[ { "ID": 2, "name": "Azerbaijani hackers took down and defaced Armenian state TV and other webpages in January/February 2000", "description": "After an ethnic Armenian in California launched Aliyev.com, a site that disseminated \"black propaganda\" about the former Azerbaijani President Heydar Aliyev, in January/February 2000, Azerbaijani hackers took down and defaced webpages of the Armenian state TV and webpages with information about the Turkish massacre against ethnic Armenians in World War I. ", "added_to_DB": "2022-08-15", "start_date": "2000-01-01", "end_date": "Not available", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "2_0", "receiver_name": "Not available", "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system", "Media", "Other" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Azerbaijan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17416, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Azerbaijan" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Azerbaijan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Autonomy", "Territory", "Resources" ], "offline_conflict_issue": [ "Autonomy", "Territory", "Resources" ], "offline_conflict_issue_subcode": [ "Armenia - Azerbaijan", "Armenia - Azerbaijan", "Armenia - Azerbaijan" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://eurasianet.org/nagorno-karabakh-dispute-takes-to-cyber-space" ], "sources_attribution": [ "Not available" ] }, { "ID": 3, "name": "Armenian hacktivists target Azerbaijani webpages as part of a tit-for-tat between the nation`s hacktivists in February 2000", "description": "In response to previous DDoS-operations against Armenian websites in January/February 2000, an Armenian hacker group called Liazor took down the webpages of many Azerbaijani users, humanitarian organization and newspapers as a revenge act.", "added_to_DB": "2022-08-15", "start_date": "2000-02-01", "end_date": "Not available", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "3_0", "receiver_name": "Not available", "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] } ], "initiator_name": [ "Liazor" ], "initiator_country": [ "Armenia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17417, "settled": true, "attribution_year": 2000, "attribution_month": 2, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Armenia" ], "attributing_actor": [ "Liazor" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Liazor" ], "attributed_initiator_country": [ "Armenia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "2000-2" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Autonomy", "Territory", "Resources" ], "offline_conflict_issue": [ "Autonomy", "Territory", "Resources" ], "offline_conflict_issue_subcode": [ "Armenia - Azerbaijan", "Armenia - Azerbaijan", "Armenia - Azerbaijan" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 4, "name": "Chinese hacktivists targeted Taiwanese government websites after Taiwanese elections in May 2000", "description": "Chinese hackers succeeded in attacking several Taiwanese government websites after Mr Chen was sworn in as the new Taiwanese President on May 20, 2000.", "added_to_DB": "2022-08-15", "start_date": "2000-05-20", "end_date": "2000-05-20", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "4_0", "receiver_name": "Not available", "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17418, "settled": true, "attribution_year": 2000, "attribution_month": 5, "attribution_day": 20, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "China" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "2000-5-20" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.hartford-hwp.com/archives/55/105.html", "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf" ], "sources_attribution": [ "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf" ] }, { "ID": 5, "name": "Honker Union of China defaced US government and corporate websites in April 2001", "description": "After the collision of an American spy plane and a Chinese jet, Chinese hacker group \"Honkers Union of China\" targeted more than 80 government and corporate websites in the United States in April 2001 with defacement operations, according to the British computer security firm Mi2g.", "added_to_DB": "2022-08-15", "start_date": "2001-04-01", "end_date": "Not available", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "5_0", "receiver_name": "Not available", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Honker Union of China" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17421, "settled": true, "attribution_year": 2001, "attribution_month": 4, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "China" ], "attributing_actor": [ "Honker Union of China" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Honker Union of China" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "2001-4" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Other" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html", "https://www.theguardian.com/technology/2001/may/04/china.internationalnews", "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf", "https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/" ], "sources_attribution": [ "https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html", "https://www.theguardian.com/technology/2001/may/04/china.internationalnews", "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf" ] }, { "ID": 6, "name": "\"First Sino-US-Cyber-War\" II", "description": "After the collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific.", "added_to_DB": "2022-08-15", "start_date": "2001-05-01", "end_date": "Not available", "updated_at": "2023-03-28", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "6_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Other" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "United States" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Other" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html", "https://www.theguardian.com/technology/2001/may/04/china.internationalnews", "https://www.upi.com/Defense-News/2002/10/29/China-prevented-repeat-cyber-attack-on-US/51011035913195/" ], "sources_attribution": [ "https://www.nytimes.com/2001/05/13/weekinreview/may-6-12-the-first-world-hacker-war.html" ] }, { "ID": 7, "name": "Textbook Hack South Korea vs. Japan", "description": "DDoS retaliatory campaign over a revisionist WWII Japanese history textbook", "added_to_DB": "2022-08-15", "start_date": "2001-05-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "7_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Antijapan" ], "initiator_country": [ "Korea, Republic of" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 7, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Antijapan" ], "attributed_initiator_country": [ "Korea, Republic of" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf" ], "sources_attribution": [ "https://cmsw.mit.edu/mit2/Abstracts/ducke1.pdf" ] }, { "ID": 8, "name": "Prior 9/11 Taliban Hack", "description": "A couple of weeks bevor 9/11 pro Taliban websites have been defaced by western activists, claiming to do so because of the Taliban`s threats to internet users.", "added_to_DB": "2022-08-15", "start_date": "2001-08-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "8_0", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Health" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8661, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://books.google.de/books?id=WfIFiEs0HQ8C&pg=PA89&lpg=PA89&dq=Pro-Palestinian+Hackers++AT%26T+2000&q=Pro-Palestinian%20Hackers%20%20AT%26T%202000&f=false" ], "sources_attribution": [ "Not available" ] }, { "ID": 9, "name": "ZeeNews/India Today Hack 2001", "description": "Website-defacements of Indian news outlets over the criticism of militant groups operating inside Pakistan, and Pakistani-controlled Kashmir.", "added_to_DB": "2022-08-15", "start_date": "2001-10-22", "end_date": "2001-10-22", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "9_0", "receiver_name": "Not available", "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8662, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "Resources" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.bbc.co.uk/2/hi/south_asia/1617478.stm" ], "sources_attribution": [ "http://news.bbc.co.uk/2/hi/south_asia/1617478.stm" ] }, { "ID": 10, "name": "NSA vs. US muslims", "description": "The NSA spied on prominent muslims in the US", "added_to_DB": "2022-08-15", "start_date": "2002-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "10_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Social groups", "End user(s) / specially protected groups", "Science" ], "receiver_category_subcode": [ "Legislative", "Civil service / administration", "Election infrastructure / related systems", "Religious", "Not available", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 10, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://theintercept.com/2014/07/09/under-surveillance/" ], "sources_attribution": [ "Not available" ] }, { "ID": 11, "name": "Titan Rain", "description": "Titan Rain was the designation given by the federal government of the United States to a series of coordinated attacks on American computer systems since 2003; they were known to have been ongoing for at least three years.[1] The attacks were labeled as Chinese in origin, although their precise nature, e.g., state-sponsored espionage, corporate espionage, or random hacker attacks, and their real identities \u2013 masked by proxy, zombie computer, spyware/virus infected \u2013 remain unknown.", "added_to_DB": "2022-08-15", "start_date": "2003-01-01", "end_date": "Not available", "updated_at": "2024-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "11_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry" ] }, { "receiver_id": "11_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 12, "settled": null, "attribution_year": 2005, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2005" ] }, { "attribution_id": 11, "settled": true, "attribution_year": 2005, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2005" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://content.time.com/time/subscriber/article/0,33009,1098961,00.html", "https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf", "https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years", "https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html", "https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns" ], "sources_attribution": [ "https://www.symantec.com/content/en/us/enterprise/articles/b-cxo_how_to_combat_cyber_espionage_somaini_ART_21032685.en-us.pdf", "https://www.theguardian.com/technology/2014/may/19/us-accusations-chinese-hacking-eight-years", "https://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html" ] }, { "ID": 13, "name": "DDoS North Korea 2004", "description": "A total of 314 PCs were hacked, including servers at the Ministry of Maritime Affairs and Fisheries, enterprises and universities. The attack was attributed to North Korea by the Korea Economic Institute of America.", "added_to_DB": "2022-08-15", "start_date": "2004-04-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "13_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Police", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 15, "settled": true, "attribution_year": 2009, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.keia.org/sites/default/files/publications/kei_aps_mansourov_final.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 14, "name": "Taiwan's Kuomintang Hack 2004", "description": "Attacks against Taiwan continued in 2004 targeting Websites belonging to Taiwan's Ministry of Finance, the Kuomintang Party, the Democratic Progressive Party (DPP) and the Ministry of National Defense\u2019s (MND) Military News Agency.", "added_to_DB": "2022-08-15", "start_date": "2004-07-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "14_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Political parties" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8665, "settled": false, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 8666, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf", "https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false" ], "sources_attribution": [ "https://books.google.de/books?id=APT eCwAAQBAJ&pg=PT122&lpg=PT122&dq=china+taiwan+2004+hacks+party&source=bl&ots=3sWN_ujpJn&sig=ACfU3U1lbym48HyjivjwwQzcJHCMcESvRQ&hl=de&sa=X&ved=2ahUKEwj-99T1i77jAhXD_KQKHeRZDYMQ6AEwB3oECAgQAQ#v=onepage&q=china%20taiwan%202004%20hacks%20party&f=false" ] }, { "ID": 15, "name": "ROK Hack 2004", "description": "An attack, that has been attributed to the Chinese PLA was sophisticated and surprisingly successful, infecting at least 278 computers at 10 South Korean government agencies with Trojan horse-type viruses that allowed hackers to access computer data when the user opens the files.", "added_to_DB": "2022-08-15", "start_date": "2004-07-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "15_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 18, "settled": true, "attribution_year": 2004, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2004" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/" ], "sources_attribution": [ "http://cc.pacforum.org/2004/10/turning-point-china-korea-relations/" ] }, { "ID": 16, "name": "Athens Affair", "description": "Vodafone Greeces services were hacked by an group, later attributed to the American NSA. They wiretapped the phones of parts of the greek government and of greek civil society for 5 months, via the \"lawful intercept\" system of Vodafone.", "added_to_DB": "2022-08-15", "start_date": "2004-07-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "16_0", "receiver_name": null, "receiver_country": "Greece", "receiver_region": "BALKANS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Other" ], "receiver_category_subcode": [ "Political parties", "Not available", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8676, "settled": false, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 8677, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement/report and indictment / sanctions" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://spectrum.ieee.org/telecom/security/the-athens-affair", "https://www.theguardian.com/commentisfree/2015/sep/30/athens-affair-encryption-backdoors", "https://www.schneier.com/blog/archives/2007/07/story_of_the_gr_1.html", "https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/" ], "sources_attribution": [ "https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/" ] }, { "ID": 17, "name": "Korea vs. Japan 2005", "description": "A series of attacks believed to have originated from China and South Korea hit numerous Japanese university and industrial Websites. The attacks may have been caused by a rise in tensions between the countries over the Japanese Education Ministry\u2018s alleged omission of key historical facts pertaining to Japan\u2019s actions in World War II and China\u2019s opposition to Japan\u2019s attempt to be a permanent member of the UN Security Council.", "added_to_DB": "2022-08-15", "start_date": "2005-01-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "17_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Social groups", "End user(s) / specially protected groups", "Science", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Religious", "Not available", "Not available", "Police" ] } ], "initiator_name": [ "Not available", "Not available" ], "initiator_country": [ "China", "Korea, Republic of" ], "initiator_category": [ "Not available", "Not available" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8371, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available", "Not available" ], "attributed_initiator_country": [ "China", "Korea, Republic of" ], "attributed_initiator_category": [ "Not available", "Not available" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.crime-research.org/news/11.05.2005/1227/" ], "sources_attribution": [ "http://www.crime-research.org/news/11.05.2005/1227/" ] }, { "ID": 18, "name": "APT 30 aka Naikon, PLA Unit 78020, Lotus Panda", "description": "The Chinese government is accused of being behind a newly discovered set of cyber attacks waged against government agencies, corporate companies and journalists across India and Southeast Asia between 2005 and 2015.", "added_to_DB": "2022-08-15", "start_date": "2005-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "18_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_2", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_3", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_4", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_5", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_6", "receiver_name": null, "receiver_country": "Singapore", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_7", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "18_8", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020)", "PLA Unit 78020" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 22, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT30/Raspberry Typhoon fka RADIUM/Naikon/G0013/LotusBlossum (PLA, Unit 78020)", "PLA Unit 78020" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://techcrunch.com/2015/04/12/fireeye-APT%20-30-southeast-asia-india-report/", "https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html", "http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf", "https://twitter.com/elinanoor/status/1630983893573566481" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2015/04/APT _30_and_the_mecha.html", "http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf" ] }, { "ID": 19, "name": "PoseidonGroup: The Boutique", "description": "Kaspersky identified Poseidon; a Brazilian, Portuguese-speaking APT active since at least 2005 and involved in numerous espionage operations until 2016. The targets are companies in energy and utilities, telecommunications, public relations, media, financial institutions, governmental institutions, services in general and manufacturing.", "added_to_DB": "2022-08-15", "start_date": "2005-01-01", "end_date": "Not available", "updated_at": "2023-10-27", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "19_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_1", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_2", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_3", "receiver_name": null, "receiver_country": "Kazakhstan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_4", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_5", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] }, { "receiver_id": "19_6", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Not available", "Finance" ] } ], "initiator_name": [ "Poseidon Group" ], "initiator_country": [ "Brazil" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6712, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Poseidon Group" ], "attributed_initiator_country": [ "Brazil" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/", "https://securityaffairs.co/wordpress/44402/cyber-crime/poseidon-group-attacks.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 20, "name": "Tulip Revolution Kyrgyzstan", "description": "Websites belonging to political parties and independent media were subject to unexplained technical failures and deliberate hacking during Kyrgyzstan's recent Parliamentary elections.\u00a0Attacks included flooding journalist e-mailaccounts with large amounts of spam, and spoofing of e-mail from Kyrgyz websites located in the US. Several political websites were deliberately defaced.", "added_to_DB": "2022-08-15", "start_date": "2005-02-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "20_0", "receiver_name": null, "receiver_country": "Kyrgyzstan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Political parties", "Election infrastructure / related systems", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Kyrgyzstan" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 24, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Kyrgyzstan" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://web.mit.edu/smadnick/www/wp/2017-10.pdf", "https://opennet.net/special/kg/" ], "sources_attribution": [ "https://opennet.net/special/kg/" ] }, { "ID": 21, "name": "NSA vs. Al Jazeera", "description": "The NSA hacked the arab Al-Jazeera", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "21_0", "receiver_name": null, "receiver_country": "Qatar", "receiver_region": "GULFC", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 26, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 25, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.spiegel.de/international/world/nsa-spied-on-al-jazeera-communications-snowden-document-a-919681.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 22, "name": "NSA vs. Aeroflot", "description": "The NSA hacked the Russian airline Aeroflot", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2024-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "22_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 28, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 27, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 23, "name": "PLA vs. Westinghouse Electric & US Steel", "description": "Chinese-government backed hackers steal e-mails from a US electric company\u00a0containing the company's strategy. The US unsealed an indictment against the PLA hackers in 2014.", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "2014-01-01", "updated_at": "2023-05-23", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "23_0", "receiver_name": "Not available", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 1750, "settled": true, "attribution_year": 2014, "attribution_month": 1, "attribution_day": 1, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014-1-1" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": "Not available", "political_response_month": "Not available", "political_response_day": "Not available" } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": "Not available", "legal_response_month": "Not available", "legal_response_day": "Not available" } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://time.com/106319/heres-what-chinese-hackers-actually-stole-from-u-s-companies/", "https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor", "https://twitter.com/NCSCgov/status/1659565751806709761" ], "sources_attribution": [ "https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor" ] }, { "ID": 24, "name": "Red Storm Rising", "description": "China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network),' said Maj. Gen. William Lord, director of information, services and integration in the Air Force's Office of Warfighting Integration and Chief Information Officer.", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "24_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 30, "settled": true, "attribution_year": 2006, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2006" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1" ], "sources_attribution": [ "https://gcn.com/Articles/2006/08/17/Red-storm-rising.aspx?Page=1" ] }, { "ID": 25, "name": "Operation Shady RAT", "description": "Operation Shady RAT is the name given to hacker attacks in which at least 72 companies, organizations and governments around the world were systematically spied out between 2006 and 2011, attributed by Dimitri Alperovitch, a former employee of McAfee.", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2024-04-23", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "25_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_1", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_2", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_3", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_4", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_5", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_6", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_7", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] }, { "receiver_id": "25_8", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Defence industry", "Other social groups", "Not available", "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group" ], "initiator_category_subcode": [ "Not available", "Criminal(s)", "Not available", "Criminal(s)" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 31, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Not available", "Criminal(s)", "Not available", "Criminal(s)" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 33, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 32, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://web.archive.org/web/20110804083836/http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf", "https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/", "https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882", "https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd", "https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China", "https://www.foxnews.com/tech/u-s-cybercops-caught-flat-footed-by-massive-global-cyberattack", "https://tecnogazzetta.it/smart-office/2024-04-22-misure-di-sicurezza-olimpiadi-parigi.html" ], "sources_attribution": [ "https://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/", "https://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqI_story.html?utm_term=.f1ca0cb01882", "https://www.darkreading.com/attacks-and-breaches/shady-rat-no-china-smoking-gun/d/d-id/1099506?=&piddl_msgorder=thrd", "https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na&_r=1&", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China" ] }, { "ID": 26, "name": "APT 10/Technology Theft Campaign", "description": "Beginning in or about 2006, members of the APT 10 Group, engaged in an intrusion campaign to obtain unauthorized access to the computers and computer networks of commercial and defense technology companies and U.S. Government agencies in order to steal information and data concerning a number of technologies", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "26_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_2", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_3", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_4", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_5", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_6", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_7", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_8", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] }, { "receiver_id": "26_9", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Telecommunications", "Defence industry" ] } ], "initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 13891, "settled": false, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 13892, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.wired.com/story/doj-indictment-chinese-hackers-APT%2010/", "https://www.justice.gov/opa/press-release/file/1121706/download", "https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/" ], "sources_attribution": [ "https://www.justice.gov/opa/press-release/file/1121706/download", "https://intrusiontruth.wordpress.com/2018/08/15/APT 10-was-managed-by-the-tianjin-bureau-of-the-chinese-ministry-of-state-security/" ] }, { "ID": 27, "name": "NSA vs. SWIFT", "description": "The NSA hacked the global payment system SWIFT", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2023-10-27", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "27_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 37, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 36, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.spiegel.de/international/world/how-the-nsa-spies-on-international-bank-transactions-a-922430.