America’s biggest brands are under attack: Apple, Microsoft, Facebook, Amazon, Visa, and many others have been hacked. Nothing is safe. Google? Hacked. Your Peloton bike? Vulnerable. Even your fish tank is suspect.
Here are some of the biggest and more bizarre hacks of the decade, along with the suspects behind the crimes. Don't be surprised to find 'state actors' and the world's most sophisticated intelligence agencies among them.
Sick Kids Hospital, Canada
Ransomware group Lockbit is making headlines for operations including a 2023 attack on Britain’s Royal Mail and a 2022 attack on a Canadian children’s hospital (Lockbit later backtracked saying it blocked the member responsible for the bizarre hospital attack). The US Department of Justice believes LockBit’s ransomware has been used against 1,000 victims worldwide and earned the group $100m.
SUSPECTS: Lockbit are thought to all speak Russian and be based in Russia (although at least one suspected member, Mikhail Vasiliev, is in Canada fighting extradition to the US). Jon DiMaggio, chief security analyst at Analyst1, told Wired that if the Russian government were to get their hooks into Lockbit’s leader, he’d need to either turn over most of his money to them or do work for Putin such as helping with the Ukraine war.
Colonial Pipeline, US
Atlanta-based Colonial Pipeline was hit by a ransomware cyber-attack in May 2021. Colonial took itself offline, disrupting US supplies for days and causing fuel shortages. The Department of Justice later seized most of the ransom paid to hackers - 63.7 Bitcoins then valued at $2.3m, which caused the cryptocurrency to sink temporarily.
SUSPECTS: DarkSide Ransomware Gang, described by the FBI as a ‘Russia-based cybercrime group’, that markets ransomware to criminal gangs who then conduct attacks and share a percentage of the ransom. DarkSide is one of 100 similar gangs the Bureau is investigating as ransomware explodes into a $14bn a year industry.
JB Meat, US
Brazil’s JB Meat, the world’s biggest meat company, paid their ransom in Bitcoin valued at $11m after ransomware shut down its operations in the US, Canada, and Australia in 2021, threatening to disrupt food supply and lead to inflated prices.
SUSPECTS: REvil, aka Sodinokibi. Bloomberg describes REvil as ‘a cybergang with Russian links’. The gang, suspected of being an offshoot of defunct GandCrab, uses ransomware code similar to DarkSide’s software.
SUPPLY CHAIN HACK
Microsoft President Brad Smith describes the SolarWinds’ attack on 18,000 business and US government agencies as ‘the largest and most sophisticated attack the world has ever seen’. Cyber-attackers buried malicious code in SolarWinds’ software in 2019. When the Texas company sent software updates, it unwittingly delivered the hacked code to its clients, letting criminals access their business intelligence, nuclear secrets, and more. Microsoft, Mastercard, Visa, Lockheed Martin, and most Fortune 500 are SolarWinds’ clients.
MOVEit file transfer software and the ciOP gang
A supply chain cyber attacks target a trusted third-party vendor who sells services or software vital to the supply chain. In the case of Clop (ciOP), the gang is accused of inserting malware into MOVEit file transfer software used by 1,700 organizations worldwide. Big-name victims revealed in 2023 include organizations as diverse as the BBC, Irish airline Aer Lingus, the Nova Scotia government, drugstore chain Boots, and the University of Rochester, New York
SUSPECTS - The Clop gang is thought to be a Russian-language cybercriminal gang associated with cybercriminal groups FIN11 - part of the larger financially-motivated TA505 group - and UNC2546.
Sony Pictures was attacked with a variant of the Shamoon malware in 2014 which can erase a computer’s infrastructure. Hackers leaked personal information about staff, employee emails, executive salary info, film scripts, then-unreleased Sony films, and plans for future movies. Hackers also demanded Sony withdraw The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks.
SUSPECTS: Three North Korean military programmers were indicted in 2021 for the Sony hack and broader plans to extort more than $1.3bn in cash and cryptocurrency from financial institutions and companies. North Korea denies any responsibility.
Oil giant Saudi Aramco was also crippled by a cyber warfare attack linked to Shamoon malware in 2012. At the time it was the biggest hack in history. Within hours, more than 30,000 computers were destroyed or partially wiped. Gasoline tank trucks lining up for refills had to be turned away because there was no way to pay. Ten percent of the world's oil was suddenly at risk.
The malicious computer worm Stuxnet was uncovered in 2010. Stuxnet targets supervisory control and data acquisition systems. First, it focused on Microsoft Windows machines and networks, then Siemens Step7 software used to program industrial control systems that operate equipment, such as centrifuges. It is also believed to be responsible for causing substantial damage to Iran’s nuclear program.
SUSPECTS: Intelligence agencies, possibly in the US and/or Israel. Symantec computer experts Liam O'Murchu and Eric Chien, the first team to investigate Stuxnet, told SPYSCAPE that Stuxnet was likely created by a government.