Hacking news

History and news

Notable events

2023/09/12: China-linked hackers breached a power grid (again)

The target country is unnamed - the same group also stole pandemic relief funds from the US government

2023/04/13: Tal Dilian

Tal Dilian, mercenary spyware entrepreneur, launched a seven month campaign to influence search engine results to attempt to reconstruct his public image (Solomon)

2023/01/03: Frontline Documentary "Global Spyware Scandal: Exposing Pegasus"

Link
In 2020, the journalism nonprofit Forbidden Stories and Amnesty International gained access to a leaked list of more than 50,000 phone numbers. They suspected it contained numbers selected for potential surveillance with Pegasus. The Pegasus Project reporting consortium — which was led by Forbidden Stories and included 16 other media organizations, FRONTLINE among them — found that the spyware had been used on journalists, human rights activists, the wife and fiancée of the murdered Saudi columnist Jamal Khashoggi, and others.

2022/10/17: Cybercrime predicted to cost $8 trillion in 2023

Steve Morgan of Cybercrime Magazine writes, "Cybercrime is predicted to cost the world $8 trillion USD in 2023, according to Cybersecurity Ventures. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China."

2022/04/25: Spanish police caught spying on politicians, activists, and journalists using Pegasus spyware

Citizen Lab researchers reveal the presence of Pegasus spyware on the phones of 65 activists, politicians, and civil society groups in Catalonia. The Catalan parliament, located in a historical citadel in Barcelona, symbolizes the region's long history of oppression and its contemporary push for independence. In 2017, amid preparations for an independence referendum deemed unconstitutional by Spain, Spanish police arrested separatist leaders and violently disrupted the vote. Recently, Jordi Solé, a pro-independence MEP, discovered his phone was infected with Pegasus spyware, developed by Israel's NSO Group. This spyware has been used extensively against Catalan politicians, activists, and journalists, leading to widespread surveillance fears. NSO Group, involved in numerous international controversies, faces significant legal and financial challenges, including lawsuits and sanctions. Despite these issues, NSO and similar Israeli firms continue to influence global surveillance practices, often navigating around regulatory oversight.

2022/04/21: North Korean state hackers steal $620 million from Axie Infinity, a cryptocurrency-based game, largest known theft in history

The North Korean military has a group called the Reconnaissance General Bureau, where thousands of hackers are trained and tasked with completing military objectives and have a long history of hacking for financial gain.

Axie Infinity is a game designed with a novel strategy around player owned in-game assets using blockchain. Hackers took control of five out of nine of the servers which verified the ledger, allowing them control of the flow of currency.

2021/04/26 Government agencies circumvent federal laws and Supreme Court rulings on privacy by purchasing data about us from data vendors

Three years ago, the Supreme Court's decision in Carpenter v. United States seemed to strengthen Americans' digital privacy by requiring a warrant for the government to compel companies to turn over sensitive location data. However, government agencies have circumvented this by purchasing data from brokers who collect it via cellphone apps. This practice, enabled by outdated privacy laws, bypasses Fourth Amendment protections and allows for extensive surveillance without judicial oversight. Sens. Ron Wyden and Rand Paul have introduced the "Fourth Amendment Is Not For Sale Act" to address this loophole, but more comprehensive privacy reforms are necessary to protect against government overreach in the digital age.

2021/03/12: Tal Dilian's Predator Spyware

The US and Israeli Ministry of Public Security imposed sanctions on the Israeli spyware company NSO, leading to a decline in its operations. Surprisingly, the restrictions benefited Tal Dilian, a former Israeli military intelligence officer, who founded the spyware company Intelexa. Intelexa developed Predator spyware, which Dilian sold to countries without Israeli export permits, such as Bangladesh, Sudan, and Ukraine. This was unlike other Israeli cyber companies, which are regulated by the Ministry of Defence. The Predator spyware notably hacked Greek journalist Thanasis Koukakis' phone and unsuccessfully attempted to hack Greek opposition leader Nikos Androulakis' phone, causing a major scandal. Predator was also found to have targeted Egyptian dissidents. Investigations by the European Parliament revealed Predator's Israeli origins, although no evidence linked NSO's Pegasus spyware to the Spanish spying scandal. Amid these developments, former Verint official Sam Rabin joined Intelexa, which employs many ex-Israeli intelligence personnel.
Tal Dilian's Predator spyware rivals NSO's Pegasus (Middle East Monitor, Sept 2022)

2020 Solar Winds

Video

2019: Tal Dilian interview

Tal Dilian [gives Forbes an interview](https://www.youtube.com/watch?v=Tl3mpywMYFA) showing off his $9 surveillance van that can intercept cell phone data, location info, etc. Dilian is a former member of the Israeli military cybersecurity Unit 81, now infamous entrepreneur selling **"mercenary spyware"** called Predator to governments (and who knows who else)

2019/01/30: Project Raven: Ex-NSA operatives reveal how they helped spy on dissidents, rival leaders, and journals for the Arab monarchy (DarkMatter)

More than a dozen former US intelligence operatives were recruited to go to the UAE to live and carry out sophisticated cyber-operations, including hack into the phones of the Emiratis' enemies. They were employed by DarkMatter, a company that acted as an arm of the Emirati government. Three admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments (court record).