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 28, "name": "Denmark Cartoon Hack", "description": "Hackers break into about 600 Danish Websites to post threats and protest against satirical cartoons of the Prophet Mohammad", "added_to_DB": "2022-08-15", "start_date": "2006-03-01", "end_date": "Not available", "updated_at": "2023-12-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "28_0", "receiver_name": null, "receiver_country": "Denmark", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Other" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 38, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cnet.com/news/danish-web-sites-hacked-over-mohammad-cartoons/" ], "sources_attribution": [ "Not available" ] }, { "ID": 29, "name": "DOS Asia Department Hack", "description": "The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to be directed at its headquarters and at offices dealing with Asia.", "added_to_DB": "2022-08-15", "start_date": "2006-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "29_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 39, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 40, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2006/07/12/washington/12hacker.html", "https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+\u201cRed+Storm+Rising:+DoD\u2019s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,\u201d+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20\u201cRed%20Storm%20Rising%3A%20DoD\u2019s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C\u201d%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)" ], "sources_attribution": [ "https://books.google.de/books?id=bpgq3nwxU2EC&pg=PA71&lpg=PA71&dq=Dawn+Onley,+Dawn+and+Patience+Wait,+\u201cRed+Storm+Rising:+DoD\u2019s+Efforts+to+Stave+Off+Nation-+State+Cyber+Attacks+Begin+with+China,\u201d+Government+Computer+News,+August+2006.&source=bl&ots=awl6HiyumB&sig=ACfU3U0RTfaKYx8TP4qt3qLNQSbmCoGOmQ&hl=de&sa=X&ved=2ahUKEwinsuDJgLzjAhVBEVAKHZyNBAsQ6AEwAHoECAUQAQ#v=onepage&q=Dawn%20Onley%2C%20Dawn%20and%20Patience%20Wait%2C%20\u201cRed%20Storm%20Rising%3A%20DoD\u2019s%20Efforts%20to%20Stave%20Off%20Nation-%20State%20Cyber%20Attacks%20Begin%20with%20China%2C\u201d%20Government%20Computer%20News%2C%20August%202006.&f=false(S.71)" ] }, { "ID": 30, "name": "BND vs. Spiegel & Afghan Minister", "description": "The German BND spied on the email conversation between an Afghani minister and a German Spiegel Journalist.", "added_to_DB": "2022-08-15", "start_date": "2006-06-08", "end_date": "2006-12-01", "updated_at": "2023-03-17", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "30_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "30_1", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "BND" ], "initiator_country": [ "Germany" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8667, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "BND" ], "attributed_initiator_country": [ "Germany" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.spiegel.de/spiegel/print/d-56756328.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 31, "name": "Republican Frank Wolf, Chris Smith Hack", "description": "The office of the Republican Frank Wolf was hacked by China because of its longstanding critical attitude towards its human rights abuses, he said.", "added_to_DB": "2022-08-15", "start_date": "2006-08-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "31_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Legislative", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 42, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nysun.com/foreign/china-critic-says-congressional-computers-hacked/79782/" ], "sources_attribution": [ "Not available" ] }, { "ID": 32, "name": "BIS Hack", "description": "An attack against the US Bureau of Industry and Security (BIS) forced the agency to turn off Internet access in early September 2006. Hundreds of computers must be replaced to cleanse the agency of malicious code.", "added_to_DB": "2022-08-15", "start_date": "2006-08-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "32_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 43, "settled": null, "attribution_year": 2006, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2006" ] }, { "attribution_id": 44, "settled": true, "attribution_year": 2006, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2006" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "Resources" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2006/10/09/chinese_crackers_attack_us/", "https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh" ], "sources_attribution": [ "https://custom.crn.com/news/security/193105261/chinese-hackers-hit-commerce-department.htm?itc=refresh" ] }, { "ID": 33, "name": "US Naval War College Hack 2006", "description": "Computer and e-mail systems were off-line at the Naval War College following a network intrusion Nov.15. According to newsreports, hackers in China attacked the Website of the college, which trains senior Navy officers and develops cyberspace strategies.", "added_to_DB": "2022-08-15", "start_date": "2006-11-15", "end_date": "2006-12-04", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Disruption" ], "receivers": [ { "receiver_id": "33_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Science" ], "receiver_category_subcode": [ "Military", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 45, "settled": true, "attribution_year": 2006, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2006" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en" ], "sources_attribution": [ "https://fcw.com/articles/2006/12/04/china-is-suspected-of-hacking-into-navy-site.aspx?sc_lang=en" ] }, { "ID": 34, "name": "APT 1 Campaign 2006-2013", "description": "In its seminal report about APT 1, IT-company Mandiant exposed this group as being PLA Unit 61398, conducting economic cyber-espionage against targets wordlwide. One year later, the US released its first indictment against forein hackers, in this case from the Chinese APT 1.", "added_to_DB": "2022-08-15", "start_date": "2006-01-01", "end_date": "Not available", "updated_at": "2023-10-27", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "34_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_1", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_2", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_3", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_4", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_5", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_6", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_7", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_8", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "34_9", "receiver_name": null, "receiver_country": "Singapore", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Science" ], "receiver_category_subcode": [ "Civil service / administration", "Not available", "Not available", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 13895, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 13896, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-APT%201-report.pdf", "https://books.google.de/books?id=KNlEWdlTxYYC&pg=PA5&lpg=PA5&dq=APT +1+report+mandiant+senator&source=bl&ots=3Vjtz3BJHM&sig=ACfU3U35FSxtDFVHjIwB-4M0St6m8FAatg&hl=de&sa=X&ved=2ahUKEwiNzICc_LLyAhXxhf0HHcYJDyoQ6AF6BAglEAM#v=onepage&q=APT %201%20report%20mandiant%20senator&f=false" ], "sources_attribution": [ "Not available" ] }, { "ID": 35, "name": "Operation RedOctober", "description": "Kaspersky found 2013 a campaign of espionage/stealing of confidential information in many countries, mostly in Eastern Europe, but also in Western Europe and America, specifically targeting \"Cryptofiler\"files. Some evidence point to Russian and Chinese hackers,while precisely the origin could not be identified", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "35_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_1", "receiver_name": null, "receiver_country": "Kazakhstan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_2", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_3", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_4", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_5", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_6", "receiver_name": null, "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_7", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_8", "receiver_name": null, "receiver_country": "Turkmenistan", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] }, { "receiver_id": "35_9", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Energy", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China", "Russia" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 48, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China", "Russia" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/the-red-october-campaign/57647/", "https://www.bbc.com/news/technology-21013087", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies" ], "sources_attribution": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies" ] }, { "ID": 36, "name": "Operation Byzantine Hades (Lockheed Martin) - 2007", "description": "Documents leaked by Edward Snowden are the first public confirmation that Chinese hackers have been able to extrapolate top secret data on the F-35 Lightning II joint strike fighter jet. According to sources, the data breach already took place in 2007 at the prime subcontractor Lockheed Martin.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2024-02-22", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "36_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 3283, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 3284, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/", "https://de.reuters.com/article/usa-fighter-hacking/theft-of-f-35-design-data-is-helping-u-s-adversaries-pentagon-idUSL2N0EV0T320130619" ], "sources_attribution": [ "https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/" ] }, { "ID": 37, "name": "Turkish Hacker vs. Sweden", "description": "Attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog by turkish hackers", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "37_0", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Other" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 51, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html" ], "sources_attribution": [ "https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html" ] }, { "ID": 38, "name": "Swedish Hackers vs. Turkey", "description": "A group of swedish hackers has chosen to leak these user details in response to the many recent attacks on Swedish Web hosts and Web sites following the publication of a satirical drawing by Lars Vilks portraying the Muslim Prophet Mohammed as a roundabout dog.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "38_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Sweden" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 52, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Sweden" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html" ], "sources_attribution": [ "https://www.worldbulletin.net/archive/swedish-hackers-retaliate-against-turkish-attack-h12233.html" ] }, { "ID": 39, "name": "Infy/Prince of Persia", "description": "Prince of Persia Campaign used InfyMalware for almost ten years to spy on government and corporate entities, also known as Operation Mermaid.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "39_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_2", "receiver_name": null, "receiver_country": "Denmark", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_3", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_4", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_5", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_6", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "39_7", "receiver_name": null, "receiver_country": "Iraq", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Infy" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 53, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Infy" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://unit42.paloaltonetworks.com/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/", "http://blogs.360.cn/post/operation-mermaid.html", "https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf" ], "sources_attribution": [ "http://blogs.360.cn/post/operation-mermaid.html", "https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf" ] }, { "ID": 40, "name": "Darkhotel APT", "description": "DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2024-02-22", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "40_0", "receiver_name": null, "receiver_country": "Korea, Democratic People's Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Other" ], "receiver_category_subcode": [ "Military", "Intelligence agencies", "Defence industry", "Not available", "Not available", "Not available" ] }, { "receiver_id": "40_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Other" ], "receiver_category_subcode": [ "Military", "Intelligence agencies", "Defence industry", "Not available", "Not available", "Not available" ] }, { "receiver_id": "40_2", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Other" ], "receiver_category_subcode": [ "Military", "Intelligence agencies", "Defence industry", "Not available", "Not available", "Not available" ] }, { "receiver_id": "40_3", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Other" ], "receiver_category_subcode": [ "Military", "Intelligence agencies", "Defence industry", "Not available", "Not available", "Not available" ] }, { "receiver_id": "40_4", "receiver_name": null, "receiver_country": "Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media", "Other" ], "receiver_category_subcode": [ "Military", "Intelligence agencies", "Defence industry", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux" ], "initiator_country": [ "Korea, Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 54, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zigzag Hail fka DUBNIUM/Dark Hotel/Tapaoux" ], "attributed_initiator_country": [ "Korea, Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/the-darkhotel-apt/66779/", "https://www.wired.com/2014/11/darkhotel-malware/", "https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/" ], "sources_attribution": [ "https://www.wired.com/2014/11/darkhotel-malware/", "https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/" ] }, { "ID": 41, "name": "CozyBear vs. Obama Campaign", "description": "State-sponsored Russian hackers systematically targeted the campaign of Barack Obama and close government officials in 2007 and thus immediately before his first candidacy in 2008. Mainly phishing attacks are said to have been involved. According to the Area 1 Security report, however, Chinese influence cannot be ruled out entirely, as they carried out a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-14", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "41_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8679, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.newsweek.com/russia-hacking-trump-clinton-607956" ], "sources_attribution": [ "Not available" ] }, { "ID": 42, "name": "Poison Ivy APT", "description": "Through research, 360 Helios Team has found that, since 2007, the PoisonIvy Group has carried out 11 years of cyberespionage campaigns against Chinese key units and departments, such as national defense, government, science and technology, education and maritime agencies. The group seems to have similar interests as OceanLotus.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "42_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available", "Not available" ] } ], "initiator_name": [ "PoisonIvy/APT-C-01" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 56, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "PoisonIvy/APT-C-01" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://blogs.360.cn/post/APT_C_01_en.html" ], "sources_attribution": [ "http://blogs.360.cn/post/APT_C_01_en.html" ] }, { "ID": 43, "name": "Careto aka The Mask", "description": "The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "43_0", "receiver_name": null, "receiver_country": "Morocco", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_1", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_2", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_3", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_4", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_5", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_6", "receiver_name": null, "receiver_country": "Libya", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "43_7", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Careto/The Mask" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 57, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Careto/The Mask" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/" ], "sources_attribution": [ "https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/" ] }, { "ID": 44, "name": "Putter Panda aka APT 2", "description": "Crowdstrike has been tracking the activity of a cyber espionage group operating out of shanghai, China, with connections to the People\u2019s liberation army third General staff department (Gsd) 12th Bureau Military Unit Cover designator (MUCd) 61486, since 2012, active at least since 2007. The group shows similarities to the conduct of APT 1 aka Comment Crew/Panda, which is aligned with PLA Unit 61398.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "44_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Military", "Telecommunications", "Defence industry", "Not available" ] }, { "receiver_id": "44_1", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Military", "Telecommunications", "Defence industry", "Not available" ] } ], "initiator_name": [ "Putter Panda/APT 2" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 58, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Putter Panda/APT 2" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" ], "sources_attribution": [ "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" ] }, { "ID": 45, "name": "The Mobile Surge", "description": "According to documents leaked by Edward Snowden, the American NSA and the British Government Communications Headquarters allegedly collected and stored dozens of pieces of data from smartphone apps in a joint initiative called The Mobile Surge until 2007. The main purpose of this was the systematic exchange of ways to obtain information, but information was also tapped, especially from apps that had been around for a while. Publicly, this initiative has been used to gain a better understanding of potential security vulnerabilities that could improve the privacy of citizens' sensitive data in the long term. The UK authority relies on the fact that it would therefore be in compliance with the law. However, it is not known how many users are affected by this action. ", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-11-01", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "45_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group", "GCHQ" ], "initiator_country": [ "United Kingdom", "United States", "United Kingdom", "United States" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8682, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 8683, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United Kingdom", "United States", "United Kingdom", "United States" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 46, "name": "Stuxnet", "description": "US and Israeli created worm Stuxnet infiltrates Iranian nuclear facility which leads to destruction of uranium centrifuges.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2024-05-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "46_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Military", "Defence industry" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "Israel", "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 17377, "settled": false, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 17378, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "Israel", "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Hardware Additions", "Replication Through Removable Media", "Trusted Relationship" ], "MITRE_impact": [ "Data Manipulation" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "Local effects, e.g., affecting only one restricted area of a country or region (incident scores 1 point in intensity)" ], "physical_effects_temporal": [ "Long lasting effects (> 24h; incident scores 2 points in intensity)" ], "unweighted_cyber_intensity": 7, "target_multiplier": [ "Very high political importance (e.g., critical infrastructure, military) - intensity multiplied by 1.5" ], "weighted_cyber_intensity": 11, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.jpost.com/international/article-731254", "https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months", "https://www.malwarebytes.com/blog/news/2023/03/ransomware-gunning-for-transport-sectors-ot-systems-next", "https://www.justsecurity.org/86548/honey-im-hacked-ethical-questions-raised-by-ukrainian-cyber-deception-of-russian-military-wives/", "https://nakedsecurity.sophos.com/2023/06/26/uk-hacker-busted-in-spain-gets-5-years-over-twitter-hack-and-more/", "https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/", "https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices", "https://www.rferl.org/a/iran-gas-stations-disruption/32735223.html", "https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/", "https://socradar.io/enhancing-iot-security-with-cyber-threat-intelligence-cti/", "https://www.haaretz.com/israel-news/2024-01-09/ty-article/a-dutch-national-sabotaged-irans-nuclear-program-in-2008-new-investigation-reveals/0000018c-ee18-d0b4-a7ce-ff7bc9ec0000", "https://www.heise.de/news/Stuxnet-Niederlaendischer-Geheimdienst-half-wohl-bei-Sabotage-im-Iran-9596851.html?wt_mc=rss.red.ho.beitrag.rdf.beitrag.beitrag", "https://www.wired.com/story/ebay-criminal-charge-bloody-pig-mask/", "https://www.futura-sciences.com/tech/actualites/piratage-revelations-surprenantes-sabotage-programme-nucleaire-iranien-110787/", "https://www.politico.com/newsletters/weekly-cybersecurity/2024/02/26/irans-cyber-menace-sanctioned-but-not-stirred-00143230", "https://www.lexpress.fr/economie/high-tech/destabilisation-desinformation-sabotages-les-cyberattaques-de-plus-en-plus-performantes-de-liran-L55EFKXOIZHHDLYWSJEOJTD2QU/", "https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/", "https://www.tagesschau.de/ausland/asien/chronik-konflikt-iran-israel-100.html", "https://www.diepresse.com/18369299/der-lange-konflikt-zwischen-israel-und-dem-iran", "https://www.techuk.org/resource/reducing-the-attack-surface-within-cni-ot-environments-using-revbits-native-security-solutions.html", "https://news.ifeng.com/c/8ZCjLXLQVOl", "https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all", "https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/", "https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/", "https://archive.f-secure.com/weblog/archives/00002791.html", "https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf", "https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/" ], "sources_attribution": [ "https://www.cbsnews.com/news/iran-blames-us-israel-for-stuxnet-malware/", "https://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/", "https://archive.f-secure.com/weblog/archives/00002791.html", "https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf" ] }, { "ID": 48, "name": "Perdido", "description": "According to the in 2013 by Snowden leaked NSA 2007 document, US intelligence services are spying on the European Union mission in New York and its embassy in Washington. One document lists 38 embassies and missions. Germany's justice minister, Sabine Leutheusser-Schnarrenberger, Robert Madelin, one of Britain's most senior officials in the European commission, a spokesman for the European commission, Guy Verhofstadt, the former Belgian primeminister and others have commented on the incident.", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-04-20", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "48_0", "receiver_name": null, "receiver_country": "EU (institutions)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_2", "receiver_name": null, "receiver_country": "Greece", "receiver_region": "BALKANS", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_3", "receiver_name": null, "receiver_country": "Italy", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_4", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_5", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_6", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_7", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "48_8", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 65, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 64, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2013/jun/30/nsa-spying-europe-claims-us-eu-trade", "https://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies" ], "sources_attribution": [ "Not available" ] }, { "ID": 49, "name": "Support of Bundeswehr Presence in Congo", "description": "The German BND hacked computers in the Democratic Republic of Congo with the goal of gathering information to support the Bundeswehr presence there", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "49_0", "receiver_name": null, "receiver_country": "Congo, the Democratic Republic of the", "receiver_region": "SSA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "BND" ], "initiator_country": [ "Germany" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 66, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "BND" ], "attributed_initiator_country": [ "Germany" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 50, "name": "Operation Pawn Storm 2007", "description": "Fancy Bear attacked the military and defense contractors of the US and some of their allies in a longterm espionage campaign, with the usage of some Zerodays", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-10-30", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "50_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_2", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_3", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_4", "receiver_name": null, "receiver_country": "Holy See (Vatican City State)", "receiver_region": "EUROPE", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_5", "receiver_name": null, "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_6", "receiver_name": null, "receiver_country": "Hungary", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "50_7", "receiver_name": null, "receiver_country": "Poland", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 67, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 51, "name": "Russian Anti-Kasparov Campaign", "description": "Pro-Russian