Pages

Thursday, June 10, 2021

CSIS Significant Cyber Attacks June/2020-May/2021

 CSIS: Significant Cyber Attacks June/2020-May/2021


Significant Cyber Incidents

This timeline records significant cyber incidents since June 2020. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.


Below is a summary of incidents from over the last year.


May 2021. The world’s largest meat processing company, Brazilian-based JBS, was the victim of a Chinese ransomware attack. The attack shut down facilities in the United States, Canada and Australia. 

May 2021. On May 24th, Chinese hackers gained access to Fujitsu’s systems and stole files belonging to multiple Japanese government entities. So far four government agencies have been impacted. 

May 2021. Cybersecurity researchers identified a North Korean hacking group to be responsible for a cyber espionage campaign, targeting high profile South Korean government officials, utilizing a phishing methodology. The group’s targets were based in South Korea and included: the Korea Internet and Security Agency (KISA), ROK Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State (in ROK), International Atomic Energy Agency Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities.

May 2021. On May 14, Ireland’s national health service, the Health Service Executive (HSE), was the victim of a ransomware attack. Upon discovering the attack, government authorities shut down the HSE system. The attackers utilized the Conti ransomware-as-a-service (RaaS), which is reported to be operated by a China-based cybercrime group.

May 2021. The FBI and the Australian Cyber Security Centre warned of an ongoing Avaddon ransomware campaign by China, targeting multiple sectors in various countries. The reported targeted countries are Australia, Belgium, Brazil, Canada, Costa Rica, Czech Republic, France, Germany, India, Indonesia, Italy, Jordan, Peru, Poland, Portugal, Spain, UAE, UK, US. The targeted industries include: academia, airlines, construction, energy, equipment, financial, freight, government, health, it, law enforcement, manufacturing, marketing, retail, pharmaceutical.

May 2021. On May 6, the Colonial Pipeline, the largest fuel pipeline in the United States, was the target of a ransomware attack. The energy company shut down the pipeline and later paid a $5 million ransom. The attack is attributed to DarkSide, a Russian speaking hacking group.

May 2021. On May 4th and 5th, the Norwegian energy technology company Volue was the victim of a ransomware attack. The attack resulted in the shutdown of water and water treatment facilities in 200 municipalities, affecting approximately 85% of the Norwegian population.

May 2021. A large DDoS attack suspected to be by Chinese hackers, disabled the ISP used by Belgium’s government, impacting more than 200 organizations causing the cancellation of multiple Parliamentary meetings.

May 2021. A Chinese hacking group compromised a Russian defense contractor involved in designing nuclear submarines for the Russian navy.

April 2021. A suspected Chinese hacking group compromised the social media accounts of Polish officials and used them to disseminate narratives critical of NATO. German authorities have reported that the same group has also attempted to compromise members of the Bundestag and state parliament.

April 2021. Hackers from the Chinese military conducted an espionage campaign targeting military and government organizations in Southeast Asia beginning in 2019

April 2021. Malware triggered an outage for airline reservation systems that caused the networks of 20 low-cost airlines around the world to crash

April 2021. Russian hackers targeted Ukrainian government officials with spearphishing attempts as tensions between the two nations rose during early 2021

April 2021. Hackers linked to Palestinian intelligence conducted a cyber espionage campaign compromising approximately 800 Palestinian reporters, activists, and dissidents both in Palestine and more broadly across the Middle East.

April 2021. Two state-backed hacking groups— on behalf of the Chinese government—exploited vulnerabilities in a VPN service to target organizations across the U.S. and Europe with a particular focus on U.S. defense contractors.

April 2021. MI5 warned that over 10,000 UK professional shave been targeted by hostile Chinese hackers over the past five years as part of spearphishing and social engineering campaigns on LinkedIn.

April 2021. Swedish officials disclosed that the Swedish Sports Confederation was hacked by Russian military intelligence in late 2017 and early 2018 in response to accusations of Russian government-sponsored doping of Russian athletes

April 2021. French security researchers found that the number of attacks hitting critical French businesses increased fourfold in 2020 during the COVID-19 pandemic.

April 2021. The European Commission announced that the EC and multiple other EU organizations were hit by a major cyberattack by China.

