Skip to content

Incidents by attack type:

Espionage

EspionageContained

UNC6508 PRC-nexus medical & defense research espionage campaign

Google's Threat Intelligence Group disclosed that PRC-nexus actor UNC6508 spent more than a year inside U.S. and Canadian medical, academic and military-health research environments, compromising legacy REDCap servers, deploying custom INFINITERED malware and abusing Google Workspace email compliance rules to silently exfiltrate research and defense data.

Victim
U.S. and Canadian medical, academic and military-health research institutions
EspionageResolved

Czech Ministry of Foreign Affairs APT31 cyber-espionage

The Czech government publicly attributed a years-long cyber-espionage campaign against an unclassified network of its Ministry of Foreign Affairs to APT31, a group linked to China's Ministry of State Security. The intrusion, active since at least 2022, targeted designated critical national infrastructure.

Victim
Czech Ministry of Foreign Affairs
EspionageContained

Salt Typhoon US telecom espionage campaign (2024)

China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

Victim
U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
EspionageContained

Microsoft Storm-0558 signing-key theft and US government email access (2023)

China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations — including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.

Victim
Microsoft customers (US State Department, Department of Commerce, ~25 organisations)
EspionageResolved

Greek Predatorgate surveillance scandal

Greece's 'Predatorgate' wiretapping scandal exposed the use of Intellexa/Cytrox's Predator spyware and parallel legal surveillance against journalists, politicians and officials, toppling intelligence chiefs and ending in landmark 2026 convictions.

Victim
Greek journalists, politicians and state officials
EspionageResolved

Austrian Foreign Ministry state-sponsored cyberattack

A sophisticated, weeks-long intrusion hit Austria's Foreign Ministry over the 2020 New Year, attributed by Austrian media to the Russia-linked Turla APT. The ministry, which runs around 100 diplomatic missions, fought a prolonged espionage operation before declaring its systems cleaned.

Victim
Austrian Federal Ministry for European and International Affairs (BMEIA)
EspionageResolved

Australian National University data breach

A sophisticated, likely state-sponsored actor breached the Australian National University's administrative systems in late 2018, exfiltrating up to 19 years of staff and student records in an intrusion praised by ANU's own report for its extraordinary operational security.

Victim
Australian National University
Records
200.0K
EspionageResolved

Marriott / Starwood guest data breach

Chinese state-attributed operators sat undetected on Starwood's guest reservation database from 2014, surviving Marriott's 2016 acquisition. Disclosed 2018: 500 million guest records exposed, including 5.25 million unencrypted passport numbers.

Victim
Marriott International / Starwood Hotels & Resorts
Loss
$200.0M
Records
500.0M
EspionageContained

SingHealth data breach

Chinese state-attributed actors exfiltrated personal and outpatient medication records on 1.5 million SingHealth patients — including Prime Minister Lee Hsien Loong — in Singapore's most serious cyber incident.

Victim
Singapore Health Services (SingHealth)
Loss
$7.5M
Records
1.5M
EspionageResolved

Dark Caracal global mobile espionage campaign

A multi-year cyber-espionage campaign tied to the Lebanese General Directorate of General Security (GDGS) stole hundreds of gigabytes of data from thousands of victims across 21+ countries using trojanized Android apps and desktop malware.

Victim
Activists, journalists, lawyers, military and government targets (21+ countries)
EspionageResolved

Qatar News Agency hack

Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.

Victim
Qatar News Agency (QNA)
EspionageResolved

MINDEF I-net breach

A targeted intrusion into Singapore's Ministry of Defence I-net web-surfing system stole the NRIC numbers, phone numbers and birth dates of 850 national servicemen and staff in the country's first publicly disclosed breach of a government defence network.

Victim
Singapore Ministry of Defence (MINDEF)
Records
850
EspionageResolved

Democratic National Committee hack

Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.

Victim
Democratic National Committee + Clinton campaign + DCCC
Loss
$50.0M
Records
50.0K
EspionageContained

Ukraine power grid attack — Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim
Ukrainian regional electricity distribution companies (Oblenergos)
EspionageResolved

German Bundestag intrusion (APT28)

Russian GRU Unit 26165 (APT28 / Fancy Bear) compromised the Bundestag's parliamentary network, exfiltrating ~16 GB of data including emails from Chancellor Merkel's parliamentary office. Forced a full Bundestag IT estate rebuild.

Victim
Deutscher Bundestag (German federal parliament)
Loss
$22.0M
EspionageResolved

German steel mill cyberattack

Attackers used spear-phishing to pivot from a German steel mill's office network into its production network, manipulating industrial controls so a blast furnace could not be shut down properly and suffered massive physical damage.

Victim
Unnamed German steel mill
EspionageResolved

Gauss banking-espionage malware against Lebanese banks

Gauss, a nation-state cyber-surveillance toolkit related to Flame and Stuxnet, infected over 2,500 systems — most heavily in Lebanon — and was the first publicly known state-sponsored malware engineered to steal online-banking credentials from specific Lebanese banks.

Victim
Lebanese banks (Bank of Beirut, Byblos Bank, Fransabank, BlomBank, Credit Libanais) and their customers
EspionageResolved

RSA SecurID seed compromise

A spear-phishing email carrying a Flash zero-day gave attackers a foothold inside RSA, from which they exfiltrated data tied to the SecurID two-factor authentication system — data later used in an intrusion attempt against Lockheed Martin.

Victim
RSA Security (EMC)
Loss
$66.0M