hackers bombarded the sites of opposition leaders like Garry Kasparov in the midst of his 2007 campaign for president, keeping Kasparov's site offline or sluggish at key moments during the campaign season", "added_to_DB": "2022-08-15", "start_date": "2007-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "51_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Political parties", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 68, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.wired.com/story/russia-election-hacking-playbook/" ], "sources_attribution": [ "Not available" ] }, { "ID": 52, "name": "Azerbaijani-Armenian Cybewar 2007 Armenian Attack", "description": "Hackers identifying themselves to be connected to the Armenian state service hacked and defaced the website of the Azerbaijani state television", "added_to_DB": "2022-08-15", "start_date": "2007-01-22", "end_date": "2007-01-22", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "52_0", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Election infrastructure / related systems", "Not available" ] } ], "initiator_name": [ "Armenian State Service" ], "initiator_country": [ "Armenia" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 69, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Armenian State Service" ], "attributed_initiator_country": [ "Armenia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 53, "name": "Azerbaijani-Armenian Cybewar 2007 Azerbaijani Counterattack", "description": "Bacioglu counter attacked and defaced five Armenian websites", "added_to_DB": "2022-08-15", "start_date": "2007-01-29", "end_date": "2007-01-29", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "53_0", "receiver_name": null, "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "Social groups", "Other" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available" ] } ], "initiator_name": [ "Bacioglu" ], "initiator_country": [ "Azerbaijan" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 70, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bacioglu" ], "attributed_initiator_country": [ "Azerbaijan" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 54, "name": "Azerbaijani-Armenian Cyberwar 2007 Axteam intevenes", "description": "Axteam, an Armenian hackergroup retaliated for Bacioglus attack and took down Azerbaijani websites", "added_to_DB": "2022-08-15", "start_date": "2007-02-05", "end_date": "2007-02-05", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "54_0", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Axteam" ], "initiator_country": [ "Armenia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 71, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axteam" ], "attributed_initiator_country": [ "Armenia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue": [ "Territory", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 55, "name": "Chemical Hack", "description": "By stealing the password the North Korean hacker unit could excess information including data on organizations that manufacture toxic chemical substances, and the information on types of toxic chemical substances.", "added_to_DB": "2022-08-15", "start_date": "2007-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "55_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Science" ], "receiver_category_subcode": [ "Military", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 72, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 73, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hsdl.org/?view&did=790510" ], "sources_attribution": [ "https://www.hsdl.org/?view&did=790510" ] }, { "ID": 56, "name": "Estonia 2007", "description": "Different targets in Estonia attacked on the background of tensions with Russia and Russian minority in Estonia over removal of Soviet war memorial. Estonia accused Russia, but involvement of Russian government is contested and doubted by experts from the IT sector.", "added_to_DB": "2022-08-15", "start_date": "2007-04-27", "end_date": "2007-05-01", "updated_at": "2023-10-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "56_0", "receiver_name": null, "receiver_country": "Estonia", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 74, "settled": null, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] }, { "attribution_id": 76, "settled": null, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] }, { "attribution_id": 75, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "Autonomy" ], "offline_conflict_issue": [ "Autonomy" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.defenseone.com/threats/2023/10/estonia-sent-offensive-cyber-tools-ukraine-after-russia-invaded/390985/", "https://english.elpais.com/international/2024-04-18/estonian-prime-minister-its-a-question-of-when-they-will-start-the-next-war.html", "http://news.bbc.co.uk/2/hi/europe/6665195.stm", "https://www.theguardian.com/world/2007/may/17/topstories3.russia", "http://foreignpolicy.com/2010/12/07/who-was-behind-the-estonia-cyber-attacks/", "http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html", "https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks", "http://www.internetnews.com/security/article.php/3678606", "https://www.rferl.org/a/bulgaria-soviet-war-memorials-ghosts-art-nft-brezunek/32038555.html" ], "sources_attribution": [ "https://www.theguardian.com/world/2007/may/17/topstories3.russia", "http://www.spiegel.de/international/world/old-wars-and-new-estonians-accuse-kremlin-of-cyberwarfare-a-483394.html", "https://searchsecurity.techtarget.com/news/1255548/Experts-doubt-Russian-government-launched-DDoS-attacks", "http://www.internetnews.com/security/article.php/3678606" ] }, { "ID": 57, "name": "DoD Systems Outage", "description": "China accused of attack on the Office of the Secretary of Defense, according to what US Secretary of Defense Robert Gatest old reporters it was unclassified OSD emailsystem.", "added_to_DB": "2022-08-15", "start_date": "2007-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "57_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 77, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://web.archive.org/web/20070625081555/http://www.theregister.co.uk/2007/06/22/department_of_defense_email_hacked/", "http://news.bbc.co.uk/2/hi/americas/6977533.stm", "https://www.telegraph.co.uk/news/worldnews/1562149/Chinese-military-hacked-into-Pentagon.html", "https://www.ft.com/content/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac" ], "sources_attribution": [ "Not available" ] }, { "ID": 58, "name": "Chinese Espionage in Germany", "description": "Der Spiegel reports based on BfV-report attacks from China on Germany like Chinese espionage attacks on other countries , Merkel didn't comment it directly on the summit ,while \"German officials believe the hackers were being directed by the People's Liberation Army \". Later German politicians asked Government to make direct remonstrations with Chinese officials, inparticular SPD politician Rolf Muetzenich, FDP expert of internal affairs Max Stadler and others.", "added_to_DB": "2022-08-15", "start_date": "2007-08-01", "end_date": "Not available", "updated_at": "2023-07-25", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "58_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 78, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf", "http://www.spiegel.de/netzwelt/tech/computerspionage-chinesische-trojaner-auf-pcs-im-kanzleramt-a-501954.html", "http://www.spiegel.de/international/world/espionage-report-merkel-s-china-visit-marred-by-hacking-allegations-a-502169.html", "http://www.spiegel.de/politik/ausland/computer-spionage-fdp-will-chinesische-hacker-angriffe-in-den-bundestag-bringen-a-502253.html", "https://www.heise.de/newsticker/meldung/Politiker-fordern-Aufklaerung-ueber-chinesische-Trojaner-Angriffe-Update-167417.html" ], "sources_attribution": [ "https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf" ] }, { "ID": 59, "name": "UN website Defacement", "description": "The hackers, who named themselvesas \"kerem125\", \"Gsy\" and \"M0sted\", one of which claimed to be Turkish, defaced main UN website with logos against the US and Israel killing children, as well as claimed having hacked many other sites including the webpages for the Economic and Social Council and the Paris website of the UN Environment Program,\u00a0Harvard, Norfolk and Norwich University Hospital in Britain and other US and Israeli universities, Toyota, Nestle, Yahoo Korea, MSN Italy, CocaCola, Sony, Renault.", "added_to_DB": "2022-08-15", "start_date": "2007-08-12", "end_date": "2007-08-12", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "59_0", "receiver_name": null, "receiver_country": "United Nations", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "59_1", "receiver_name": null, "receiver_country": "United Nations Economic and Social Council", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "59_2", "receiver_name": null, "receiver_country": "United Nations Environment Programme", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "59_3", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "59_4", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "59_5", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 79, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.dailytelegraph.com.au/news/world/united-nations-website-hacked/news-story/13e8a7ae2ea91870029e1ab1c594c57f?sv=98f5643b01e22cb449ca41be1a1ce43a", "https://www.computerworld.com/article/2543082/security0/-hackers--deface-un-site.html", "https://www.iol.co.za/business-report/technology/un-hackers-used-sql-injection-901265", "http://news.bbc.co.uk/2/hi/technology/6943385.stm" ], "sources_attribution": [ "Not available" ] }, { "ID": 60, "name": "DHS breach 2007", "description": "Sensitive information from Department of Homeland Security was exfiltrated on Chinese-language websites, the contractor charged with network security was suspected. They\"don't know what was taken\", but to the best of our knowledge there was no classified information [taken].\"", "added_to_DB": "2022-08-15", "start_date": "2007-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "60_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 80, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://edition.cnn.com/2007/US/09/24/homelandsecurity.computers/index.html?eref=" ], "sources_attribution": [ "Not available" ] }, { "ID": 61, "name": "Chinese Attack on french systems", "description": "Francis Delon,the secretary general of France's National Defence Office ,confirmed that Chinese hackers had \"penetrated outer levels\" of state computer systems,but French gov. has no proof that Chinese government is behind the attacks,even though have some evidence of Chinese invorlvement.", "added_to_DB": "2022-08-15", "start_date": "2007-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "61_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 81, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://web.archive.org/web/20080118141424/http://www.france24.com/france24Public/en/news/france/20070909-Internet-piracy-france-secuirty-china-hacker.html", "https://www.theregister.co.uk/2007/09/12/french_cyberattacks/" ], "sources_attribution": [ "https://www.theregister.co.uk/2007/09/12/french_cyberattacks/" ] }, { "ID": 62, "name": "Operation Orchard", "description": "Israel reportedly used electronic warfare to take over Syrian air-defenses and feed them a false-skypicture, for the entire period of time that the Israeli fighter jets needed to cross Syria, bomb their target and return.", "added_to_DB": "2022-08-15", "start_date": "2007-09-06", "end_date": "2007-09-07", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "62_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Israel" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 82, "settled": true, "attribution_year": 2009, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "International power", "Other" ], "offline_conflict_issue": [ "Territory", "Other" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.wired.com/2007/10/how-israel-spoo/", "http://www.spiegel.de/international/world/the-story-of-operation-orchard-how-israel-destroyed-syria-s-al-kibar-nuclear-reactor-a-658663.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 63, "name": "Satellite Hack", "description": "US commission claimed in the draft of an annual report that\u00a0in October 2007, July (and October) 2008 hackers used a groundstation to interfere with the operation of two US government satellites used for earth observation. The commission did not explicitly accuse the Chinese government of orchestrating the attacks, but said they were consistent with Chinese military protocol.", "added_to_DB": "2022-08-15", "start_date": "2007-10-01", "end_date": "Not available", "updated_at": "2023-07-06", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "63_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Science" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 83, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2011/oct/27/chinese-hacking-us-satellites-suspected", "https://www.theguardian.com/technology/2011/oct/31/china-us-claims-satellite-hacking" ], "sources_attribution": [ "Not available" ] }, { "ID": 64, "name": "Taiwan vs. Chinese Government 2007", "description": "The Chinese government accused Taiwan's intelligence agency of compromising Chinese government, military and defence industrial networks. A secret agent named Lee Fang-jung was accused of gaining access to\u00a0information related to political, military, diplomatic, economic, medical and health affairs. Some Taiwanese officials indirectly confirmed, some denied the incident or claimed no awareness of it.", "added_to_DB": "2022-08-15", "start_date": "2007-10-01", "end_date": "Not available", "updated_at": "2023-09-07", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "64_0", "receiver_name": "Not available", "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Civil service / administration", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Taiwan" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 12775, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "China" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Taiwan" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.scmp.com/article/613904/beijing-seeks-taiwanese-secret-agent-over-hacking" ], "sources_attribution": [ "Not available" ] }, { "ID": 65, "name": "Chinese Espionage in GB 2007", "description": "Jonathan Evans, the Director\u2010General of MI5, accused the Russian and \"Chinese state organisations \"of espionage against British banks and companies", "added_to_DB": "2022-08-15", "start_date": "2007-11-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "65_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 85, "settled": true, "attribution_year": 2007, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2007" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thetimes.co.uk/article/mi5-alert-on-chinas-cyberspace-spy-threat-tbxdgkv5l9v", "http://www.washingtonpost.com/wp-dyn/content/article/2007/12/03/AR2007120300782.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 66, "name": "Chinese Attack against US-Election Campaigns", "description": "U.S. officials have determined that the Chinese government hacked into and spied on the 2008 presidential campaigns of Barack Obama and John McCain. Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, at White House event announcing a new cybersecurity policy. But neither the president nor his top aides publicly spoke about the identity of the hackers.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-08-09", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "66_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Political parties", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 86, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehill.com/policy/technology/304111-report-china-hacked-obama-mccain-campaigns", "https://www.theguardian.com/global/2008/nov/07/obama-white-house-usa" ], "sources_attribution": [ "Not available" ] }, { "ID": 67, "name": "Regin", "description": "Technical reports from Kaspersky and Symantec, which first reported on a tool called Regin in autumn 2014, show that the malware has been active for more than 10 years and has infected numerous countries such as Germany, Belgium, Brazil and two other countries in South (East) Asia. Several versions of Regin have been found in the wild, targeting various businesses, institutions, academics and individuals.\nRegin is described as a versatile data collection tool that is the most dangerous spy tool after Stuxnet. \nIn 2015, it was identified as an NSA toolkit used by the international intelligence alliance Five Eyes.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-11-01", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "67_0", "receiver_name": "Not available", "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_1", "receiver_name": "Not available", "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_2", "receiver_name": "Not available", "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_3", "receiver_name": "Not available", "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_4", "receiver_name": "Not available", "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_5", "receiver_name": "Not available", "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_6", "receiver_name": "Not available", "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] }, { "receiver_id": "67_7", "receiver_name": "Not available", "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Energy", "Not available", "Not available", "Transportation", "Telecommunications" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8684, "settled": false, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 8685, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf", "https://www.itpro.co.uk/security/33926/former-yandex-ciso-weighs-in-on-alleged-five-eyes-hack", "http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html" ], "sources_attribution": [ "http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html" ] }, { "ID": 68, "name": "Anarchist", "description": "US and UK agencies hacked into Israeli drones and other aircraft as they gathered\u00a0intelligence according to the leaks of Edward Snowden.\u00a0Intelligence reports stemming from GCHQ and the NSA extend from 2008 to 2012.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-16", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "68_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "NSA/Equation Group", "GCHQ" ], "initiator_country": [ "United States", "United Kingdom" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8542, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 8543, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/", "https://www.jpost.com/Israel-News/Report-US-UK-intelligence-hacked-into-Israeli-drones-under-operation-Anarchist-443228", "https://www.nytimes.com/2016/01/30/world/middleeast/israel-drones-snowden-britain-us.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 69, "name": "Blackgear", "description": "Blackgear, also known as Topgear and Comnie, has been around since at least 2008, mainly targeting entities in Taiwan, South Korea and Japan. Their objectives include organizations in the telecommunications, defense, government, aerospace, and high-tech sectors.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "69_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry", "Not available" ] }, { "receiver_id": "69_1", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry", "Not available" ] }, { "receiver_id": "69_2", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry", "Not available" ] } ], "initiator_name": [ "Blackgear/Topgear/Comnie" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 92, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Blackgear/Topgear/Comnie" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 93, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Blackgear/Topgear/Comnie" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/", "https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques" ], "sources_attribution": [ "https://www.securityweek.com/blackgear-cyberspies-resurface-new-tools-techniques" ] }, { "ID": 70, "name": "Optic Nerve", "description": "The british GCHQ spied on the webcams of millions of Yahoo users", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "70_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 94, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 95, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo" ], "sources_attribution": [ "Not available" ] }, { "ID": 71, "name": "World of Spycraft", "description": "The NSA and CIA gathered information on online gamers via various methods, including infiltrating online communities and data mining.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "71_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 97, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 96, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.propublica.org/article/world-of-spycraft-intelligence-agencies-spied-in-online-games" ], "sources_attribution": [ "Not available" ] }, { "ID": 72, "name": "GCHQ vs. Journalists", "description": "The british GCHQ wiretapped emails of journalists, seeing them as a serious security threat", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "72_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "72_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "72_2", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 98, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 99, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/uk-news/2015/jan/19/gchq-intercepted-emails-journalists-ny-times-bbc-guardian-le-monde-reuters-nbc-washington-post" ], "sources_attribution": [ "Not available" ] }, { "ID": 73, "name": "Chinese Attack against Alcoa", "description": "Chinese military hackers accessed the network of Alcoa, with the goal of getting access to commercial secrets", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-05-23", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "73_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 100, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor", "https://twitter.com/NCSCgov/status/1659565751806709761" ], "sources_attribution": [ "Not available" ] }, { "ID": 75, "name": "Pinch duke", "description": "The campaign of Pinch Duke is malware toolset attributed to the Dukes, a Russian state-sponsored cyberespionage operation with the joint goal of gathering intelligence on the sentiments of the targeted countries.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "75_0", "receiver_name": null, "receiver_country": "Georgia", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] }, { "receiver_id": "75_1", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] }, { "receiver_id": "75_2", "receiver_name": null, "receiver_country": "Kazakhstan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] }, { "receiver_id": "75_3", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] }, { "receiver_id": "75_4", "receiver_name": null, "receiver_country": "Uzbekistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] }, { "receiver_id": "75_5", "receiver_name": null, "receiver_country": "Kyrgyzstan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Criminal" ] } ], "initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 104, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 76, "name": "Project Chanology", "description": "Anonymous attacks\u00a0(with DDoS and other disruption-oriented attacks) the Church of Scientology\u00a0firstly in response to the take-down of the Tom Cruise video, against Scientology's actions viewed as Internet censorship.", "added_to_DB": "2022-08-15", "start_date": "2008-01-01", "end_date": "Not available", "updated_at": "2023-04-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "76_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Religious" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 105, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2008/feb/04/news", "http://artofthemooc.org/wiki/project-chanology/", "https://www.cnet.com/news/anonymous-hackers-take-on-the-church-of-scientology/", "https://tarnkappe.info/artikel/hintergrundberichte/beruehmte-hacker-die-uns-noch-lange-in-erinnerung-bleiben-werden-teil-4-273234.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 77, "name": "Tibetean Activists Attacked", "description": "Pro-Tibet activist groups attacked through e-mails allegedly from China on the background of increased protests", "added_to_DB": "2022-08-15", "start_date": "2008-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "77_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "77_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 106, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/", "http://www.washingtonpost.com/wp-dyn/content/article/2008/03/21/AR2008032102605.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 78, "name": "\"Chinese Civil Militia\" attack on Pentagon", "description": "A group of Chinese hackers, belonging to what Western experts say is \"civilian cyber militia\" in China, has claimed to gain unauthorized entry to several high-protected computer systems of the US including the servers of the Pentagon and downloaded information. The hackers' group also said that the Chinese government sometimes pays it secretly.", "added_to_DB": "2022-08-15", "start_date": "2008-03-07", "end_date": "2008-03-07", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "78_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 107, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.spamfighter.com/News-10011-Chinese-Hackers-Claim-Gaining-Unauthorized-Entry-into-Pentagon.htm", "http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 79, "name": "Byzantine Candor", "description": "More than 50 megabytes of email messages and a complete list of user names and passwords from an unspecified US government agency were stolen according to a\u00a0State Department cable made public by WikiLeaks. At least some of the attacks originated from a Shanghai-based hacker group linked to the People\u2019s Liberation Army\u2019s Third Department", "added_to_DB": "2022-08-15", "start_date": "2008-04-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "79_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Election infrastructure / related systems" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 108, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-china-usa-cyberespionage/special-report-in-cyberspy-vs-cyberspy-china-has-the-edge-idUSTRE73D24220110414", "https://www.nytimes.com/2010/12/05/world/asia/05wikileaks-china.html", "https://venturebeat.com/2010/12/04/wikileaks-documents-lay-bare-vast-hacking-attempts-by-chinese-leaders/", "https://www.smh.com.au/technology/beijing-used-hackers-to-find-us-secrets-20101205-18lf8.