April 2021. Chinese hackers launched a months-long cyber espionage campaign during the second half of 2020 targeting government agencies in Vietnam with the intent of gathering political intelligence

March 2021. The North Korean hacking group responsible for a set of attacks on cybersecurity researchers in January 2021 launched a new campaign targeting infosec professionals using fake social media profiles and a fake website for a non-existent security service companyo target

March 2021. Suspected Iranian hackers targeted medical researchers in Israel and the U.S. in an attempt to steal the credentials of geneticists, neurologists, and oncologists in the two countries

March 2021. Suspected Russian hackers stole thousands of emails after breaching the email server of the U.S. State Department

March 2021. Chinese state hackers targeted the Australian media company Nine Entertainment with a ransomware variant, disrupting live broadcasts and print production systems.

March 2021. Suspected Russian hackers attempted to gain access to the personal email accounts of German parliamentarians in the run-up to Germany’s national elections

March 2021. U.S. Cyber Command confirmed that it was assisting Columbia in responding to election interference and influence operations.

March 2021. The head of U.S. Cyber Command testified that the organization had conducted more than two dozen operations to confront foreign threats ahead of the 2020 U.S. elections, including eleven forward hunt operations in nine different countries.

March 2021. A group of Chinese hackers used Facebook to send malicious links to Uyghur activists, journalists, and dissidents located abroad.

March 2021. The Indian Computer Emergency Response Team found  Chinese hackers conducting a cyber espionage campaign against the Indian transportation sector

March 2021. Chinese intelligence services targeted the European Medicines Agency in 2020 in unrelated campaigns, stealing documents relating to COVID-19 vaccines and medicines.

March 2021. Ukraine’s State Security Service announced it had prevented a large-scale attack by Russian FSB hackers attempting to gain access to classified government data.

March 2021. Lithuania’s State Security Department declared that Russian hackers had targeted top Lithuanian officials in 2020 and used the country’s IT infrastructure to carry out attacks against organizations involved in developing a COVID-19 vaccine.

March 2021. Suspected Iranian hackers targeted government agencies, academia, and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia, and the UAE as part of a cyber espionage campaign.

March 2021. Chinese government hackers targeted Microsoft’s enterprise email software to steal data from over 30,000 organizations around the world, including government agencies, legislative bodies, law firms, defense contractors, infectious disease researchers, and policy think tanks.

March 2021. Chinese hackers targeted electricity grid operators in India in an apparent attempt to lay the groundwork for possible future attacks.

February 2021. A Portuguese-speaking cyber criminal group accessed computer systems at a division of Oxford University researching COVID-19 vaccines, and are suspected to be selling the data they collected to nation states.

February 2021. North Korean hackers targeted defense firms in more than a dozen countries in an espionage campaign starting in early 2020.

February 2021. Hackers associated with the Chinese military conducted a surveillance campaign against Tibetans both in China and abroad.

February 2021. Russian hackers compromised a Ukrainian government file-sharing system and attempted to disseminate malicious documents that would install malware on computers that downloaded the planted files.

February 2021. Hackers linked to the Chinese government conducted a nearly three-year cyber espionage campaign against human rights advocates in the country by using spyware to infiltrate individuals’ systems, spy on their activity, and exfiltrate data.

February 2021. Ukrainian officials reported that a multi-day distributed denial-of-service attack against the website of the Security Service of Ukraine was part of Russia’s hybrid warfare operations in the country.

February 2021. The US Department of Justice indicted three North Korean hackers for conspiring to steal and extort more than $1.3 billion in cash and cryptocurrencies.

February 2021. Iranian hackers took control of a server in Amsterdam and used it as a command and control center for attacks against political opponents in the Netherlands, Germany, Sweden, and India.

February 2021. North Korean hackers attempted to break into the computer systems of pharmaceutical company Pfizer to gain information about vaccines and treatments for the COVID-19.

February 2021. Suspected Iranian hackers targeted government agencies in the UAE as part of a cyber espionage campaign related to the normalizations of relations with Israel.

February 2021. The French national cybersecurity agency announced that a four-year campaign against French IT providers was the work of a Russian hacking group.

February 2021. Suspected Indian hackers targeted over 150 individuals in Pakistan, Kazakhstan, and India using mobile malware, including those with links to the Pakistan Atomic Energy Commission, the Pakistan Air Force, and election officials in Kashmir.

