Hacking attacks list

Since , Russian operators hacked the social media accounts of government officials and news websites, with the goal of creating distrust in U. Some experts have stipulated the hackers have ties to Iran, but no link has been confirmed. The Lithuanian Defense Ministry found hidden features in popular 5G smartphone models manufactured in China, according to its state-run cybersecurity body.

The module embedded in the phones detects and censors keywords or groups of keywords that are counter to the message of the Chinese government. The actor responsible is still unknown, but the cyberattack led to the government extending voting by two days. The U. Department of Justice sentenced Ghaleb Alaumary to more than 11 years in prison for aiding North Korean cybercriminals in money laundering.

His assistance included ATM cash-out operations, cyber-enabled bank heists, and business email compromise BEC schemes. These attacks targeted banks, professional soccer clubs, and other unnamed companies in the U.

A cyberattack against the United Nations occurred in April , targeting users within the UN network to further long-term intelligence gathering. The hacker was able to access their networks through stolen user credentials purchased on the dark web. The Norwegian Government stated a series of cyberattacks against private and state IT infrastructure came from bad actors sponsored by and operating from China.

Researchers and cybersecurity experts revealed a mobile espionage campaign against the Kurdish ethnic group. Hackers targeted individuals on Facebook, persuading them to download apps that contain Android backdoors utilized for espionage. In April , Chinese bots swarmed the networks of the Australian government days after Australia called for an independent international probe into the origins of the coronavirus.

These bots looked for potential vulnerabilities on the network to exploit in future cyberattacks. August A cyberattack on the government of Belarus compromised dozens of police and interior ministry databases. A hacking group targeted a high-profile Iranian prison, uncovering documents, videos, and images that display ed the violent treatment of its prisoners.

The group claims to be hacktivists demanding the release of political prisoners. Hacks initially attributed to Iran in and were found to be conducted by Chinese operatives. A cyberattack on the Covid vaccine-scheduling website for the Italian region of Lazio forced the website to temporarily shut down.

New vaccination appointments were unable to be scheduled for several days after the attack. Various Chinese cyber-espionage groups are responsible for the hacks of at least five major Southeast Asian telecommunication providers beginning in The attacks were carried out by three different hacking groups and are seemingly unlinked despite all groups having a connection to Chinese espionage efforts.

July Estonia stated a Tallinn-based hacker downloaded , ID photos from government database, exp osing a vulnerability in a platform managed by their Information System Authority RIA.

A cyberattack gained access to 1 terabyte of data from the Saudi Arabian Oil Company through a zero-day exploitation. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. R esearchers found a total of victims in Myanmar and 1, in the Philippines, including many government entities.

The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese governme nt for a seri es of malicious cyber activities.

They attributed responsibility to China for the Microsoft Exchange hack from early and the compromise of more than , servers worldwide.

Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating system s, on devices belonging to activists, politicians, and journalists. The FBI and the U. Cybersecurity and Infrastructure Security Agency CISA released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between and The campaign targeted oil and natural gas pipeline companies in the United States.

The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites. The Russian defense ministry claim ed it was hit with a DDoS attack that caused its website to shut down , stating the attack came from outside the Russian Federation. Norway attributed a March cyberattack on parliament's e-mail system to China.

The attack caused delays and cancellations of hundreds of trains across Iran. June A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists.

The campaign aimed to advance political unrest and distrust in Israel. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.

The majority of the customers targeted were U. The faked data positioned the two warships at the entrance of a major Russian naval base. Although Spring held hopeful news for the end of the pandemic, the increased trend of cyber attacks that began in showed no signs of slowing down. Another high-profile ransomware attack took place this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is thought to be behind the attack.

Although there weren't any major food shortages as a result of the attack, government officials told consumers not to panic buy meat in response. This massive payment in bitcoin is one of the largest ransomware payments of all time. CBS News. After the firm refused negotiations with the hacker group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive documents and data.

By May, REvil seemed to have called off the attack. Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. In mid-April of this year, the hacker group Babuk claimed to have stolen GB of confidential data concerning the Houston Rockets.

Babuk warned that these confidential documents, including financial info and contracts, would be made public if their demands were not met. As of this posting, no ransom payments have been made. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique and somewhat ironic attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data.

Earlier this year in March, another large insurance firm fell victim to a ransomware attack. The attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware called Phoenix CryptoLocker. CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices.