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 80, "name": "Belgium State Department Hack 2008", "description": "Belgium officials said that government computer networks are targeted by attacks from China which could benefit Chinese government", "added_to_DB": "2022-08-15", "start_date": "2008-04-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "80_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 109, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.sophos.com/en-us/press-office/press-releases/2008/05/belgium.aspx", "https://www.theregister.co.uk/2008/05/08/belgium_india_china_warnings/" ], "sources_attribution": [ "Not available" ] }, { "ID": 81, "name": "Chinese Hacktivist Attack on CNN", "description": "Chinese hackers organised several attacks on CNN and later other websites.", "added_to_DB": "2022-08-15", "start_date": "2008-04-17", "end_date": "2008-05-05", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "81_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 110, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://chinascope.org/archives/6680", "https://www.pcworld.com/article/144809/article.html", "https://news.netcraft.com/archives/2008/04/22/cnn_site_bears_the_brunt_of_chinese_attackers.html", "https://www.zdnet.com/article/chinese-hackers-disable-cnn-com-for-three-hours/" ], "sources_attribution": [ "Not available" ] }, { "ID": 82, "name": "DDOS on RFE - 2008", "description": "Primarily Radio Free Europe in Belarus (though also in some other countries) was targeted with DDoS allegedly related to its coverage of a rally organized by opposition to the Belarusian opposition. RFE provided no solid evidence, but said the Belarusian government was most likely behind the attacks. Other Belarusian websites including Charter97 were also hit. The botnet behind the attacks was a Russian-language botnet that had been active in other politically motivated attacks in there centpast.", "added_to_DB": "2022-08-15", "start_date": "2008-04-26", "end_date": "2008-04-28", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "82_0", "receiver_name": null, "receiver_country": "Belarus", "receiver_region": "CSTO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "82_1", "receiver_name": null, "receiver_country": "Serbia", "receiver_region": "WBALKANS", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "82_2", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "82_3", "receiver_name": null, "receiver_country": "Tajikistan", "receiver_region": "SCO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "82_4", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "Belarus" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 3271, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Belarus" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2008/04/29/radio_free_europe_ddos_attacks/" ], "sources_attribution": [ "Not available" ] }, { "ID": 83, "name": "Chilean Education Data Leak", "description": "The Education Ministry, Electoral Service and military servers used by the Chilean government have been infiltrated by a hacker. \"Confidential\" personal records of over 6 million Chileans were published then. The hacker claimed the reason was to show the lack of overall data protection there exists in Chile.", "added_to_DB": "2022-08-15", "start_date": "2008-05-12", "end_date": "2008-05-12", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "83_0", "receiver_name": null, "receiver_country": "Chile", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Chile" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 112, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Chile" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.bbc.co.uk/2/hi/americas/7395295.stm" ], "sources_attribution": [ "Not available" ] }, { "ID": 84, "name": "Anti-Lithuanian Defacement 2008", "description": "300 Lithuanian official and private websites were defaced with communist symbols after the ban on communist symbols in the country, but the Government didn't accused Russia directly", "added_to_DB": "2022-08-15", "start_date": "2008-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "84_0", "receiver_name": null, "receiver_country": "Lithuania", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Political parties", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 113, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2008/07/01/world/europe/01baltic.html", "https://www.irishtimes.com/news/lithuania-accuses-russian-hackers-of-cyber-assault-after-collapse-of-over-300-websites-1.942155", "https://www.zdnet.com/article/300-lithuanian-sites-hacked-by-russian-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 85, "name": "GhostNet", "description": "Chinese hacker network GhostNet steals information from South and South East Asian government servers and from the Office of the Dalai Lama", "added_to_DB": "2022-08-15", "start_date": "2008-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "85_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_2", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_3", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_4", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_5", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_6", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_7", "receiver_name": null, "receiver_country": "Hong Kong", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "85_8", "receiver_name": null, "receiver_country": "Laos", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "International / supranational organization", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Ghostnet" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 114, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Ghostnet" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://de.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network", "http://www.nartv.org/mirror/ghostnet.pdf", "https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf" ], "sources_attribution": [ "http://www.nartv.org/mirror/ghostnet.pdf", "https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf" ] }, { "ID": 86, "name": "Longtime CIA campaign against China", "description": "Chinese antivirus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm.", "added_to_DB": "2022-08-15", "start_date": "2008-07-01", "end_date": "Not available", "updated_at": "2024-02-19", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "86_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Science", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Telecommunications", "Chemicals", "Transportation" ] } ], "initiator_name": [ "CIA" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 115, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CIA" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-china-usa-cia-idUSKBN20Q2SI", "https://blogs.360.cn/post/APT-C-39_CIA_EN.html" ], "sources_attribution": [ "https://blogs.360.cn/post/APT-C-39_CIA_EN.html" ] }, { "ID": 87, "name": "Cyberdomain Russia-Georgia War", "description": "Different targets in Georgia were attacked, mostly with DDoS, in parallel\u00a0with the Russo-Georgian War over South Ossetia and Abkhazia. Georgia accused Russia, but involvement of Russian government was contested at that time. The website of the Georgian Foreign Ministry was also affected, according to the ministry.", "added_to_DB": "2022-08-15", "start_date": "2008-07-20", "end_date": "2008-08-14", "updated_at": "2023-06-28", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "87_0", "receiver_name": null, "receiver_country": "Georgia", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Legislative", "Military", "Telecommunications", "Finance" ] } ], "initiator_name": [ null ], "initiator_country": [ "Russia" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 6709, "settled": false, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] }, { "attribution_id": 6710, "settled": false, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] }, { "attribution_id": 6711, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2008/08/13/technology/13cyber.html", "http://www.cybertalkblog.co.uk/unlikely-that-russians-hacked-georgia-though-attacks-were-political/", "https://www.newsweek.com/how-russia-may-have-attacked-georgias-internet-88111", "https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811", "http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf", "https://www.telegraph.co.uk/news/worldnews/europe/georgia/2553058/Russia-continues-cyber-war-on-Georgia.html" ], "sources_attribution": [ "https://www.nytimes.com/2008/08/13/technology/13cyber.html", "https://www.reuters.com/article/us-georgia-ossetia-hackers/georgia-says-russian-hackers-block-govt-websites-idUSLB2050320080811", "http://www.fistfulofgold.com/Documents/ProjectGreyGoose.pdf" ] }, { "ID": 88, "name": "Georgia vs. Russian Media 2008", "description": "DDoS attacks against RT and RIA Novosty in the middle of the Georgian Conflict 2008.", "added_to_DB": "2022-08-15", "start_date": "2008-08-10", "end_date": "2008-08-10", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "88_0", "receiver_name": "Not available", "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Georgia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 1756, "settled": true, "attribution_year": null, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Georgia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power", "Secession" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": "Not available", "political_response_month": "Not available", "political_response_day": "Not available" } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": "Not available", "legal_response_month": "Not available", "legal_response_day": "Not available" } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/?mtrref=www.google.com" ], "sources_attribution": [ "Not available" ] }, { "ID": 89, "name": "APT-C-39 campaign against China", "description": "The American CIA spied on various companies in China over the years between 2008 and 2019", "added_to_DB": "2022-08-15", "start_date": "2008-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "89_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Telecommunications", "Defence industry", "Not available" ] } ], "initiator_name": [ "APT-C-39/CIA" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 120, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT-C-39/CIA" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://blogs.360.cn/post/APT-C-39_CIA_EN.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 90, "name": "Palin Doxxing", "description": "Alaska Governor and vice presidential candidate Sarah Palin's email account hacked by student David Kernell during the 2008 presidential election campaign and the gained materials posted.", "added_to_DB": "2022-08-15", "start_date": "2008-09-16", "end_date": "2008-09-16", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "90_0", "receiver_name": "Sarah Palin", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Political parties", "Not available" ] } ], "initiator_name": [ "David Kernell" ], "initiator_country": [ "United States" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8668, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "David Kernell" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.telegraph.co.uk/news/worldnews/sarah-palin/7750050/Sarah-Palin-vs-the-hacker.html", "http://news.bbc.co.uk/2/hi/americas/7631225.stm", "https://nypost.com/2008/09/19/dem-pols-son-was-hacker/", "https://www.foxnews.com/us/palin-set-to-take-stand-in-tenn-hacking-trial" ], "sources_attribution": [ "Not available" ] }, { "ID": 91, "name": "Agent.btz - US;\u00a0Operation Buckshot Yankee (against the breach)", "description": "Classified and unclassified U.S. military networks were infected with worm Agent.btz, which spread at the computers of the DOD and CENTCOM. The worm is attributed to Russia, specifically by US Intelligence, and is associated with Turla, according to Kasperski lab analysis, though members of the US military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government.", "added_to_DB": "2022-08-15", "start_date": "2008-10-01", "end_date": "Not available", "updated_at": "2023-05-22", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "91_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 122, "settled": null, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] }, { "attribution_id": 123, "settled": true, "attribution_year": 2008, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2008" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html?utm_term=.3da4823e8b45", "http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28", "https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/", "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", "https://www.technewsworld.com/story/70699.html", "https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/", "https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html", "https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln", "https://www.wired.com/story/turla-history-russia-fsb-hackers/", "https://www.databreaches.net/the-underground-history-of-russias-most-ingenious-hacker-group/", "https://socradar.io/apt-profile-turla/" ], "sources_attribution": [ "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", "https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/", "https://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html", "https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln" ] }, { "ID": 92, "name": "Indian Hacktivists vs. Pakistan", "description": "OGRAs Website hacked\u00a0by Indian Hackers, named HMG.", "added_to_DB": "2022-08-15", "start_date": "2008-11-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "92_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Hindu Militant Group" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 124, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Hindu Militant Group" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://propakistani.pk/2008/11/18/ogra-defacement-or-welcome/" ], "sources_attribution": [ "Not available" ] }, { "ID": 93, "name": "Pakistan Hacktivists vs. India", "description": "In response to an action by HMG, Indian scriptkiddie, who hacked OGRA\u2019s website, A Pakistani Group called PCA (Pakistan CyberArmy) has reportedly hacked at least five Indian websites", "added_to_DB": "2022-08-15", "start_date": "2008-11-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "93_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Pakistan Cyber Army" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 125, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pakistan Cyber Army" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://propakistani.pk/2008/11/24/here-we-go-again/" ], "sources_attribution": [ "Not available" ] }, { "ID": 94, "name": "Operation CastLead", "description": "Israel began a military assault on Hamas\u2019s infrastructure in Gaza on December 27, 2008, called \u201cOperation CastLead.\u201d A cyberbacklash by Arabic hackers targeted thousands of Israeli government and civilian Websites. In a later stage of the conflict, Anonymous was also involved.", "added_to_DB": "2022-08-15", "start_date": "2008-12-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "94_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Other" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous/Arabic Hackers" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 126, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous/Arabic Hackers" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://web.mit.edu/smadnick/www/wp/2017-10.pdf", "http://web.mit.edu/smadnick/www/wp/2017-10.pdf" ], "sources_attribution": [ "http://web.mit.edu/smadnick/www/wp/2017-10.pdf" ] }, { "ID": 95, "name": "French embassy in Beijing Hack", "description": "The website of the French embassy in Beijing has apparently come under a cyber-attack after President Nicolas Sarkozy outraged China by meeting Tibetan spiritual leader, the Dalai Lama.", "added_to_DB": "2022-08-15", "start_date": "2008-12-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "95_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 127, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://zeenews.india.com/news/world/french-embassy-website-in-china-hacked_490316.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 96, "name": "Gaza Offense Attack", "description": "Israel's government website paralyzed by hackergroup,\u00a0Israeli officials believe it may have been carried out by a criminal organization from the former Soviet Union, and paid for by Hamas or Hezbollah.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "96_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 128, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.haaretz.com/1.5065382" ], "sources_attribution": [ "Not available" ] }, { "ID": 97, "name": "Insurgent Drone Hack", "description": "Iraqi insurgents hack US drones and intercept live video feeds, backing by Iran suggested", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "97_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iraq" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 129, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iraq" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2009/dec/17/skygrabber-american-drones-hacked" ], "sources_attribution": [ "Not available" ] }, { "ID": 98, "name": "Platinum Group", "description": "Platinum has been targeting its victims since at least as early as 2009, and may have been active for several year sprior. Like many such groups, Platinum seeks to steal sensitive intellectual property related to government interests, but its range of preferred targets is consistently limited to specific governmental organizations, defense institutes, intelligence agencies, diplomatic institutions, and telecommunication providers in South and Southeast Asia.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "98_0", "receiver_name": null, "receiver_country": "Malaysia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "98_1", "receiver_name": null, "receiver_country": "Indonesia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "98_2", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "98_3", "receiver_name": null, "receiver_country": "Singapore", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "98_4", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "98_5", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] } ], "initiator_name": [ "Platinum" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 130, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Platinum" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc" ], "sources_attribution": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://www.microsoft.com/security/blog/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc" ] }, { "ID": 99, "name": "Winnti Umbrella aka Axiom aka DeputyDog", "description": "Chinese State-Espionage Group Winnti Umbrella conducted espionage against targets since 2009.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "99_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "99_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "99_2", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "99_3", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "99_4", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] } ], "initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 131, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://401trg.com/burning-umbrella/" ], "sources_attribution": [ "https://401trg.com/burning-umbrella/" ] }, { "ID": 100, "name": "NSA vs. Credit Card Companies", "description": "The NSA spied on various worldwide creditcard companies", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "100_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 132, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 133, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 101, "name": "Project Mystic", "description": "The NSA accessed various worldwide communication networks and wire tapped the corresponding communications", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "101_0", "receiver_name": null, "receiver_country": "Bahamas", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] }, { "receiver_id": "101_1", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] }, { "receiver_id": "101_2", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] }, { "receiver_id": "101_3", "receiver_name": null, "receiver_country": "Kenya", "receiver_region": "SSA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] }, { "receiver_id": "101_4", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 134, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 135, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://theintercept.com/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/" ], "sources_attribution": [ "Not available" ] }, { "ID": 102, "name": "DarkUniverse", "description": "Various civilian and military institutions were hacked by the Duke campaign via spear-phishing", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "102_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_1", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_2", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_3", "receiver_name": null, "receiver_country": "Tanzania", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_4", "receiver_name": null, "receiver_country": "Ethiopia", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_5", "receiver_name": null, "receiver_country": "Sudan", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_6", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_7", "receiver_name": null, "receiver_country": "Belarus", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] }, { "receiver_id": "102_8", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Military", "Criminal", "Not available" ] } ], "initiator_name": [ "DarkUniverse" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 136, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "DarkUniverse" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/", "https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/" ], "sources_attribution": [ "https://threatpost.com/darkuniverse-apt-targeted-spy-attacks/149927/", "https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/" ] }, { "ID": 103, "name": "Operation Troy: North Korean State Sponsored Lazarus Group Conducts DDoS Attacks Against US and South Korean Targets in July 2009", "description": "Operation Troy is one of the earliest known cyber espionage campaigns by the Lazarus Group, which took place between 2009 and 2012. It was primarily directed against the South Korean government in Seoul, but also against American targets and mostly utilised DDoS attacks, which were already considered unsophisticated but effective at the time. \nThe first major incident in this operation, often referred to as the first wave, occurred on 4 July 2009 (on the Independence Day in the United States) and affected both the US and South Korea, hitting sites such as government entities like the White House and the Pentagon, but also the New York Stock Exchange, the Washington Post, NASDAQ and Amazon. \nOn 7 and 9 July (unofficially the second and third waves), mainly targeted South Korean entities such as the Ministry of Defence, National Intelligence Service, National Assembly and South Korean banks, but also the US State Department. \nThe attacks were carried out using the malware programmes Mydoom and Dozer, which attacked numerous websites and marked the \"Independence Day reminder\" in the master boot record (MBR) of the affected systems.", "added_to_DB": "2022-08-15", "start_date": "2009-07-04", "end_date": "2009-07-09", "updated_at": "2023-12-08", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Not available", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "103_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Legislative", "Civil service / administration", "Judiciary", "Intelligence agencies" ] }, { "receiver_id": "103_1", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Finance", "Not available", "Legislative", "Civil service / administration", "Judiciary" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 15004, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf", "https://www.group-ib.com/blog/lazarus", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ], "sources_attribution": [ "https://www.group-ib.com/blog/lazarus", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ] }, { "ID": 104, "name": "Chinese Attack on South Korea 2009", "description": "South Korea\u2019s primary intelligence agency claimed that China-based hackers stole confidential material from the country\u2019s diplomatic and security services", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "104_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Intelligence agencies" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 138, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fastcompany.com/1696014/south-koreas-power-structure-hacked-digital-trail-leads-china" ], "sources_attribution": [ "Not available" ] }, { "ID": 105, "name": "Duqu", "description": "Stuxnet- related malware Duqu targets industrial infrastructure targets around the world, especially in Iran.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "105_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_2", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_3", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_4", "receiver_name": null, "receiver_country": "Hungary", "receiver_region": "EASTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_5", "receiver_name": null, "receiver_country": "Netherlands", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_6", "receiver_name": null, "receiver_country": "Indonesia", "receiver_region": "SEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_7", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_8", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "105_9", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 139, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf", "https://www.crysys.hu/publications/files/bencsathPBF11duqu.pdf", "https://theintercept.com/2014/11/12/stuxnet/" ], "sources_attribution": [ "https://theintercept.com/2014/11/12/stuxnet/" ] }, { "ID": 106, "name": "Campaign \"Sandworm\" - 2009", "description": "A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2024-01-17", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "106_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Social groups", "Other" ], "receiver_category_subcode": [ "Military", "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available" ] }, { "receiver_id": "106_1", "receiver_name": null, "receiver_country": "Poland", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Social groups", "Other" ], "receiver_category_subcode": [ "Military", "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available" ] }, { "receiver_id": "106_2", "receiver_name": null, "receiver_country": "Slovakia", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Social groups", "Other" ], "receiver_category_subcode": [ "Military", "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available" ] }, { "receiver_id": "106_3", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Social groups", "Other" ], "receiver_category_subcode": [ "Military", "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available" ] }, { "receiver_id": "106_4", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Social groups", "Other" ], "receiver_category_subcode": [ "Military", "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available" ] } ], "initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 3249, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.wired.com/2014/10/russian-sandworm-hack-isight/" ], "sources_attribution": [ "Not available" ] }, { "ID": 107, "name": "Operation \"Snowglobe\"", "description": "A collection of computer trojans that have been used since 2009 to steal data from government agencies, military contractors, media organizations and other companies is tied to cyber espionage malware possibly created by French intelligence agencies, according to a presentation by the Communications Security Establishment of Canada (until 2014 reffered to as CSEC), created in 2011 and revealed by Edward Snowden.