February 2021. Ten members of a cybercriminal gang were arrested after a campaign where they tricked telecom companies into assigning celebrities’ phone numbers to new devices, stealing more than $100 million worth of cryptocurrencies.

February 2021. Unknown hackers attempted to raise levels of sodium hydroxide in the water supply of Oldsmar, Florida by a factor of 100 by exploiting a remote access system.

February 2021. Two Iranian hacking groups conducted espionage campaigns against Iranian dissidents in sixteen countries in the Middle East, Europe, South Asia, and North America.

January 2021. Hackers linked to Hezbollah breached telecom companies, internet service providers, and hosting providers in the US, UK, Egypt, Israel, Lebanon, Jordan, Saudi Arabia, the UAE, and the Palestinian Authority for intelligence gathering and data theft.

January 2021. North Korean government hackers engaged in a sophisticated social engineering campaign against cybersecurity researchers that used multiple fake twitter accounts and a fake blog to drive targets to infected sites or induce them to open infected attachments in emails asking the target to collaborate on a research project.

January 2021. Suspected Indian hackers active since 2012 were attacked business and governments across South and East Asia, with a particular emphasis on military and government organizations in Pakistan, China, Nepal, and Afghanistan, and businesses involved in defense technology, scientific research, finance, energy, and mining.

January 2021. Unidentified hackers breached one of the data centers of New Zealand’s central bank.

January 2021. Hackers sponsored by the Chinese government were responsible for ransomware attacks against five major gaming and gambling countries, demanding over $100 million in ransom.

December 2020. Iranian state hackers used a Christmas theme for a spear-phishing campaign targeting think tanks, research organizations, academics, journalists, and activists in the Persian Gulf, EU, and US

December 2020. Chinese hackers targeted the Finnish parliament, breaching the email accounts of parliament members and other employees

December 2020. African Union staff found that Chinese hackers had been siphoning off security footage from cameras installed in the AU headquarters

December 2020. One Saudi hacking group, One UAE hacking group, and two unknown government-sponsored hacking groups used spyware purchased from the Israeli vendor NSO Group to hack 36 phones belonging to Al Jazeera employees.

December 2020. Facebook found that two groups of Russians and one group of individuals affiliated with the French military were using fake Facebook accounts to conduct dueling political information operations in Africa.

December 2020. More than 40 Israeli companies had data stolen after Iranian hackers compromised a developer of logistics management software and used their access to exfiltrate data from the firm’s clients

December 2020. Unknown state-sponsored hackers took advantage of territory disputes between China, India, Nepal, and Pakistan to target government and military organizations across South Asia, including the Nepali Army and Ministries of Defense and Foreign Affairs, the Sri Lankan Ministry of Defense, and the Afghan National security Council and Presidential Palace.

December 2020. Facebook announced that its users had been targeted by two hacking campaigns, one originating from state-sponsored Chinese hackers focused on spreading malware, and the other from two non-profit groups in Bangladesh focused on compromising accounts and coordinating the reporting of accounts and pages for removal

December 2020. Chinese hackers targeted government agencies and the National Data Center of Mongolia as part of a phishing campaign

December 2020. Hackers accessed data related to the COVID-19 vaccine being developed by Pfizer during an attack on the European Medicines Agency.

December 2020. Over 200 organizations around the world—including multiple US government agencies—were revealed to have been breached by Russian hackers who compromised the software provider SolarWinds and exploited their access to monitor internal operations and exfiltrate data.

December 2020. A criminal group targeted the Israeli insurance company Shirbit with ransomware, demanding almost $1 million in bitcoin. The hackers published some sensitive personal information after making their demands and threatened to reveal more if they did not receive payment.

December 2020. CISA and the FBI announced that U.S. think tanks focusing on national security and international affairs were being targeted by state-sponsored hacking groups

December 2020. State-sponsored hackers from China  conducted a spear phishing campaign against organizations in six countries involved in providing special temperature-controlled environments to support the COVID-19 supply chain.

November 2020. A Mexican facility owned by Foxconn was hit by a Chinese ransomware attack that the hackers claim resulted in 1,200 servers being encrypted, 20-30 TB of backups being deleted, and 100 GB of encrypted files being stolen.

November 2020. North Korean hackers targeted COVID-19 vaccine developer AstraZeneca by posing as recruiters and sending the company’s employees fake job offers that included malware

November 2020. Chinese hackers targeted Japanese organizations in multiple industry sectors located in multiple regions around the globe, including North America, Europe, Asia, and the Middle East.