However, CDProjekt refused to pay the ransom money, and has backups in place to restore the lost data. While not a name commonly known by consumers, Kaseya manages IT infrastructure for major companies worldwide. Similar to the attacks on Colonial Pipeline and JBS Foods, this hack had the potential to disrupt key areas of the economy on a large scale.

According to REvil, one million systems were encrypted and held for ransom. According to Kayesa, around 50 of their clients and around businesses in total were impacted. To illustrate the impact of the cyber attack, Coop, a Swedish supermarket chain, was forced to close stores for a full week.

Fortunately, no ransom was paid and Kaseya was able to restore the IT infrastructure of its clients. Although it started out as one of the biggest ransomware attacks of the year, the situation was salvaged in the end. Its color-coding features help users to easily identify the nature of the packets being circulated. Preparing for the CEH Exam? Learn to crack the CEH Exam in your first attempt.

Social engineering is the process of obtaining information, data, or login credentials of an individual or organization through software technologies. The methods in the process usually involve psychologically manipulating or tricking people into divulging confidential information. In hacking programs, Social Engineering Toolkit or SET is a collection of tools and utilities to perform the activities that come under social engineering.

For instance, SET provides a phishing utility among several other options. Phishing involves tricking an individual to log in to a dummy website by entering credentials in a plain text format without encryption. Once the attacker gets access to the login ID and password, the victim is redirected to the actual website to avoid any suspicion. This attack is especially dangerous in the case of banking websites, secure data repositories, or private social media accounts.

Denial-of-service is a category of cyberattacks where the target website is clogged with so many requests simultaneously that the server becomes overloaded. For instance, if this happens to an e-commerce site, the DoS attack will prevent users from being able to log in or conduct business with the site.

Since this inconvenient slow down or stoppage of services, due to crashing or reboot, is equivalent to users getting a denial of service, this particular attack is called denial-of-service attack. It can perform attacks on up to URLs at the same time.

Trying to become a Successful Hacker, our guide, Ethical Hacker , will come in handy for you. For example, whenever somebody logs into their bank account online, session tokens and keys are generated for that particular session.

OWASP ZAP or Zed Attack Proxy is an open-source web application security scanner that is used to test whether the web applications that have been deployed or have to be deployed are secure or not. It is a very popular penetration testing tool in the security industry. It has built-in features that include Ajax or traditional web crawler along with automated scanner, passive scanner, and utilities for Fuzzer, forced browsing, WebSocket support, scripting languages, and Plug-n-Hack support.

SQL injection is the process of manipulating the SQL database of a web application into revealing or altering its values. This is partly possible because to extract values from SQL databases, you have to run queries on tables. If there are no countermeasures enacted against this, it becomes quite easy for the attacker to be able to inject malicious queries into your database.

It is an open-source penetration testing tool that is used to detect the presence of vulnerabilities to SQL injection attacks. It also has support for a vast array of SQL-based databases.

It supports deconstructing password hashes through dictionary attacks. Wi-Fi networks are usually secured with passwords. This is to ensure that no unknown device is able to connect to the network without entering the correct key phrase.

Aircrack-ng is a decryption software that aims to assess the network security of a Wi-Fi network by evaluating the vulnerabilities of the passwords that are used to secure it. Passwords with low-to-medium complexity can easily be cracked via this software or Linux utility.

Enroll in our Cybersecurity Course and gain valuable skills and competencies by deploying distinct information security structures for companies. Kiuwan is among the most used Ethical Hacking tools in software development. Upon finding the parts of the code that could potentially make the software unsecure in practice, the development team can patch it up after finding out the workarounds or alternatives for it.

Netsparker detects security flaws, such as SQL injection vulnerabilities and cross-site scripting, in web applications and APIs. The main advantage of Netsparker is that it is percent accurate with its results, eliminating the chances of false positives.

During security assessments, this helps a tester to avoid manually testing cases to verify whether those flaws actually exist or not. Nikto is an open-source tool that is used to scan web servers to detect vulnerabilities.

It detects dangerous files, outdated server components, etc. Nikto is primarily used as a penetration testing tool. Burp Suite is an advanced web vulnerability scanner with three versions, Community free , Enterprise, and Professional.

You only get access to the manual tools with the Community edition, but with the paid versions, you get access to a higher number of features.

John the Ripper is one of the best password-cracking utilities in the market. It gives you tons of customization options according to the approach that you want to go with for the cracking job. The primary job of John the Ripper is to test the strength of an encrypted password.