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-10-27", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "107_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_1", "receiver_name": null, "receiver_country": "Netherlands", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_2", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_3", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_4", "receiver_name": null, "receiver_country": "Algeria", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_5", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_6", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_7", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_8", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] }, { "receiver_id": "107_9", "receiver_name": null, "receiver_country": "Norway", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Not available", "Not available" ] } ], "initiator_name": [ "Snowglobe/Animal Farm" ], "initiator_country": [ "France" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 6176, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Canada" ], "attributing_actor": [ "Communications Security Establishment Canada (CSEC)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Snowglobe/Animal Farm" ], "attributed_initiator_country": [ "France" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 6177, "settled": false, "attribution_year": 2015, "attribution_month": 3, "attribution_day": 6, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Russia" ], "attributing_actor": [ "Kaspersky" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Snowglobe/Animal Farm" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015-3-6" ] }, { "attribution_id": 6178, "settled": false, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Snowglobe/Animal Farm" ], "attributed_initiator_country": [ "France" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Data Exfiltration" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "Not available" ], "hijacking": [ "Not available" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html", "https://www.cfr.org/interactive/cyber-operations/search?keys=Animal" ], "sources_attribution": [ "https://www.computerworld.com/article/2894379/cyberespionage-arsenal-could-be-tied-to-french-intelligence.html", "https://www.cfr.org/interactive/cyber-operations/search?keys=Animal" ] }, { "ID": 108, "name": "NSA vs. Chinese telecommunication (Operation Shotgiant)", "description": "The United States government (NSA) is hacking Chinese mobile phone companies, amongst others Huawei, since 2009 to gather data from millions of text messages", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-09-22", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "108_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 144, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 145, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.telegraph.co.uk/news/worldnews/asia/hongkong/10137215/Edward-Snowden-claims-US-hacks-Chinese-phone-messages.html", "https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html", "https://www.wired.com/story/kia-hyundai-car-thefts-us-security-roundup/" ], "sources_attribution": [ "Not available" ] }, { "ID": 109, "name": "NSA vs. Tshinghua University (Operation Shotgiant)", "description": "The NSA is also hacking Tsinghua University, \"which is home to one of the mainland's six major backbone networks from where Internetdata from millions of Chinese citizens can be gathered\"", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-06-30", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Not available", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "109_0", "receiver_name": "Tsinghua University", "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Education" ], "receiver_category_subcode": [ "Civil service / administration", "Research", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group", "NSA/Equation Group" ], "initiator_country": [ "United States", "United States" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 10766, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 10767, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 110, "name": "NSA vs. Pacnet (Operation Shotgiant)", "description": "The NSA was hacking Asia Pacific fibre-optic network operator Pacnet to steal millions of text messages", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "110_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 148, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 149, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 111, "name": "Panama-Pegasus-Software", "description": "The president from Panama used the Pegasus Spyware to spy on members of the opposition in congress.", "added_to_DB": "2022-08-15", "start_date": "2009-01-01", "end_date": "Not available", "updated_at": "2023-04-05", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "111_0", "receiver_name": null, "receiver_country": "Panama", "receiver_region": "CENTAM", "receiver_category": [ "State institutions / political system", "Social groups", "Social groups" ], "receiver_category_subcode": [ "Legislative", "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Panama" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 151, "settled": null, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Panama" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017" ] }, { "attribution_id": 150, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Panama" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program" ], "sources_attribution": [ "https://www.univision.com/univision-news/latin-america/growing-scandal-in-latin-america-over-pegasus-spy-hacking-program" ] }, { "ID": 112, "name": "DDOS against Kyrgyz Internet", "description": "Presumably\u00a0Russian hackers conduct DDoS attack against Kyrgyz Internet server provider website", "added_to_DB": "2022-08-15", "start_date": "2009-01-18", "end_date": "2009-01-18", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "112_0", "receiver_name": null, "receiver_country": "Kyrgyzstan", "receiver_region": "SCS", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 152, "settled": true, "attribution_year": 2009, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.secureworks.com/blog/research-20957" ], "sources_attribution": [ "Not available" ] }, { "ID": 113, "name": "Chinese Attack against Bill Nelson", "description": "Chinese Hackers break into US Senator Bill Nelson's office computers", "added_to_DB": "2022-08-15", "start_date": "2009-02-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "113_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 153, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cfr.org/interactive/cyber-operations/compromise-office-senator-ben-nelson", "http://web.archive.org/web/20090323095526/http://www.cqpolitics.com/wmspage.cfm?docid=news-000003080993", "https://www.govinfosecurity.com/senator-office-computers-breached-a-1305" ], "sources_attribution": [ "https://www.govinfosecurity.com/senator-office-computers-breached-a-1305" ] }, { "ID": 114, "name": "FAA-Hack 2009", "description": "FAA Computer Hacked, 45,000 Names Accessed, culprit unknown.", "added_to_DB": "2022-08-15", "start_date": "2009-02-04", "end_date": "2009-02-10", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "114_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 154, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.crn.com/news/security/213402688/faa-computer-hacked-45000-names-accessed.htm?itc=refresh", "https://fcw.com/articles/2009/02/23/faa-data-breach.aspx" ], "sources_attribution": [ "https://fcw.com/articles/2009/02/23/faa-data-breach.aspx" ] }, { "ID": 115, "name": "Attack on US DHS", "description": "Unknown hackers steal\u00a0personal data from US Homeland Security\u00a0Information Network", "added_to_DB": "2022-08-15", "start_date": "2009-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "115_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 155, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx" ], "sources_attribution": [ "Not available" ] }, { "ID": 116, "name": "2chan Hack", "description": "In march 2009, the Korean netizens mounted an attack on Japan\u2019s largest Internet site, 2ch(www.2ch.net).", "added_to_DB": "2022-08-15", "start_date": "2009-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "116_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Republic of" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 156, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Republic of" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 117, "name": "Retaliation for 2chan Hack", "description": "Japanese Internet warriors assaulted the Website of the South Korea\u2019s Presidential Office.", "added_to_DB": "2022-08-15", "start_date": "2009-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "117_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Japan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 157, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Japan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html" ], "sources_attribution": [ "http://www.koreatimes.co.kr/www/news/nation/2010/08/113_71421.html" ] }, { "ID": 118, "name": "Power Grid US Incident", "description": "According to a Wall Street Journal report citing details from anonymous current and former US security officials, cyber spies have infiltrated the US power grid and left behind software programmes that could be used to disrupt the grid.\nThe threat actors are believed to have been on a mission to navigate the US power grid and its controls. While the intruders did not attempt to damage the power grid or other critical infrastructure, officials warned that they could try to do so in the event of a crisis or war.\nThe intruders were not detected by the companies responsible for the infrastructure, but by US intelligence agencies, officials said.\nOfficials said other infrastructure systems, such as water or sewage systems, were also at risk. \n", "added_to_DB": "2022-08-15", "start_date": "2009-04-01", "end_date": "Not available", "updated_at": "2023-03-16", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "118_0", "receiver_name": "Not available", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China", "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8799, "settled": true, "attribution_year": 2009, "attribution_month": 4, "attribution_day": 8, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Cyber espionage" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China", "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009-4-8" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.wsj.com/articles/SB123914805204099085", "https://twitter.com/vmyths/status/1626657235047702543", "https://www.computerworld.com/article/2524012/report--cybercriminals-have-penetrated-u-s--electrical-grid.html", "https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf" ], "sources_attribution": [ "https://www.fbiic.gov/public/2009/april/ElectricityGrid_in_U.S.PenetratedBySpies-WSJ.com.pdf" ] }, { "ID": 119, "name": "Operation Dreadnought", "description": "The NSA spied on the iranian leader Ayatollah Khamenei.", "added_to_DB": "2022-08-15", "start_date": "2009-05-01", "end_date": "Not available", "updated_at": "2023-07-03", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "119_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "NSA/Equation Group", "GCHQ" ], "initiator_country": [ "United States", "United Kingdom" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8544, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 8545, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-nsa.html?_r=0&pagewanted=all" ], "sources_attribution": [ "Not available" ] }, { "ID": 120, "name": "Fourth of July Incident", "description": "Presumably North Korea or pro-North Korean group(s) temporarily jams South Korean and US government and commercial websites.", "added_to_DB": "2022-08-15", "start_date": "2009-07-04", "end_date": "2009-07-09", "updated_at": "2023-11-30", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "120_0", "receiver_name": "National Intelligence Service (South Korea)", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] }, { "receiver_id": "120_1", "receiver_name": "New York Stock Exchange", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] }, { "receiver_id": "120_2", "receiver_name": "Korean Ministry of Public Administration and Security", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "120_3", "receiver_name": "White House", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "120_4", "receiver_name": "Korean Blue House", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "120_5", "receiver_name": "Pentagon", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "120_6", "receiver_name": "NASDAQ", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] }, { "receiver_id": "120_7", "receiver_name": "Korean National Assembly", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "120_8", "receiver_name": "US State Department", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "120_9", "receiver_name": "Korean Ministry of Public Administration and Security", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 14701, "settled": false, "attribution_year": 2009, "attribution_month": 7, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Korea, Republic of" ], "attributing_actor": [ "Korea Communications Commission " ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009-7" ] }, { "attribution_id": 14702, "settled": true, "attribution_year": 2009, "attribution_month": 7, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Korea, Republic of" ], "attributing_actor": [ "National Intelligence Service (South Korea)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009-7" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2009/07/09/technology/09cyber.html", "https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ], "sources_attribution": [ "https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/", "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ] }, { "ID": 121, "name": "Melbourne Film Festival Hack", "description": "Chinese hack Melbourne film festival site to protest at Uighur documentary", "added_to_DB": "2022-08-15", "start_date": "2009-07-25", "end_date": "2009-07-25", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "121_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 163, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china", "https://freedomhouse.org/sites/default/files/FOTN2011.pdf" ], "sources_attribution": [ "https://www.theguardian.com/world/2009/jul/26/rebiya-kadeer-melbourne-film-china", "https://freedomhouse.org/sites/default/files/FOTN2011.pdf" ] }, { "ID": 122, "name": "Russian DDOS against US companies", "description": "Anti-Georgia Russian hackers may have been behind yesterday's global cyberattacks on Google, Facebook and Twitter. The organised webassaults completely shutdown socialnetworking site Twitter and disrupted access to Facebook\u2014nearly a year to the day since the outbreak of the Georgia-Russia war.", "added_to_DB": "2022-08-15", "start_date": "2009-08-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "122_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 164, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.foxnews.com/story/russian-hackers-eyed-in-attack-on-twitter-google-and-facebook" ], "sources_attribution": [ "Not available" ] }, { "ID": 123, "name": "Longterm Proxy Hacking Campaign", "description": "Two Chinese hackers were charged in 2020 to have operated a longterm hacking campaign against various targets in the western world, but mostly against the United States. Some of their attacks were on behalf of the Chinese MSS", "added_to_DB": "2022-08-15", "start_date": "2009-09-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "123_0", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_1", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_2", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_3", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_4", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_5", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_6", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_7", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_8", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "123_9", "receiver_name": null, "receiver_country": "Lithuania", "receiver_region": "NORTHEU", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "MSS" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 13898, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MSS" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cyberdefensemagazine.com/us-doj-charged-two-chinese-hackers-working-with-mss/" ], "sources_attribution": [ "Not available" ] }, { "ID": 124, "name": "Climategate: Russia's security service presumably leaked University of East Anglia emails about climate change data manipulation in November 2009", "description": "In November 2009, the controversial \"Climategate\" emails were leaked, potentially jeopardizing the upcoming Copenhagen summit on global warming. These emails, believed to be leaked by Russian security services, originated from a small web server in Tomsk, Siberia, and implicated the Climatic Research Unit (CRU) and its director, Professor Phil Jones, in manipulating climate change data. The incident involved hackers breaching the CRU server at the University of East Anglia, copying and distributing thousands of emails and files. Although climate change denialists claimed a scientific conspiracy, subsequent investigations found no evidence of fraud or misconduct. The mainstream media covered the story, and experts affirmed the unchanged scientific consensus on human-caused global warming. The investigation into the security breach revealed that it appeared to be a remote internet attack that was unrelated to the university. Furthermore, no perpetrator could be identified with absolute certainty.", "added_to_DB": "2022-08-15", "start_date": "2009-11-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "124_0", "receiver_name": "University of East Anglia (UEA)", "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Education" ], "receiver_category_subcode": [ "Civil service / administration", "Research", "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 10765, "settled": true, "attribution_year": 2009, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2009" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.dailymail.co.uk/news/article-1233562/Emails-rocked-climate-change-campaign-leaked-Siberian-closed-city-university-built-KGB.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 125, "name": "Operation Aurora", "description": "China hacks into Gmail accounts to steal intellectual property and to spy on Chinese humanrights activists. Later attributed to APT 17 aka DeputyDog.", "added_to_DB": "2022-08-15", "start_date": "2009-12-01", "end_date": "Not available", "updated_at": "2023-12-04", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "125_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "125_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 14781, "settled": false, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Google" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] }, { "attribution_id": 14783, "settled": false, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] }, { "attribution_id": 14782, "settled": true, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns", "https://new.qq.com/rain/a/20240402A00R3900", "https://401trg.com/burning-umbrella/", "https://www.darkreading.com/attacks-and-breaches/google-aurora-hack-was-chinese-counterespionage-operation/d/d-id/1110060", "https://googleblog.blogspot.com/2010/01/new-approach-to-china.html", "https://www.wired.com/2010/01/operation-aurora/", "https://www.theguardian.com/technology/2011/mar/01/morgan-stanley-chinese-hackers", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China", "https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html", "https://www.infopoint-security.de/medien/the-elderwood-project.pdf", "https://web.archive.org/web/20100116101958/http://www.state.gov/secretary/rm/2010/01/135105.htm", "https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/" ], "sources_attribution": [ "https://401trg.com/burning-umbrella/", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China", "https://securityaffairs.co/wordpress/62376/APT /APT 17-hbo-hack.html", "https://www.infopoint-security.de/medien/the-elderwood-project.pdf" ] }, { "ID": 126, "name": "IXESHE", "description": "Numbered Panda spied on multiple east asian governments and companies. The campaign was characterized by a high usage of Zero-Days", "added_to_DB": "2022-08-15", "start_date": "2009-12-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "126_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] }, { "receiver_id": "126_1", "receiver_name": null, "receiver_country": "Eastern Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 170, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 127, "name": "The Flame", "description": "The Stuxnet-related, yet much more sophisticated espionage virus programme \"The Flame\" is massively gathering cellphone data from individuals , state-related organizations or educational institutions", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "127_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_1", "receiver_name": null, "receiver_country": "Palestine", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_2", "receiver_name": null, "receiver_country": "Sudan", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_3", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_4", "receiver_name": null, "receiver_country": "Lebanon", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_5", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "127_6", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 171, "settled": null, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Israel", "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 172, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 173, "settled": null, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Israel", "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cbsnews.com/news/flame-computer-virus-strikes-middle-east-israel-speculation-continues/", "https://securelist.com/the-flame-questions-and-answers-51/34344/", "https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a", "https://www.bbc.com/news/technology-18253331", "https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html" ], "sources_attribution": [ "https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.d186a7b2276a", "https://www.bbc.com/news/technology-18253331", "https://www.nytimes.com/2012/05/30/world/middleeast/iran-confirms-cyber-attack-by-new-virus-called-flame.html" ] }, { "ID": 128, "name": "US-FDIC Hack", "description": "The FBI is investigating how hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China\u2019s military, people with knowledge of the matter said.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "128_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 174, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ" ], "sources_attribution": [ "https://www.reuters.com/article/us-usa-cyber-china-exclusive-idUSKBN14C1UJ" ] }, { "ID": 129, "name": "Malaysian Opposition Attacks", "description": "Opposition websites such as the official site of the People\u2019s Justice Party and the blog of its leader, Anwar Ibrahim, suffered DDoS attacks in 2010.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "129_0", "receiver_name": null, "receiver_country": "Malaysia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Social groups", "Social groups" ], "receiver_category_subcode": [ "Political parties", "Political opposition / dissidents / expats", "Other social groups" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Malaysia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 175, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Malaysia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://freedomhouse.org/sites/default/files/FOTN2011.pdf" ], "sources_attribution": [ "https://freedomhouse.org/sites/default/files/FOTN2011.pdf" ] }, { "ID": 130, "name": "Turla aka Uroburos aka Snake 2010", "description": "A cyberespionage campaign involving malware known as Wipbot and Turla has systematically targeted the governments and embassies of a number of former Eastern Bloc countries. It was linked by Gdata to the Russian attack named \"agent.btz\" on the US\u00a0in 2008.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-07-06", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "130_0", "receiver_name": null, "receiver_country": "Eastern Europe", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 176, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/information-technology/2014/12/powerful-highly-stealthy-linux-trojan-may-have-infected-victims-for-years/", "https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln", "https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512", "https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307", "https://www.hackread.com/fbi-gchq-foil-russian-malware-hacking-tool/" ], "sources_attribution": [ "https://www.gdata.de/blog/2014/02/23822-uroburos-hochkomplexe-spionagesoftware-mit-russischen-wurzeln", "https://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats?SID=100098X1555750Xdf4d5a6a4ef66a0739b0faac73a709c2&API1=100&API2=3641000&cjid=3641000&cjevent=f3f3d539e9d811e981cb00950a180512", "https://www.reuters.com/article/us-russia-cyberespionage-insight/suspected-russian-spyware-turla-targets-europe-united-states-idUSBREA260YI20140307" ] }, { "ID": 131, "name": "ISI-India Military Major-Hack", "description": "A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many sensitive documents, intelligence sources said.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "131_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Inter-Services Intelligence" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 177, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Inter-Services Intelligence" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/05/isi-pakistan-hack-email-account-of.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 132, "name": "Operation Iron TigerPart1/Emissary Panda", "description": "The Iron Tiger actors targeted the education industry in China, political dissidents in Hong Kong, government agencies in the Philippines, and political targets in Tibet back to 2010. The evidence revealed that they can be Chinese-speaking individuals. The choice of nickname shows ties to traditional cybercrime.