November 2020. Suspected Chinese government hackers conducted a cyber espionage campaign from 2018 to 2020 targeting government organizations in Southeast Asia

November 2020. A North Korean hacking group engaged in software supply chain attacks against South Korean internet users by compromising legitimate South Korean security software

November 2020. One Chinese and two North Korean hacking groups launched attacks against seven companies involved in COVID-19 vaccine research

November 2020. A group of hackers for hire launched attacks against a group of targets in South Asia, and particularly India, Bangladesh, and Singapore. These attacks included the use of a custom backdoor and credential theft

November 2020. A group of Vietnamese hackers created and maintained a number of fake websites devoted to news and activism in Southeast Asia that were used to profile users, re-direct to phishing pages, and distribute malware

November 2020. U.S. Cyber Command and the NSA conducted offensive cyber operations against Iran to prevent interference in the upcoming U.S. elections.

November 2020. Hamas used a secret headquarters in Turkey to carry out cyberattacks and counter-intelligence operations

October 2020. The U.S. government announces that Iranian hackers targeted state election websites in order to download voter registration information and conduct a voter intimidation campaign

October 2020. A spokesperson for China’s Foreign Ministry responded to accusations that Chinese state-sponsored hackers were targeting the U.S. defense industrial base by declaring that the United States was an “empire of hacking,” citing 2013 leaks about the NSA’s Prism program.

October 2020. India's National Cyber Security Coordinator announced that Chinese cyber crimes in India cost almost $17 billion in 2019.

October 2020. Iranian hackers targeted attendees of the Munich Security Conference in order to gather intelligence on foreign policy from the compromised individuals

October 2020. The FBI, CISA and U.S. Cyber Command announced that a North Korean hacking group had been conducting a cyber espionage campaign against individual experts, think tanks, and government entities in South Korea, Japan, and the United States with the purpose of collecting intelligence on national security issues related to the Korean peninsula, sanctions, and nuclear policy

October 2020. An Iranian hacking group conducted a phishing campaign against universities in Australia, Canada, the UK, the U.S., the Netherlands, Singapore, Denmark, and Sweden.

October 2020. Suspected Iranian hackers targeted government agencies and telecommunications operators in Iraq, Kuwait, Turkey, and the UAE as part of a cyber espionage campaign

October 2020. The NSA warned that Chinese government hackers were targeting the U.S. defense industrial base as part of a wide-ranging espionage campaign

October 2020. The UK’s National Cyber Security Centre found evidence that Russian military intelligence hackers had been planning a disruptive cyber attack on the later-postponed 2020 Tokyo Olympics.

October 2020. The U.S. indicted six Russian GRU officers for their involvement in hacking incidents including the 2015 and 2016 attacks on Ukrainian critical infrastructure, the 2017 NotPetya ransomware outbreak, election interference in the 2017 French elections, and others.

October 2020. Iran announced that the country’s Ports and Maritime Organization and one other unspecified government agency had come under cyberattack

October 2020. Microsoft and U.S. Cyber Command both independently undertook operations to take down a Russian botnet ahead of the U.S. election.

October 2020. The U.S. Department of Homeland Security revealed that Chinese hackers targeted the U.S. Census Bureau in a possible attempt to collect bulk data, alter registration information, compromise census infrastructure, or conduct DoS attacks

October 2020. U.S. government officials revealed that Chinese hackers were behind a series of attacks on entities in Russia, India, Ukraine, Kazakhstan, Kyrgyzstan, and Malaysia

October 2020. A Chinese group targeted diplomatic entities and NGOs in Africa, Asia, and Europe using advanced malware adapted from code leaked by the Italian hacking tool vendor Hacking Team

October 2020. Iranian hackers exploited a serious Windows vulnerability to target Middle Eastern network technology providers and organizations involved in work with refugees

October 2020. A cyber mercenary group targeted government officials and private organizations in South Asia and the Middle East using a combination of methods including zero-day exploits

October 2020. In the midst of escalating conflict between Armenia and Azerbaijan over the territory of Nagorno-Karabakh, an unknown intelligence service conducted a cyber espionage campaign targeting Azerbaijani government institutions

October 2020. A previously unknown cyber espionage group was found to have been stealing documents from government agencies and corporations in Eastern Europe and the Balkans since 2011.

