Incidents by attack type:
The Iranian state-linked group Handala compromised Stryker's Microsoft Intune administrator account and used the endpoint-management tool to wipe more than 200,000 servers, mobile devices, and corporate endpoints across 79 countries โ bringing operations at one of the world's largest medical-device makers to a halt.
Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.
One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.
A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage โ the most economically destructive cyberattack in history.
A North Korean wiper attack tied to the release of 'The Interview' destroyed roughly half of Sony Pictures' IT estate and leaked terabytes of internal documents, emails, and unreleased films.
Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.
U.S. and Israeli intelligence services jointly developed and deployed Stuxnet โ the first widely-known cyber weapon to cause physical damage. The worm targeted Iran's Natanz uranium enrichment facility and destroyed approximately 1,000 IR-1 centrifuges over 2009โ2010.