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-05-16", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "132_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Social groups", "Social groups", "Other" ], "receiver_category_subcode": [ "Not available", "Ethnic", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "132_1", "receiver_name": null, "receiver_country": "Hong Kong", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Social groups", "Social groups", "Other" ], "receiver_category_subcode": [ "Not available", "Ethnic", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "132_2", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Social groups", "Social groups", "Other" ], "receiver_category_subcode": [ "Not available", "Ethnic", "Political opposition / dissidents / expats", "Not available" ] } ], "initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 178, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf", "https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177", "https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html" ], "sources_attribution": [ "https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177" ] }, { "ID": 133, "name": "TurbinePanda", "description": "Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies\u2019 computer systems in the United States and abroad for over five years. The conspirators\u2019 ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbo fan engine used in commercial airliners. Crowdstrike dubbed the Group \"TurbinePanda\".", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company", "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "133_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation", "Not available", "Defence industry" ] }, { "receiver_id": "133_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation", "Not available", "Defence industry" ] }, { "receiver_id": "133_2", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation", "Not available", "Defence industry" ] }, { "receiver_id": "133_3", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation", "Not available", "Defence industry" ] } ], "initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 13901, "settled": false, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 13902, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement/report and indictment / sanctions" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/", "https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/", "https://www.csoonline.com/article/3445230/china-supported-c919-airliner-development-through-cyberespionage.html", "https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal", "https://www.justice.gov/opa/press-release/file/1106491/download", "https://www.darkreading.com/ics-ot/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns" ], "sources_attribution": [ "https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal", "https://www.justice.gov/opa/press-release/file/1106491/download" ] }, { "ID": 134, "name": "SqueakyDolphin", "description": "The british GCHQ spied on the users of the platforms of YouTube and Facebook", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "134_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Telecommunications", "Not available" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 182, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 181, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook" ], "sources_attribution": [ "Not available" ] }, { "ID": 135, "name": "Chinese Military Espionage against US Chamber of Commerce", "description": "Chinese hackers with connection to the Chinese military eavesdrop the US Chamber of Commerce", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-05-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "135_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 183, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://abcnews.go.com/International/chinese-hack-us-chamber-commerce-authorities/story?id=15207642" ], "sources_attribution": [ "Not available" ] }, { "ID": 136, "name": "ElMachete", "description": "\u201cMachete\u201dis a targeted attack campaign with Spanish speaking roots. We believe this campaign started in 2010 and was renewed with an improved infrastructure in 2012.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-11-23", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "136_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_1", "receiver_name": null, "receiver_country": "Ecuador", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_2", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_3", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_4", "receiver_name": null, "receiver_country": "Cuba", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_5", "receiver_name": null, "receiver_country": "Colombia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] }, { "receiver_id": "136_6", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available" ] } ], "initiator_name": [ "El Machete" ], "initiator_country": [ "Brazil" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 184, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "El Machete" ], "attributed_initiator_country": [ "Brazil" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/el-machete/66108/", "https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html" ], "sources_attribution": [ "https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html" ] }, { "ID": 137, "name": "Belgacom-Hack", "description": "Documents from the archive of whistleblower Edward Snowden indicate that Britain's GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "137_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 185, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 186, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html", "https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/" ], "sources_attribution": [ "https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/" ] }, { "ID": 138, "name": "Operation DustStorm", "description": "Multi-year, multi-attack campaign against critical Infrastrucure\u00a0companies mostly in Japan last years since 2015, but also in South Korea, U.S., Europe and countries in Southeast Asia, revealed by\u00a0Cylance, partly using vulnerabilities, with purpose of long-term data exfiltration and theft. APT 1 has been attributed as a possible suspect.", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "138_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Transportation", "Finance", "Not available" ] }, { "receiver_id": "138_1", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Transportation", "Finance", "Not available" ] }, { "receiver_id": "138_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Transportation", "Finance", "Not available" ] }, { "receiver_id": "138_3", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Transportation", "Finance", "Not available" ] }, { "receiver_id": "138_4", "receiver_name": null, "receiver_country": "Southeast Asia (region)", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Transportation", "Finance", "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 187, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.helpnetsecurity.com/2016/02/24/japanese-critical-infrastructure-under-targeted-attack/", "https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/" ], "sources_attribution": [ "https://threatpost.com/five-year-dust-storm-APT -campaign-targets-japanese-critical-infrastructure/116436/" ] }, { "ID": 139, "name": "Operation Hangover", "description": "Private hackers spy on targets with national security interests and privatesector", "added_to_DB": "2022-08-15", "start_date": "2010-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "139_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] }, { "receiver_id": "139_1", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] }, { "receiver_id": "139_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] }, { "receiver_id": "139_3", "receiver_name": null, "receiver_country": "Norway", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] }, { "receiver_id": "139_4", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Telecommunications", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 188, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Norman_HangOver%20report_Executive%20Summary_042513.pdf", "https://www.symantec.com/connect/blogs/operation-hangover-qa-attacks" ], "sources_attribution": [ "Not available" ] }, { "ID": 140, "name": "Anonymous vs. Australian Parliament", "description": "Anonymous disrupts Australian Parliament website\u00a0in protest of online filter", "added_to_DB": "2022-08-15", "start_date": "2010-02-10", "end_date": "2010-02-10", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "140_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 189, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.pcworld.com/article/189023/article.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 141, "name": "Bauxit War", "description": "Vietnamese malware infects Vietnamese computers to disrupt and spy on their owners trying to squelch opposition to Chinese bauxite mining efforts in Vietnam, according to Human Rights Watch and McAfee.", "added_to_DB": "2022-08-15", "start_date": "2010-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company", "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "141_0", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "Social groups", "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Vietnam" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 190, "settled": null, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] }, { "attribution_id": 192, "settled": true, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "2010" ] }, { "attribution_id": 191, "settled": null, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://security.googleblog.com/2010/03/chilling-effects-of-malware.html", "https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics" ], "sources_attribution": [ "https://www.hrw.org/news/2010/05/26/vietnam-stop-cyber-attacks-against-online-critics" ] }, { "ID": 142, "name": "RioTinto hacks", "description": "Chinese hackers\u00a0into\u00a0RioTinto IT system to target key employees and to steal valuable company information, allegedly to gain competition advantage", "added_to_DB": "2022-08-15", "start_date": "2010-03-01", "end_date": "Not available", "updated_at": "2023-12-04", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "142_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "142_1", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 14717, "settled": false, "attribution_year": 2010, "attribution_month": 4, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Abc" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010-4" ] }, { "attribution_id": 14718, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.itnews.com.au/news/abc-fingers-china-over-cyber-attacks-172554" ], "sources_attribution": [ "Not available" ] }, { "ID": 143, "name": "Government Income Leak", "description": "Hackers leak the real incomes of Latvian government officals", "added_to_DB": "2022-08-15", "start_date": "2010-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "143_0", "receiver_name": null, "receiver_country": "Latvia", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "People\u2019s Army of the Fourth Awakening (Latvia)" ], "initiator_country": [ "Latvia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 195, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "People\u2019s Army of the Fourth Awakening (Latvia)" ], "attributed_initiator_country": [ "Latvia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://hackertarget.com/when-neo-hacked-the-latvian-srs-database/" ], "sources_attribution": [ "Not available" ] }, { "ID": 144, "name": "Chinese Espionage against US-Mail", "description": "China's cyber spies have accessed the private emails of \u201cmany\u201dtop Obama administration officials ,according to a senior U.S. intelligence official and a top secret document obtained by NBC News,and have been doing so since at least April 2010.", "added_to_DB": "2022-08-15", "start_date": "2010-04-01", "end_date": "Not available", "updated_at": "2023-05-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "144_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Dancing Panda/Legion Amethyst" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 196, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Dancing Panda/Legion Amethyst" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2015/aug/10/chinese-national-security-officials-hack", "https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046" ], "sources_attribution": [ "https://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046" ] }, { "ID": 145, "name": "The great SIM Heist", "description": "The British GCHQ and the American NSA stole certificates from the most important sim manufacturer.", "added_to_DB": "2022-08-15", "start_date": "2010-04-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "145_0", "receiver_name": null, "receiver_country": "Netherlands", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "NSA/Equation Group", "GCHQ" ], "initiator_country": [ "United States", "United Kingdom" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8671, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 8672, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://theintercept.com/2015/02/19/great-sim-heist/" ], "sources_attribution": [ "Not available" ] }, { "ID": 146, "name": "Shadow Network", "description": "Chinese spies\u00a0steel topsecret files from the Indian Defence Ministry and obtain emails from Dalai Lama office servers", "added_to_DB": "2022-08-15", "start_date": "2010-04-02", "end_date": "2010-04-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "146_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Religious", "Not available", "Not available" ] }, { "receiver_id": "146_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Religious", "Not available", "Not available" ] }, { "receiver_id": "146_2", "receiver_name": null, "receiver_country": "United Nations Organization", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Religious", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 199, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Resources", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2010/apr/06/cyber-spies-china-target-india", "https://economictimes.indiatimes.com/tech/internet/china-rejects-allegations-of-hacking-indian-defence-websites/articleshow/5767336.cms", "https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf" ], "sources_attribution": [ "https://citizenlab.ca/wp-content/uploads/2017/05/shadows-in-the-cloud.pdf" ] }, { "ID": 147, "name": "Chinese Hack into South Korean military networks 2010", "description": "Chinese computer hackers last June gained access to secret South Korean military files on a planned spy plane purchase from the United States, a Seoul law maker says.", "added_to_DB": "2022-08-15", "start_date": "2010-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "147_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 200, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/03/china-hackers-hacked-into-secret-south.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 148, "name": "GCHQ vs. Al-Qaida newspaper", "description": "White hall sources have revealed that British intelligence officers successfully sabotaged the launch of the first English language website set up by an al-Qaida affiliate. The officers, understood to be based at Government Communications Headquarters (GCHQ) in Cheltenham, attacked an online jihadist magazine in English called Inspire, devised by supporters of al-Qaida in the Arabian Peninsula.", "added_to_DB": "2022-08-15", "start_date": "2010-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "148_0", "receiver_name": null, "receiver_country": "Yemen", "receiver_region": "MEA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 201, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/uk/2011/jun/02/british-intelligence-ruins-al-qaida-website" ], "sources_attribution": [ "Not available" ] }, { "ID": 149, "name": "Turkey Censor Protest", "description": "The websites of the Ministry of Transportation, the Information and Communication Technologies Authority and the Telecommunications Communication Presidency have been inaccessible. These three state bodies are responsible for internet censorship and have been the principal actors behind attempts to block access to YouTube and Google-related services in Turkey.", "added_to_DB": "2022-08-15", "start_date": "2010-06-18", "end_date": "2018-10-18", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "149_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Civil service / administration", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 202, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://freedomhouse.org/sites/default/files/FOTN2011.pdf", "https://www.theregister.co.uk/2010/06/18/turkey_dos_attack/" ], "sources_attribution": [ "https://freedomhouse.org/sites/default/files/FOTN2011.pdf" ] }, { "ID": 150, "name": "Italian Intelligence agency steals sensitive defence data from Indian Embassy", "description": "Italian Intelligence agency steals sensitive defence data from Indian Embassy", "added_to_DB": "2022-08-15", "start_date": "2010-06-22", "end_date": "2010-06-22", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "150_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC)" ], "initiator_country": [ "Italy" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 204, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC)" ], "attributed_initiator_country": [ "Italy" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 203, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection(CNAIPIC)" ], "attributed_initiator_country": [ "Italy" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/italian-intelligence-agency-cnaipic.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 151, "name": "BKA Doxxing", "description": "Unknown hackers hack into German Federal Police and Customs\u00a0computers and publish stolen documents online", "added_to_DB": "2022-08-15", "start_date": "2010-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "151_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "noname-crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 205, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "noname-crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.infosecurity-magazine.com/news/hackers-infiltrate-german-police-and-customs/", "https://www.heise.de/security/meldung/Server-der-Bundespolizei-ausspioniert-1276055.html", "https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html" ], "sources_attribution": [ "https://www.focus.de/digital/computer/tid-22964/angriff-auf-zoll-computer-hacker-ueberlisten-antiviren-software_aid_646219.html" ] }, { "ID": 152, "name": "Anonymous Copyright Operation", "description": "Piracy activists have carried out coordinated attacks on websites owned by the music and film industry. The attacks were declared on notorious message-board 4chan and were reportedly in retaliation for anti-piracy efforts against file-sharing websites.", "added_to_DB": "2022-08-15", "start_date": "2010-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "152_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "152_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "152_2", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "152_3", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 206, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2010/10/07/anonymous_ent_biz_ddos_hits_spain/", "https://www.theregister.co.uk/2010/10/04/ministry_of_sound_ddos/", "https://www.theregister.co.uk/2010/09/22/acs_4chan/", "https://www.bbc.com/news/technology-11371315", "https://www.itnews.com.au/news/operation-payback-directs-ddos-attack-at-afact-233573" ], "sources_attribution": [ "Not available" ] }, { "ID": 153, "name": "Myanmar Election DDoS", "description": "An ongoing computerattack has knocked Burma off the internet, just days ahead of its first election in 20 years. More over, Burmese exiled mediagroups are calling for international support in ending cyberattacks that have crippled two news websites over the past week.The Democratic Voice of Burma (DVB) and TheIrrawaddy magazine, which provide independent coverage of current affairs in Burma,have been the target of intense attacks which it is believed originate from the Burmese government.", "added_to_DB": "2022-08-15", "start_date": "2010-09-27", "end_date": "2010-11-07", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "153_0", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available" ] }, { "receiver_id": "153_1", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Myanmar" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 207, "settled": true, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Myanmar" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.bbc.com/news/technology-11693214" ], "sources_attribution": [ "Not available" ] }, { "ID": 154, "name": "Stealing the NASDAQ", "description": "Hackers, most likely from Russia, manage to hack into NASDAQ and plant malware that\u00a0let several hackergroups operate freely ;another allegations states that the Russian hackers tried to clone the NASDAQ", "added_to_DB": "2022-08-15", "start_date": "2010-10-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "154_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 208, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 209, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/information-technology/2014/07/how-elite-hackers-almost-stole-the-nasdaq/", "https://www.wired.com/2011/03/nsa-investigates-nasdaq-hack/", "https://web.archive.org/web/20170712031930/https://www.bloomberg.com/news/articles/2014-07-17/how-russian-hackers-stole-the-nasdaq" ], "sources_attribution": [ "Not available" ] }, { "ID": 155, "name": "Wikileaks DDoS", "description": "It's possible that the DDoS against Wikileaks was orchestrated by a government in effort to retaliate against the leak and disrupt access to the documents.", "added_to_DB": "2022-08-15", "start_date": "2010-11-30", "end_date": "2010-11-30", "updated_at": "2023-06-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "155_0", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 210, "settled": true, "attribution_year": 2010, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2010" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/information-technology/2010/11/wikileaks-moves-to-amazons-cloud-to-evade-massive-ddos/" ], "sources_attribution": [ "Not available" ] }, { "ID": 156, "name": "[EU] Unknown threat actors targeted French Ministry of Finance in December 2010", "description": "Unknown threat actors targeted the French Ministry of Finance in December 2010, budget minister Francois Baron and a ministry spokesperson confirmed after media reporting about the incident.\nThe attack was only detected in January 2011 and aimed to gain access to information related to the G20 summit in 2011 \u2014 the stolen documents related to international finance and world trade.", "added_to_DB": "2022-08-15", "start_date": "2010-12-01", "end_date": "Not available", "updated_at": "2024-01-25", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "156_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 16502, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://spectrum.ieee.org/riskfactor/telecom/internet/spectacular-cyber-attack-gains-access-to-frances-g20-files", "https://www.france24.com/en/20110307-cyber-attack-french-finance-ministry-g20-presidency-target-baroin" ], "sources_attribution": [ "Not available" ] }, { "ID": 157, "name": "Infiltration of British Foreign Office", "description": "Unknown hackers infiltrates British Foreign Office's staff computers with a data-stealing viruses", "added_to_DB": "2022-08-15", "start_date": "2010-12-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "157_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 212, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2011/feb/06/hacking-william-hague-munich" ], "sources_attribution": [ "Not available" ] }, { "ID": 158, "name": "Pakistani Hackers vs. India", "description": "Pakistani hackergroup shuts down Indian Central Bureau of Investigation website", "added_to_DB": "2022-08-15", "start_date": "2010-12-03", "end_date": "2010-12-03", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "158_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Pakistani Cyber Army" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 213, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pakistani Cyber Army" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.aljazeera.com/news/asia/2010/12/20101241373583977.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 159, "name": "Operation \"Payback\"", "description": "Hackers attack Mastercard, Visa and Postfinance in the so-called \"Operation Payback\" because of the banks refusal to transfer money to Wikileaks accounts.", "added_to_DB": "2022-08-15", "start_date": "2010-12-08", "end_date": "2010-12-08", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "159_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "159_1", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous/4Chan" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 214, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous/4Chan" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.spiegel.de/netzwelt/web/operation-payback-hacker-grossangriff-auf-mastercard-visa-co-a-733520.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 160, "name": "Retaliation for Kim Jong Il Hack", "description": "In recent days hackers from the South have poked fun at the Kim dynasty, rulers of NorthKorea for more than 60 years, and their Northern counter parts retaliated by temporarily disabling a popular South Korean website suspected of being behind the attacks.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "160_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 215, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes" ], "sources_attribution": [ "https://www.theguardian.com/world/2011/jan/11/korea-hackers-mount-cyber-skirmishes" ] }, { "ID": 161, "name": "Ke3chang aka APT 15", "description": "As the crisis in Syria escalates, Fire Eye researchers have discovered a cyberespionage campaign, which is called \u201cKe3chang,\u201d that falsely advertises information updates about the ongoing crisis to compromise MFA networks in Europe", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "161_0", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Defence industry", "Not available" ] } ], "initiator_name": [ "Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 216, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Ke3chang/Vixen Panda/APT15/Nylon Typhoon fka NICKEL/Flea" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 162, "name": "Longhorn Group", "description": "Spying tools and operational protocols of the CIA, detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn, Chinese IT Company Qi'anxin Threat Intelligence Center directly refers to it in its report as the CIA tools.