2018/04/04: Billion-dollar Hacking Group behind a string of big breaches

Fin7 (aka Carbanak), a Russian criminal advanced persistent threat, has pulled off data heists in the past few years. Saks Fifth Ave, Lord & Taylor dept stores, Omni Hotels, Trump Hotels, Jason's Deli, Whole Foods, and Chipotle are all victims. (Wired)

2017/06/27: NotPetya

NotPetya has been called the most devastating cyberattack in history. In Andy Greenberg's book Sandworm, he recounts the White House's assessment estimating the total damages NotPetya brought about to be more than $10 billion. It was a modified version of the Petya ransomware, which had first been discovered the previous year. Both used the EternalBlue, a Windows exploit that was famously developed by the NSA and subsequently leaked into the public.

Andy Greenberg wrote, "In the process, Sandworm would demonstrate as never before that highly sophisticated state sponsored hackers with the motivations of a military sabotage unit can attack across any distance to undermine the foundations of human life hitting interlocked, interdependent systems with unpredictable, disastrous consequences."

The infected computer's files were encrypted and a message demanded payment of $300 made in Bitcoin. Despite it acting like ransomware, researchers believe this was not intended to be profit-generating but to damage devices quickly and copycat the media attention of WannaCry.

The radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant went offline. Several Ukrainian ministries, banks and metro systems were also affected. Those affected also included British advertising company WPP, Maersk Line (an interruption which cost an estimated $200 - 300 million in lost revenues), American pharmaceutical company Merck & Co., Russian oil company Rosneft, multinational law firm DLA Piper, French construction company Saint-Gobain and its retail and subsidiary outlets in Estonia, British consumer goods company Reckitt Benckiser, German personal care company Beiersdorf, German logistics company DHL, United States food company Mondelez International, and American hospital operator Heritage Valley Health System.

Princeton Community Hospital in rural West Virginia scrapped and replaced its entire computer network on its path to recovery. The business impact on FedEx is estimated to be $400m in 2018, according to the company's 2019 annual report.

Mondelez International's insurance carrier, Zurich American Insurance Company, has refused to pay out a claim for cleaning up damage from a NotPetya infection, on the grounds that NotPetya is an "act of war" that is not covered by the policy. Mondelez sued Zurich American for $100 million in 2018; the suit was settled in 2022 with the terms of the settlement remaining confidential.

2017/05/12: WannaCry ransomware attack

The WannaCry attack was a massive ransomware cyberattack that hit institutions across the globe ranging all the way from the NHS in Britain, to Boeing, and even to Universities in China on the 12th of May, 2017. The attack lasted 7 hours and 19 minutes. Europol estimates it affected nearly 200,000 computers in 150 countries, primarily affecting Russia, India, Ukraine, and Taiwan. It was allegedly caused by the North Korean state sponsored hacker group, The Lazarus Group , however not proven. The ransomware used the recently leaked EternalBlue exploit developed by the NSA (see below).

2017/04/14: EternalBlue leaked by the Shadow Brokers

Podcast episode about it
A hacker group calling themselves The Shadow Brokers appeared and began publishing hacking tools, including several zero-day exploits, which originated from the Equation Group. The exploits targeted enterprise firewalls, antivirus software, and Microsoft products.

Initially, they released just some, asking for money for the rest of the tools. When no one paid, they leaked more. Eventually, releasing EternalBlue, a Windows zero-day exploit.

2017/02 - CIA's hacking tools, Vault 7, were leaked by WikiLeaks

The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks.

2016/02/4: North Korean hackers attempt to steal $1 billion from the Bangladesh Bank

Bangladesh Bank cyber heist, was a theft that took place in February 2016. Thirty-five fraudulent instructions were issued by security hackers via the SWIFT network to illegally transfer close to US$1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, the central bank of Bangladesh. Five of the thirty-five fraudulent instructions were successful in transferring US$101 million, with US$20 million traced to Sri Lanka and US$81 million to the Philippines. The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to US$850 million, due to suspicions raised by a misspelled instruction.

2015/12/23: Sandworm hacked Ukraine's power grid, first of it's kind

The power grid in two western oblasts of Ukraine was hacked, resulting in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. This was during the ongoing Russo-Ukrainian War (2014-present). This was the first known successful cyberattack on a power grid.

2014: Operation Shotgiant

Operation Shotgiant was a covert NSA operation aimed at hacking into the servers of the Chinese telecommunications company Huawei to gather intelligence and monitor communications, particularly to investigate any links between Huawei and the Chinese military. This operation was revealed through documents leaked by Edward Snowden, highlighting the extent of U.S. surveillance efforts against foreign companies. The operation was performed by Tailored Access Operations (TAO).

2014: Carbanak

Hackers in Eastern Europe stole l to$1.5 billion from more than 100 financial institutions in a string of attacks that borrow heavily from targeted attacks against sensitive government and industrial targets. This sparked an international manhunt.

2010: Stuxnet

The Stuxnet worm was uncovered, which is believed to be responsible for causing substantial damage to the nuclear program of Iran. This was later learned to be a joint program between the United States and Israel called Operation Olympic Games. This is believed to be the first known cyber weapon that caused real world damage.

Footnotes