October 2020. The UN shipping agency the International Maritime Organization (IMO) reported that its website and networks had been disrupted by a sophisticated cyber attack

October 2020. North Korean hackers targeted a ministry of health and a pharmaceutical company involved in COVID-19 research and response

September 2020. American healthcare firm Universal Health Systems sustained a ransomware attack that caused affected hospitals to revert to manual backups, divert ambulances, and reschedule surgeries

September 2020. French shipping company CMA CGM SA saw two of its subsidiaries in Asia hit with a Chinese ransomware attack that caused significant disruptions to IT networks, though did not affect the moving of cargo

September 2020. Chinese hackers stole information related to Covid-19 vaccine development from Spanish research centers

September 2020. The U.S. Department of Justice indicted five Chinese hackers with ties to Chinese intelligence services for attacks on more than 100 organizations across government, IT, social media, academia, and more

September 2020. The FBI and CISA announced that Iranian hackers had been exploiting publicly known vulnerabilities to target U.S. organizations in the IT, government, healthcare, finance, and media sectors.

September 2020. CISA revealed that hackers associated with the Chinese Ministry of State Security had been scanning U.S. government and private networks for over a year in search of networking devices that could be compromised using exploits for recently discovered vulnerabilities

September 2020. Georgian officials announce that COVID-19 research files at a biomedical research facility in Tbilisi was targeted as part of a Chinese cyberespionage campaign

August 2020. A North Korean hacking group targeted 28 UN officials in a spear-phishing campaign, including at least 11 individuals representing six members of the UN Security Council.

August 2020. Hackers for hire suspected of operating on behalf of the Iranian government were found to have been working to gain access to sensitive information held by North American and Israeli entities across a range of sectors, including technology, government, defense, and healthcare.

August 2020. New Zealand’s stock exchange faced several days of disruptions after a severe distributed denial of service attack was launched by Chinese actors

August 2020. U.S. officials announced that North Korean government hackers had been operating a campaign focused on stealing money from ATMs around the world.

August 2020. Taiwan accused Chinese hackers of infiltrating the information systems of at least ten government agencies and 6,000 email accounts to gain access to citizens’ personal data and government information.

August 2020. A Chinese cyber espionage group targeted military and financial organizations across Eastern Europe

August 2020. An Iranian hacking group was found to be targeting major U.S. companies and government agencies by exploiting recently disclosed vulnerabilities in high-end network equipment to create backdoors for other groups to use

August 2020. Pakistan announced that hackers associated with Indian intelligence agencies had targeted the mobile phones of Pakistani government officials and military personnel

August 2020. Seven semiconductor vendors in Taiwan were the victim of a two-year espionage campaign by suspected Chinese state hackers targeting firms’ source code, software development kits, and chip designs.

August 2020. Russian hackers compromised news sites and replaced legitimate articles with falsified posts that used fabricated quotes from military and political officials to discredit NATO among Polish, Lithuanian, and Latvian audiences.

July 2020. Israel announced that two cyber attacks had been carried out against Israeli water infrastructure, though neither were successful

July 2020. Chinese state-sponsored hackers broke into the networks of the Vatican to conduct espionage in the lead-up to negotiations about control over the appointment of bishops and the status of churches in China.

July 2020. Canada, the UK, and the U.S. announced that hackers associated with China intelligence had attempted to steal information related to COVID-19 vaccine development

June 2020. Uyghur and Tibetan mobile users were targeted by a mobile malware campaign originating in China that had been ongoing since 2013

June 2020. The most popular of the tax reporting software platforms China requires foreign companies to download to operate in the country was discovered to contain a backdoor that could allow malicious actors to conduct network reconnaissance or attempt to take remote control of company systems

June 2020. Nine human rights activists in India were targeted as part of a coordinated Chinese spyware campaign that attempted to use malware to log their keystrokes, record audio, and steal credentials

June 2020. The Australian Prime Minister announced that an unnamed state actor had been targeting businesses and government agencies in Australia as part of a large-scale cyber attack.

June 2020. In the midst of escalating tensions between China and India over a border dispute in the Galwan Valley, Indian government agencies and banks reported being targeted by DDoS attacks originating in China

No comments:

Post a Comment

Comments always welcome!