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2024-02-05", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "162_0", "receiver_name": null, "receiver_country": "EU (institutions)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "162_1", "receiver_name": null, "receiver_country": "Mena Region (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "162_2", "receiver_name": null, "receiver_country": "Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "162_3", "receiver_name": null, "receiver_country": "Africa", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] }, { "receiver_id": "162_4", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Longhorn/The Lamberts", "CIA" ], "initiator_country": [ "United States", "United States" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 217, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Longhorn/The Lamberts", "CIA" ], "attributed_initiator_country": [ "United States", "United States" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824", "https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/" ], "sources_attribution": [ "https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824", "https://www.bleepingcomputer.com/news/security/longhorn-cyber-espionage-group-is-actually-the-cia/" ] }, { "ID": 163, "name": "First Phase Dragonfly aka EnergeticBear (2011-2014)", "description": "The Dragonfly group, which is also known by other vendors as EnergeticBear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013. In their campaign against companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies. they used the malware \"Havex\". \nAn US indictment from August 26, 2021 charged three Russian hackers from the Military Unit 71330 or \u201cCenter 16\u201d of the FSB for the campaign. ", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "163_0", "receiver_name": "Not available", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] }, { "receiver_id": "163_1", "receiver_name": "Not available", "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330)", "Mikhail Mikhailovich Gavrilov (FSB Centre 16, Military Unit 71330)", "Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330)" ], "initiator_country": [ "Russia", "Russia", "Russia" ], "initiator_category": [ "State", "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 2340, "settled": false, "attribution_year": 2014, "attribution_month": 7, "attribution_day": 7, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Symantec" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Ghost Blizzard fka BROMINE/Energetic Bear/Berserk Bear/Dragonfly/Crouching Yeti/DYMALLOY/Group 24/Havex/TEMP.Isotope/TG-4192/IRON LIBERTY/G0035/ALLANITE/CASSTLE (FSB Centre 16, Unit 71330))" ], "attributed_initiator_country": [ "Not available" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014-7-7" ] }, { "attribution_id": 2339, "settled": true, "attribution_year": 2022, "attribution_month": 3, "attribution_day": 24, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Indictment" ], "attributing_country": [ "United States" ], "attributing_actor": [ "US Department of Justice (DoJ)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pavel Aleksandrovich Akulov (FSB, Center 16, Military Unit 71330)", "Mikhail Mikhailovich Gavrilov (FSB Centre 16, Military Unit 71330)", "Marat Valeryevich Tyukov (FSB, Center 16, Military Unit 71330)" ], "attributed_initiator_country": [ "Russia", "Russia", "Russia" ], "attributed_initiator_category": [ "State", "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available", "Not available" ], "attribution_full_date": [ "2022-3-24" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "Not available" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical", "https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3", "https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html", "https://www.theguardian.com/world/2022/mar/24/us-charges-russian-hackers-cyber-attacks", "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers" ], "sources_attribution": [ "https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3", "https://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html" ] }, { "ID": 164, "name": "The Jasmine Revolution", "description": "Tunisia\u2019s Jasmine Revolution included the hacking of user names and passwords for the entire online population of Tunisia by AMMAR, the country\u2019s government-run Internet Services Provider.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "164_0", "receiver_name": null, "receiver_country": "Tunisia", "receiver_region": "MENA", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "AMMAR" ], "initiator_country": [ "Tunisia" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 219, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "AMMAR" ], "attributed_initiator_country": [ "Tunisia" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://web.mit.edu/smadnick/www/wp/2017-10.pdf", "https://cpj.org/blog/2011/01/tunisia-invades-censors-facebook-other-accounts.php" ], "sources_attribution": [ "http://web.mit.edu/smadnick/www/wp/2017-10.pdf" ] }, { "ID": 165, "name": "Winnti vs. Gaming Industry", "description": "According to Kasperskys estimations, the Chinese Winnti Group has been active for several years and specializes in cyberattacks against the online video game industry. The group\u2019s main objective is to steal sourcecodes for online game projects as well as the digital certificates of legitimate software vendors. In addition, they are very interested in how network infrastructure (including the production of gaming servers) is setup, and new developments such as conceptual ideas, design and more.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "165_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 220, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://401trg.com/burning-umbrella/", "https://securelist.com/winnti-more-than-just-a-game/37029/" ], "sources_attribution": [ "https://401trg.com/burning-umbrella/" ] }, { "ID": 166, "name": "Winnti vs. Korean Social Media", "description": "South Korea has blamed Chinese hackers (according to an IT company the Winnti Group) for stealing data from 35 million accounts on a popular social network.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "166_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 221, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 222, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://401trg.com/burning-umbrella/", "https://securelist.com/winnti-more-than-just-a-game/37029/", "https://www.bbc.com/news/technology-14323787" ], "sources_attribution": [ "https://401trg.com/burning-umbrella/", "https://securelist.com/winnti-more-than-just-a-game/37029/" ] }, { "ID": 167, "name": "Chinese state-sponsored group APT3 (aka Gothic Panda) spied on Moody`s Analytics from 2011 until January 2014", "description": "Chinese state-sponsored group APT3 (aka Gothic Panda), spied on Moody`s Analytics from 2011 until January 2014, according to an US Department of Justice Indictment from September 2016 against three members of APT3 which were employees of the Chinese IT-company Boyusec, a front for the Ministry of State Security (MSS). APT3 stole communications, which contained proprietary and confidential economic analyses,\nfindings, and opinions from an employee`s email account that was redirected to a fraudulent email account, controlled by one of the indicted Boyusec employees. APT3`s usual initial access vector as described in the indictment was spear phishing. The same indictment also detailed APT3 attacks on Trimble Inc. and the Siemens AG in the US. Notably, the US DoJ indictment did only name the indicted individuals and their official positions within Boyusec, but neither their membership with APT3, nor Boyusec`s reported affiliation with the MSS, which was already publicly known at that time, especially due to the blog posts by the anonymous threat intelligence collective Intrusion Truth.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-09-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "167_0", "receiver_name": "Moody`s Analytics", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)", "Wu Yingzhuo (Boyusec)", "Dong Hao (Boyusec)", "Xia Lei (Boyusec)" ], "initiator_country": [ "China", "China", "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group" ], "initiator_category_subcode": [ "Not available", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 11679, "settled": true, "attribution_year": 2017, "attribution_month": 5, "attribution_day": 9, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Intrusion Truth" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017-5-9" ] }, { "attribution_id": 11680, "settled": true, "attribution_year": 2017, "attribution_month": 9, "attribution_day": 13, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Indictment" ], "attributing_country": [ "United States" ], "attributing_actor": [ "US Department of Justice (DoJ)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Cyber espionage" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Wu Yingzhuo (Boyusec)", "Dong Hao (Boyusec)", "Xia Lei (Boyusec)" ], "attributed_initiator_country": [ "China", "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "2017-9-13" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "China \u2013 USA" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations", "https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/", "https://www.justice.gov/opa/press-release/file/1013866/download" ], "sources_attribution": [ "https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/", "https://www.justice.gov/opa/press-release/file/1013866/download" ] }, { "ID": 168, "name": "MagicKitten vs. Iranian Activists outside Iran", "description": "The Iranian APT MagicKitten started a phishing campaign against Iranian exile activists, trying to access their data. Those attacks continued at least until mid 2013.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "168_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Telecommunications" ] }, { "receiver_id": "168_1", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Telecommunications" ] }, { "receiver_id": "168_2", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Telecommunications" ] }, { "receiver_id": "168_3", "receiver_name": null, "receiver_country": "Mena Region (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Telecommunications" ] } ], "initiator_name": [ "Magic Kitten/Group 42" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 225, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Magic Kitten/Group 42" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://carnegieendowment.org/files/Iran_Cyber_Final_Full_v2.pdf", "https://security.googleblog.com/2013/06/iranian-phishing-on-rise-as-elections.html", "https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/" ], "sources_attribution": [ "https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/" ] }, { "ID": 169, "name": "Dagger Pandas East Asian Campaign", "description": "A new APT-Dagger Panda-emerged against the nations of South Korea, Japan and Taiwan, attacking their government(espacially)military networks with spearphishing", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-10-20", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "169_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Media", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Telecommunications", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "169_1", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Media", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Telecommunications", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "169_2", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Media", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Telecommunications", "Defence industry", "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 226, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/" ], "sources_attribution": [ "Not available" ] }, { "ID": 170, "name": "BlackEnergy usage against American SCADA Systems", "description": "The U.S. Department of Homeland Security issued an updated alert last week stating that a variant of the BlackEnergy malware had infiltrated the SCADA systems that control critical infrastructure, including oil and gas pipelines, water distribution systems and the power grid. ABC News reported that national security experts believe hackers sponsored by the Russian government are responsible.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-12-21", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "170_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Energy", "Water" ] } ], "initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 227, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.greentechmedia.com/articles/read/dhs-russian-hackers-infiltrated-us-energy-infrastructure#gs.fWFJYmqF", "https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476", "https://socradar.io/alphv-seized-unseized-decrypted-pandoras-box-may-be-reopened/" ], "sources_attribution": [ "https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476" ] }, { "ID": 171, "name": "Operation Ababil", "description": "The hackergroup Cyberfighters of IzzAd-Din AlQassam attacks US American banks in a third wave of attacks, protesting an islamophobic video on youtube. The alleged hackers indicted in 2016 are believed to be responsible for the distributed denial-of-service (DDoS) attacks launched against 46 U.S. banks between late 2011 and mid-2013. One of the suspects, Hamid Firoozi, has also been charged in connection to a hackerattack targeting the Bowman DaminRye, NewYork. Authorities said here peatedly breached the dam's computersystems between August and September 2013, allowing him to obtain information about the status and operation of the facility.", "added_to_DB": "2022-08-15", "start_date": "2011-12-01", "end_date": "Not available", "updated_at": "2023-07-17", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "171_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Energy", "Finance" ] } ], "initiator_name": [ "Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC)" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 11685, "settled": false, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 11686, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and indictment / sanctions" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber fighters of Izz Ad-Din Al Qassam/ITSec Company/Mersad (IRGC)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/file/834996/download", "https://www.recordedfuture.com/iran-hacker-hierarchy/", "http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y", "https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48", "https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html", "https://www.darkreading.com/attacks-breaches/to-safeguard-critical-infrastructure-go-back-to-basics" ], "sources_attribution": [ "https://www.justice.gov/opa/file/834996/download", "https://www.recordedfuture.com/iran-hacker-hierarchy/", "http://www.startribune.com/group-halts-bank-cyberattacks/188944711/?refer=y", "https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#38b0b8454a48", "https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html" ] }, { "ID": 172, "name": "Countering the Hacktivists", "description": "Hacker collectives Anonymous and LulzSec have both been the targets of cyber attacks by UK government spy agency GCHQ", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "172_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Hacktivist" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 231, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 230, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/technology-26049448", "http://www.wired.co.uk/article/gchq-ddos-attack-anonymous" ], "sources_attribution": [ "Not available" ] }, { "ID": 173, "name": "E-Mail Theft of Australian Parliament", "description": "Hackers have broken into Federal Parliamentary email accounts to gain access to emails between ministers and Australian companies mining in China.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "173_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Legislative" ] } ], "initiator_name": [ null ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8673, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.australianmining.com.au/news/chinese-hack-australian-miners-emails/" ], "sources_attribution": [ "Not available" ] }, { "ID": 174, "name": "Operation Newscaster (aka CharmingKitten)", "description": "Iranian hackers use social engineering tactics and other hacking tools to access socialmedia accounts and accounts on other platforms of high-ranking officials, personnel and communityleader, accessing vast amounts of confidential data.The group has been later linked to the Iranian government under the name CharmingKitten.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "174_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_1", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_2", "receiver_name": null, "receiver_country": "Yemen", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_3", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_4", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_5", "receiver_name": null, "receiver_country": "Iraq", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_6", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_7", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_8", "receiver_name": null, "receiver_country": "Kuwait", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] }, { "receiver_id": "174_9", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Military", "Not available" ] } ], "initiator_name": [ "Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC)" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 233, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Charming Kitten/NEWSCASTER/APT35/Mint Sandstorm fka PHOSPHORUS/NewsBeef/Group 83/TA453/Calanque/G0059 (IRGC)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/iran-hackers/rpt-iranian-hackers-use-fake-facebook-accounts-to-spy-on-u-s-others-idUSL1N0OF06R20140529", "https://www.timesofisrael.com/iran-spied-on-israel-saudi-arabia-with-major-cyberattack/", "https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf", "https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "sources_attribution": [ "https://cyber-peace.org/wp-content/uploads/2014/08/NEWSCASTER-An-Iranian-Threat-Inside-Social-Media-iSIGHT-Partners.pdf", "https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ] }, { "ID": 175, "name": "RSA breached", "description": "RSA is hacked with a Trojanhorse and Secure ID Token, its security technology in use by several governments and private firms around the globe. RSA later states that two probably state-sponsored groups intiated the attack, U.S. government and parts of the IT security community make China responsible.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "2011-03-17", "updated_at": "2023-08-07", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "175_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 235, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 234, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://searchsecurity.techtarget.com/magazineContent/The-RSA-breach-One-year-later", "https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/", "https://nakedsecurity.sophos.com/2011/03/18/security-firm-rsa-warns-that-its-servers-have-been-hacked/", "https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409", "https://www.vanityfair.com/news/2011/09/chinese-hacking-201109", "https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/" ], "sources_attribution": [ "https://nakedsecurity.sophos.com/2011/10/11/rsa-blames-nation-state-attack/", "https://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409", "https://www.security-insider.de/so-knackten-hacker-die-sicherheit-bei-rsa-und-lockheed-martin-a-393338/" ] }, { "ID": 176, "name": "Phishing Norways National Security Authority", "description": "Norway's National Security Authority (NSM) on Friday confirmed that systems associated with the country's energy and defence sectors were hit with a cyber attack, resulting in a loss of sensitive information.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2024-01-17", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "176_0", "receiver_name": null, "receiver_country": "Norway", "receiver_region": "NORTHEU", "receiver_category": [ "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Energy", "Defence industry" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 236, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://uk.pcmag.com/news/114528/norway-cyber-attack-targets-countrys-oil-gas-systems" ], "sources_attribution": [ "Not available" ] }, { "ID": 177, "name": "Citigroup hacked", "description": "Citigroup Inc. C 0.01% plans to send replacement credit cards to about 100,000 North American customers after its systems were breached by a hacking attack affecting about 200,000 accounts. Possibly the attack was even worse, leading to a breach of up to 300.000 Creditcards", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "177_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 237, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.huffingtonpost.com/2011/06/27/citigroup-hack_n_885045.html", "https://www.reuters.com/article/us-citi/regulators-pressure-banks-after-citi-data-breach-idUSTRE7580TM20110609" ], "sources_attribution": [ "Not available" ] }, { "ID": 178, "name": "APT 6 vs. US government", "description": "The feds warned that \"a group of malicious cyber actors,\" whom security experts believe to be the government-sponsored hacking group known as APT 6, \"have compromised and stolen sensitive information from various government and commercial networks\" since at least 2011, according to an FBI alert obtained by Motherboard.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "178_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "APT 6" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 238, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT 6" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 240, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT 6" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 239, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT 6" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://motherboard.vice.com/en_us/article/qkjkxv/fbi-flash-alert-hacking-group-has-had-access-to-us-govt-files-for-years" ], "sources_attribution": [ "Not available" ] }, { "ID": 179, "name": "Attack on various Australian Networks", "description": "Australian government computer networks breached in cyber attacks by Chinese hackers", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "179_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 242, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 241, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.abc.net.au/news/2016-08-29/chinese-hackers-behind-defence-austrade-security-breaches/7790166" ], "sources_attribution": [ "Not available" ] }, { "ID": 180, "name": "IMF Hack", "description": "The\u00a0International Monetary Fund (IMF)\u00a0is investigating a serious cyber-attack in which some of its systems were compromised and used to access internal data. Security experts said the source seemed to be a \"nation state\"aiming to gain a \"digital insider presence\"on the network of the IMF", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2024-03-19", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "180_0", "receiver_name": "International Monetary Fund (IMF) ", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8674, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-imf-cyberattack/imf-cyber-attack-aimed-to-steal-insider-information-expert-idUSTRE75A20720110612", "https://www.theguardian.com/business/2011/jun/12/imf-cyber-attack-hack", "https://www.nytimes.com/2011/06/12/world/12imf.html?_r=3", "https://www.bolsamania.com/noticias/empresas/economia--el-fmi-confirma-haber-sufrido-un-ciberataque--16451389.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 181, "name": "PutterPanda cyberespionage vs. Canada", "description": "Chinas hackers gain access to highly classified federal information of the Canadian Finance Department, Treasury Board and a defense research institution through hijacking government computers. The named institutions are forced offline.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "181_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available" ] } ], "initiator_name": [ "Putter Panda/APT 2" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 244, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Putter Panda/APT 2" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 245, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Putter Panda/APT 2" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618", "https://www.cbc.ca/news/politics/hackers-stole-secret-canadian-government-data-1.990875", "https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801" ], "sources_attribution": [ "https://www.reuters.com/article/us-china-canada-cybersecurity/hacking-attack-in-canada-bears-signs-of-chinese-army-unit-expert-idUSKBN0G13X220140801" ] }, { "ID": 182, "name": "Anonymous vs. Tunisian Government", "description": "Anonymous attacks several Tunisian government websites.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "2011-01-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "182_0", "receiver_name": null, "receiver_country": "Tunisia", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 246, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/01/anonymous-hacktivists-attack-african.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 183, "name": "FatalErrorCrew vs. President of Brazil", "description": "Hackers attack several Brazilian government websites.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "183_0", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Fatal Error Crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 247, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Fatal Error Crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/01/police-probe-hacker-attack-on-brazil.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 184, "name": "PakBugs vs. Kerala Pradesh Congress Commitee", "description": "Website of the Indian party Kerala Pradesh Congress Committee is hacked and pro-Pakistani remarks are left.", "added_to_DB": "2022-08-15", "start_date": "2011-01-02", "end_date": "2011-01-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "184_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "PakBugs" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 248, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "PakBugs" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/01/kerala-pradesh-congress-committee-kpcc.