of the Security Service of Ukraine was part of Russia’s hybrid warfare operations in the country.
February 2021. The US Department of Justice indicted three North Korean hackers for conspiring to steal and extort more than $1.3 billion in cash and cryptocurrencies.
February 2021. Iranian hackers took control of a server in Amsterdam and used it as a command and control center for attacks against political opponents in the Netherlands, Germany, Sweden, and India.
February 2021. North Korean hackers attempted to break into the computer systems of pharmaceutical company Pfizer to gain information about vaccines and treatments for the COVID-19.
February 2021. Suspected Iranian hackers targeted government agencies in the UAE as part of a cyber espionage campaign related to the normalizations of relations with Israel.
February 2021. The French national cybersecurity agency announced that a four-year campaign against French IT providers was the work of a Russian hacking group.
February 2021. Suspected Indian hackers targeted over 150 individuals in Pakistan, Kazakhstan, and India using mobile malware, including those with links to the Pakistan Atomic Energy Commission, the Pakistan Air Force, and election officials in Kashmir.
February 2021. Ten members of a cybercriminal gang were arrested after a campaign where they tricked telecom companies into assigning celebrities’ phone numbers to new devices, stealing more than $100 million worth of cryptocurrencies.
February 2021. Unknown hackers attempted to raise levels of sodium hydroxide in the water supply of Oldsmar, Florida by a factor of 100 by exploiting a remote access system.
February 2021. Two Iranian hacking groups conducted espionage campaigns against Iranian dissidents in sixteen countries in the Middle East, Europe, South Asia, and North America.
Fuente: https://www.csis.org
