America’s biggest brands are under attack: Apple, Microsoft, Facebook, Amazon, Visa, and many others have been hacked. Nothing is safe. Google? Hacked. Your Peloton bike? Vulnerable. Even your fish tank is suspect.

Here are some of the biggest and more bizarre hacks of the decade, along with the suspects behind the crimes. Don't be surprised to find 'state actors' and the world's most sophisticated intelligence agencies among them.

RANSOMWARE ATTACKS

Sick Kids Hospital, Canada

Ransomware group Lockbit is making headlines for operations including a 2023 attack on Britain’s Royal Mail and a 2022 attack on a Canadian children’s hospital (Lockbit later backtracked saying it blocked the member responsible for the bizarre hospital attack). The US Department of Justice believes LockBit’s ransomware has been used against 1,000 victims worldwide and earned the group $100m.

SUSPECTS: Lockbit are thought to all speak Russian and be based in Russia (although at least one suspected member, Mikhail Vasiliev, is in Canada fighting extradition to the US). Jon DiMaggio, chief security analyst at Analyst1, told Wired that if the Russian government were to get their hooks into Lockbit’s leader, he’d need to either turn over most of his money to them or do work for Putin such as helping with the Ukraine war.
‍

Colonial Pipeline, US

Atlanta-based Colonial Pipeline was hit by a ransomware cyber-attack in May 2021. Colonial took itself offline, disrupting US supplies for days and causing fuel shortages. The Department of Justice later seized most of the ransom paid to hackers - 63.7 Bitcoins then valued at $2.3m, which caused the cryptocurrency to sink temporarily.

SUSPECTS: DarkSide Ransomware Gang, described by the FBI as a ‘Russia-based cybercrime group’, that markets ransomware to criminal gangs who then conduct attacks and share a percentage of the ransom. DarkSide is one of 100 similar gangs the Bureau is investigating as ransomware explodes into a $14bn a year industry. 
‍

JB Meat, US‍

Brazil’s JB Meat, the world’s biggest meat company, paid their ransom in Bitcoin valued at $11m after ransomware shut down its operations in the US, Canada, and Australia in 2021, threatening to disrupt food supply and lead to inflated prices.

SUSPECTS: REvil, aka Sodinokibi. Bloomberg describes REvil as ‘a cybergang with Russian links’. The gang, suspected of being an offshoot of defunct GandCrab, uses ransomware code similar to DarkSide’s software.

SUPPLY CHAIN HACK

SolarWinds

Microsoft President Brad Smith describes the SolarWinds’ attack on 18,000 business and US government agencies as ‘the largest and most sophisticated attack the world has ever seen’. Cyber-attackers buried malicious code in SolarWinds’ software in 2019. When the Texas company sent software updates, it unwittingly delivered the hacked code to its clients, letting criminals access their business intelligence, nuclear secrets, and more. Microsoft, Mastercard, Visa, Lockheed Martin, and most Fortune 500 are SolarWinds’ clients. 

SUSPECTS: Russian hackers nicknamed APT29 or Cozy Bear, believed to be part of Moscow’s foreign intelligence service. Russia denies any involvement. 
‍

MOVEit file transfer software and the ciOP gang‍

A supply chain cyber attacks target a trusted third-party vendor who sells services or software vital to the supply chain. In the case of Clop (ciOP), the gang is accused of inserting malware into MOVEit file transfer software used by 1,700 organizations worldwide. Big-name victims revealed in 2023 include organizations as diverse as the BBC, Irish airline Aer Lingus, the Nova Scotia government, drugstore chain Boots, and the University of Rochester, New York

SUSPECTS - The Clop gang is thought to be a Russian-language cybercriminal gang associated with cybercriminal groups FIN11 - part of the larger financially-motivated TA505 group - and UNC2546.
‍

MALWARE ATTACKS

Sony Pictures

‍Sony Pictures was attacked with a variant of the Shamoon malware in 2014 which can erase a computer’s infrastructure. Hackers leaked personal information about staff, employee emails, executive salary info, film scripts, then-unreleased Sony films, and plans for future movies. Hackers also demanded Sony withdraw The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks.

SUSPECTS: Three North Korean military programmers were indicted in 2021 for the Sony hack and broader plans to extort more than $1.3bn in cash and cryptocurrency from financial institutions and companies. North Korea denies any responsibility.
‍

Saudi Aramco‍

Oil giant Saudi Aramco was also crippled by a cyber warfare attack linked to Shamoon malware in 2012. At the time it was the biggest hack in history. Within hours, more than 30,000 computers were destroyed or partially wiped. Gasoline tank trucks lining up for refills had to be turned away because there was no way to pay. Ten percent of the world's oil was suddenly at risk.

SUSPECTS: Iran’s Cutting Sword of Justice claimed responsibility. They are suspected of getting help from insiders.
‍

Stuxnet‍

The malicious computer worm Stuxnet was uncovered in 2010. Stuxnet targets supervisory control and data acquisition systems. First, it focused on Microsoft Windows machines and networks, then Siemens Step7 software used to program industrial control systems that operate equipment, such as centrifuges. It is also believed to be responsible for causing substantial damage to Iran’s nuclear program.

SUSPECTS: Intelligence agencies, possibly in the US and/or Israel. Symantec computer experts Liam O'Murchu and Eric Chien, the first team to investigate Stuxnet, told SPYSCAPE that Stuxnet was likely created by a government.

‍

ZERO-DAYS

Microsoft Exchange Servers‍

A global wave of cyberattacks and data breaches began in January 2021 when four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers access to user emails and passwords, administrator privileges, and access to connected devices on the network. The vulnerabilities could be used to deploy ransomware and data theft in the US and Europe. The European Banking Authority’s email servers were compromised as part of the Microsoft attack.

SUSPECTS: Hafnium, a Chinese state-sponsored hacking group that historically has targeted US defense contractors and other industry sectors, China denies any involvement. 

DATA HACKS

Sol Oriens

US nuclear weapons contractor Sol Oriens was targeted by a cyberattack in 2021, losing company intel and employee data. Sol Oriens describes itself as helping the ‘Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs’.

SUSPECT: REvil, suspected in the JB Meat attack, claimed to be selling four terabytes of Sol Oriens' data in an online auction. 

CYBERATTACK

Travel industry

India’s flagship carrier Air India is the latest carrier to be hit by a massive cyberattack in 2021 which jeopardized the data of 4.5m passengers, including passport and credit card info. It may be part of a bigger campaign to snoop on the airline industry. Global aviation IT giant SITA, based in Geneva, which serves Air India, United, Singapore Airlines, and Lufthansa, was hacked in early 2021.

SUSPECTS: Some finger APT41, the Chinese gang indicted in the US in 2020 for hacking tech and gaming companies. Cybersecurity company Group-IB claims with ‘moderate’ confidence, that APT41 is behind the Air India breach.