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 185, "name": "Fine Gael defacement of Anonymous", "description": "The website of the main Irish opposition party Fine Gael was hacked and defaced with a critical message by Anonymous in January 2011. The data of 2000 users were compromised.", "added_to_DB": "2022-08-15", "start_date": "2011-01-09", "end_date": "2011-01-10", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft", "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "185_0", "receiver_name": "Fine Gael", "receiver_country": "Ireland", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 8678, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2011/jan/10/fine-gael-website-anonymous-hackers", "http://www.thejournal.ie/fine-gael-website-defaced-by-anonymous-hacktivists-66151-Jan2011/" ], "sources_attribution": [ "Not available" ] }, { "ID": 186, "name": "Breach of Sarkozys Facebook", "description": "Hackers managed to break into the Facebook page of French President Nicolas Sarkozy to announce he would be quitting next year.", "added_to_DB": "2022-08-15", "start_date": "2011-01-24", "end_date": "2011-01-24", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "186_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 250, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.telegraph.co.uk/technology/facebook/8278200/Nicolas-Sarkozys-Facebook-page-hacked.html", "https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked" ], "sources_attribution": [ "https://www.france24.com/en/20110125-france-president-nicolas-sarkozy-facebook-hacked" ] }, { "ID": 187, "name": "Anonymous vs. Egypt 2011", "description": "Sites belonging to Egypt\u2019s cabinet, the Ministry of the Interior and the Ministry of Communications and Information Technology were inaccessible, after DDoS attacks by Anonymous.", "added_to_DB": "2022-08-15", "start_date": "2011-01-26", "end_date": "2011-01-26", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "187_0", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 251, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.nbcnews.com/id/41280813/ns/technology_and_science-security/t/anonymous-hacktivists-attack-egyptian-websites/#.W7IzEuF1NEY" ], "sources_attribution": [ "Not available" ] }, { "ID": 188, "name": "Lybia anti-Government DDOS", "description": "Anti-government activists Tuesday accused Libyan leader Moamer Gaddafi of hacking websites reporting on Libya's pro-democracy demonstrations.", "added_to_DB": "2022-08-15", "start_date": "2011-02-01", "end_date": "Not available", "updated_at": "2023-10-20", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "188_0", "receiver_name": null, "receiver_country": "Libya", "receiver_region": "NAF", "receiver_category": [ "Social groups", "Media" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 252, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/03/libyan-opposition-websites-hacked.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 189, "name": "Anonymous vs. Egypt 2011 II", "description": "The online group Anonymous said Wednesday that it had paralyzed the Egyptian government\u2019s Web sites in support of the antigovernment protests.", "added_to_DB": "2022-08-15", "start_date": "2011-02-02", "end_date": "2011-02-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "189_0", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 253, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2011/02/03/world/middleeast/03hackers.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 190, "name": "Anonymous vs. Yemen Ministry of Information", "description": "Anonymous takes down the websites of Yemen\u2019s Ministry of Information, as well as Yemeni President Ali Abdullah Saleh", "added_to_DB": "2022-08-15", "start_date": "2011-02-03", "end_date": "2011-02-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "190_0", "receiver_name": null, "receiver_country": "Yemen", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 254, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.digitaltrends.com/computing/anonymous-hackers-strike-back-against-governments-of-egypt-yemen/" ], "sources_attribution": [ "Not available" ] }, { "ID": 191, "name": "Al-Jazeera fake advertising", "description": "Hackers insert false news into Al Jazeera website in protest against its coverage of protests in Egypt.", "added_to_DB": "2022-08-15", "start_date": "2011-02-09", "end_date": "2011-02-09", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "191_0", "receiver_name": null, "receiver_country": "Qatar", "receiver_region": "GULFC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 255, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/02/hackers-insert-rogue-content-on-al.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 192, "name": "Anonymous posts Aaron Barrs Mails", "description": "Anonymous has already posted around 50,000 emails of Aaron Barr, the CEO of sister organisation HPGary Federal, which revealed a\u00a0report\u00a0by the firm\u00a0looking at ways to sabotage WikiLeaks in collaboration with Palantir Technologies and Berico Technologies. The emails also show that\u00a0Bank of America, a potential\u00a0target of WikiLeaks, was to hear the proposal via its outside law firm Hunton & Williams. The proposal's recommendations included a disinformation campaign against WikiLeaks and cyber attacks on its Web site.", "added_to_DB": "2022-08-15", "start_date": "2011-02-11", "end_date": "2011-02-11", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "192_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 256, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.forbes.com/sites/parmyolson/2011/02/11/anonymous-ready-to-dump-more-hbgary-e-mails-launch-anonleaks/#2d6a31f4698f", "https://www.theguardian.com/commentisfree/cifamerica/2011/jun/22/hacking-anonymous" ], "sources_attribution": [ "Not available" ] }, { "ID": 193, "name": "Iranian cyber Army hacks Voice of America", "description": "Iranian Cyber Army, a hackergroup that might be affiliated with the Iranian government, hacks the website of Voice of America and leaves political messages critical of the US foreign policy.", "added_to_DB": "2022-08-15", "start_date": "2011-02-21", "end_date": "2011-02-21", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "193_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Iranian Cyber Army" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 257, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Iranian Cyber Army" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/02/voice-of-america-voa-website-hacked-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 194, "name": "Anonymous vs. Westboro Baptist Church", "description": "Anonymous hacks several websites of Westboro Baptist Church to protest its worldviews.", "added_to_DB": "2022-08-15", "start_date": "2011-02-24", "end_date": "2011-02-24", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "194_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Religious" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 258, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/02/anonymous-hackers-send-video-message-to.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 195, "name": "DoD hacked by nation state", "description": "Pentagon systems are penetrated in sophisticated attack, probably by other nation state, confidential data is stolen.", "added_to_DB": "2022-08-15", "start_date": "2011-03-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "195_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 259, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2011/07/15/world/15cyber.html?mtrref=www.google.com&gwh=33D9E59FC84D0817FABA517CD46991C8&gwt=pay" ], "sources_attribution": [ "Not available" ] }, { "ID": 196, "name": "PakCyber Combat Squad vs. Western Sites", "description": "Pakistani hackers deface websites of the Indian embassy in Sweden and Australian beer and wine companies, leave political messages about Kashmir.", "added_to_DB": "2022-08-15", "start_date": "2011-03-02", "end_date": "2011-03-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "196_0", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "196_1", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Pak Cyber Combat Squad" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 260, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pak Cyber Combat Squad" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/03/26-australian-beerwine-shop-websites.html", "https://thehackernews.com/2011/03/indian-embassy-of-sweden-hacked-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 197, "name": "Dark Seoul 2011", "description": "DDoS and Disk wiping attacks in South Korea.", "added_to_DB": "2022-08-15", "start_date": "2011-03-04", "end_date": "Not available", "updated_at": "2023-08-09", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "197_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 261, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 262, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/", "https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf", "https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787", "http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html", "https://twitter.com/securityaffairs/status/1661671109014564864" ], "sources_attribution": [ "https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/", "https://www.mcafee.com//wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf", "https://www.sans.org/reading-room/whitepapers/critical/tracing-lineage-darkseoul-36787", "http://english.chosun.com/site/data/html_dir/2013/04/11/2013041100648.html" ] }, { "ID": 198, "name": "Attack on Norway after Lybia Bombing", "description": "The Norwegian military has been the victim of a serious cyber attack , a day after Norwegian F-16 fighter jets for the first time carried out bombings in Libya. According to military officials, no sensitive information was lost.", "added_to_DB": "2022-08-15", "start_date": "2011-03-25", "end_date": "2011-03-27", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "198_0", "receiver_name": null, "receiver_country": "Norway", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 263, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.abs-cbn.com/global-filipino/world/05/19/11/norway-army-says-faced-cyber-attack-after-libya-bombing" ], "sources_attribution": [ "Not available" ] }, { "ID": 199, "name": "Zcompany Hacking Crew vs. Government of Orissa", "description": "Pakistani hacker defaces the website of the government of Orissa, India, and leaves political messages on Kashmir.", "added_to_DB": "2022-08-15", "start_date": "2011-04-05", "end_date": "2011-04-05", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "199_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Zcompany Hacking Crew" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 264, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zcompany Hacking Crew" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/04/govt-of-orissa-website-owned-by-zhc.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 200, "name": "North Korea disrupts South Korean Bank Service", "description": "NorthKorea hacks SouthKorean bank with over 30 million customers, disrupts service for almost a week and deletes transaction data.", "added_to_DB": "2022-08-15", "start_date": "2011-04-12", "end_date": "2011-04-17", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "200_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 265, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/world-asia-pacific-13263888" ], "sources_attribution": [ "Not available" ] }, { "ID": 201, "name": "Playstation Network Outage", "description": "The 2011 PlayStation Network outage was the result of an \"external intrusion\"on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4 Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23days.", "added_to_DB": "2022-08-15", "start_date": "2011-04-17", "end_date": "2011-05-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "201_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 266, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.bbc.com/news/technology-13192359", "https://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html", "https://www.flickr.com/photos/playstationblog/sets/72157626521862165/", "https://web.archive.org/web/20110505041135/http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361" ], "sources_attribution": [ "Not available" ] }, { "ID": 202, "name": "Chinese DDOS vs. Change.Org", "description": "Change.org, an online petitioning platform,has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.", "added_to_DB": "2022-08-15", "start_date": "2011-04-19", "end_date": "2011-04-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "202_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 267, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/04/ddos-attack-on-changeorg-from-china.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 203, "name": "Gmail Hack", "description": "Google\u00a0claims that hundreds of users of Gmail, its e-mailservice, had been the targets of clandestine attacks apparently originating in China that were aimed at stealing their passwords and monitoring their e -mail. Victims included senior government officials in the United States, Chinese political activists, officials in several Asian countries, military personnel and journalists.", "added_to_DB": "2022-08-15", "start_date": "2011-05-01", "end_date": "Not available", "updated_at": "2023-12-04", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "203_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Media", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Military" ] }, { "receiver_id": "203_1", "receiver_name": null, "receiver_country": "Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Media", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Military" ] }, { "receiver_id": "203_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Media", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Military" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 14508, "settled": true, "attribution_year": 2011, "attribution_month": 6, "attribution_day": 2, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Google" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011-6-2" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2011/06/02/technology/02google.html", "https://money.cnn.com/2011/06/01/technology/gmail_hack/index.htm" ], "sources_attribution": [ "Not available" ] }, { "ID": 204, "name": "Anonymous vs. Iran", "description": "Anonymous attacks several Iranian government websites.", "added_to_DB": "2022-08-15", "start_date": "2011-05-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "204_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Police", "Political parties" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 269, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/05/anonymous-attacks-iranian-state.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 205, "name": "XtReMiSt defaces Indian government pages", "description": "Pakistani hacker defaces several Indian government and commercial websites and leaves political messages about Kashmir.", "added_to_DB": "2022-08-15", "start_date": "2011-05-21", "end_date": "2011-05-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "205_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "XtReMiSt" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 270, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "XtReMiSt" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/05/200-important-some-govt-websites-of.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 206, "name": "ALLAH`U EKBER-Team defaces webpage of Thai Democratic Party", "description": "Hacker defaces a website of the Thai Democratic Party.", "added_to_DB": "2022-08-15", "start_date": "2011-05-22", "end_date": "2011-05-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "206_0", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "ALLAH`UEKBER-Team" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 271, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "ALLAH`UEKBER-Team" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/05/democrat-website-youngdemocratorg.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 207, "name": "Anonymous vs. US Chamber of Commerce", "description": "The hacker collective Anonymous took down the US chamber of commerce in response to an planed copyright act", "added_to_DB": "2022-08-15", "start_date": "2011-05-27", "end_date": "2011-05-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "207_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 272, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/05/anonymous-takes-down-us-chamber-of.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 208, "name": "Lulzsec vs. PBS", "description": "The hacking group LulzSec breaks into PBS and pastes in a report that says Tupac Shakur is living in NewZealand, in protest against critical reporting on WikiLeaks.", "added_to_DB": "2022-08-15", "start_date": "2011-05-30", "end_date": "2011-05-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "208_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "LulzSec" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 273, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cnet.com/news/pbs-hacked-says-tupac-is-still-alive/", "https://www.forbes.com/sites/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/#2a90db8a2fb0" ], "sources_attribution": [ "Not available" ] }, { "ID": 209, "name": "China vs. Vietnam Hacker", "description": "Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.", "added_to_DB": "2022-08-15", "start_date": "2011-06-01", "end_date": "Not available", "updated_at": "2023-08-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "209_0", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 274, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory" ], "offline_conflict_issue": [ "Territory", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.bbc.com/news/world-asia-pacific-13707921" ], "sources_attribution": [ "Not available" ] }, { "ID": 210, "name": "China vs. Vietnam Hacker", "description": "Computer hackers from Vietnam and China have attacked websites including portals run by each other's governments, amid a sea-border row.", "added_to_DB": "2022-08-15", "start_date": "2011-06-01", "end_date": "Not available", "updated_at": "2023-08-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "210_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Vietnam" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 275, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory" ], "offline_conflict_issue": [ "Territory", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 211, "name": "Strider attack against various countries through Remsec malware", "description": "A previously unknown hacking group known as \"Strider\" or \"ProjectSauron\" has carried out a cyber espionage campaign against targets in Russia, Belgium, China, Iran, Sweden and Rwanda. The Strider crew has apparently been active since at least 2011. Their capabilities and the nature of the targets prompts experts to suspect that it is a nation-state group. The Strider group is using a sophisticated strain of malware dubbed Remsec.", "added_to_DB": "2022-08-15", "start_date": "2011-06-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "211_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Other", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Military", "Finance" ] }, { "receiver_id": "211_1", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Other", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Military", "Finance" ] }, { "receiver_id": "211_2", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Other", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Military", "Finance" ] }, { "receiver_id": "211_3", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Other", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Military", "Finance" ] }, { "receiver_id": "211_4", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Other", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Military", "Finance" ] } ], "initiator_name": [ "Strider/Project Sauron" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6708, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Strider/Project Sauron" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/faq-the-projectsauron-apt/75533/", "https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html" ], "sources_attribution": [ "https://securityaffairs.co/wordpress/50119/intelligence/projectsauron-apt-stride.html" ] }, { "ID": 212, "name": "Syria information war", "description": "Release of dozens of revealing Syrian messages points to a newer a of information warfare", "added_to_DB": "2022-08-15", "start_date": "2011-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "212_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 277, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-syria-assads-emails-naked/sexy-photo-in-hacked-assad-e-mails-causes-comment-idUSBRE82G09L20120317", "https://in.reuters.com/article/syria-hacking/syria-e-mail-hack-points-to-new-information-war-idINDEE82F0HX20120316" ], "sources_attribution": [ "Not available" ] }, { "ID": 213, "name": "Anonymous vs. Indian National Informatics Centre", "description": "Anonymous defaces the website of the Indian National Informatics Centre to protest government corruption.", "added_to_DB": "2022-08-15", "start_date": "2011-06-05", "end_date": "2011-06-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "213_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 278, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/06/national-informatics-centre-nic-india.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 214, "name": "Zcompany HackingCrew UNICEF Defacement", "description": "Pakistani hackers deface the website of UNICEF and leave political messages on Kashmir and in support of Palestinians.", "added_to_DB": "2022-08-15", "start_date": "2011-06-07", "end_date": "2011-06-07", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "214_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Zcompany Hacking Crew" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 279, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zcompany Hacking Crew" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/06/united-nations-childrens-fund-unicef.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 215, "name": "Anonymous vs. Turkey 2011", "description": "Official Turkish websites were attacked by Internet vigilante group Anonymous on Thursday as part of a protest against what it says is government Internet censorship.", "added_to_DB": "2022-08-15", "start_date": "2011-06-09", "end_date": "2011-06-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "215_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 280, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-turkey-election-internet/turkish-websites-attacked-by-anonymous-before-vote-idUSTRE7583DV20110609" ], "sources_attribution": [ "Not available" ] }, { "ID": 216, "name": "Anonymous vs. Spain National Police", "description": "The website of Spain's national police force has been briefly knocked offline by hacker collective Anonymous, in protest against the arrest of three hackers.", "added_to_DB": "2022-08-15", "start_date": "2011-06-12", "end_date": "2011-06-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "216_0", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 281, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/technology-13749181" ], "sources_attribution": [ "Not available" ] }, { "ID": 217, "name": "LulzSec access to Senate", "description": "LulzSec broke into the Senate's Website and was able to gain access to the server's directory and file structure, the contents of which the group published on\u00a0ist own site.", "added_to_DB": "2022-08-15", "start_date": "2011-06-13", "end_date": "2011-06-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "217_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "LulzSec" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 282, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cnet.com/news/lulzsec-hackers-attack-senate-site/" ], "sources_attribution": [ "Not available" ] }, { "ID": 218, "name": "LulzSec takes down the CIA page", "description": "The public website of the US Central Intelligence Agency has gone down after the hackergroup LulzSecurity said it had launched an attack.", "added_to_DB": "2022-08-15", "start_date": "2011-06-15", "end_date": "2011-06-15", "updated_at": "2024-02-14", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "218_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] } ], "initiator_name": [ "LulzSec" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 283, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.telegraph.co.uk/news/worldnews/northamerica/usa/8578704/CIA-website-hacked-by-Lulz-Security.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 219, "name": "Anonymous vs. Censorship in Malaysia", "description": "Hackers have attacked dozens of government websites in Malaysia, days after a hacking group criticised the country over censorship.", "added_to_DB": "2022-08-15", "start_date": "2011-06-15", "end_date": "2011-06-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "219_0", "receiver_name": null, "receiver_country": "Malaysia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 284, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/world-asia-pacific-13788817" ], "sources_attribution": [ "Not available" ] }, { "ID": 220, "name": "Ktoki defacement of Lybian Sites", "description": "Several Libyan private and public media outlets are in accessible, websites defaced with message against Gaddafi.", "added_to_DB": "2022-08-15", "start_date": "2011-06-18", "end_date": "2011-06-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "220_0", "receiver_name": null, "receiver_country": "Libya", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Ktoki" ], "initiator_country": [ "Libya" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 285, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Ktoki" ], "attributed_initiator_country": [ "Libya" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 221, "name": "Operation AntiSec", "description": "As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec take down several websites with DDoS attacks, including Tunisian, Turkish and Brazilian government websites and the websites of a US Court of Appeals, a Chinese government district and the British Serious Organised CrimeAgency.", "added_to_DB": "2022-08-15", "start_date": "2011-06-20", "end_date": "2011-12-01", "updated_at": "2023-08-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "221_0", "receiver_name": null, "receiver_country": "Tunisia", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] }, { "receiver_id": "221_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] }, { "receiver_id": "221_2", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] }, { "receiver_id": "221_3", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] }, { "receiver_id": "221_4", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] }, { "receiver_id": "221_5", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Not available" ] } ], "initiator_name": [ "Anonymous", "LulzSec" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 286, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "LulzSec" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.webcitation.org/5zxp1vmNv", "https://uk.pcmag.com/news/107520/anonymous-antisec-operation-targets-viacom-universal-music", "https://www.pcworld.com/article/235184/Anonymous_Attacks_Turkish_Websites_Again.html", "https://www.bbc.com/news/technology-13878888", "http://www.gmanetwork.com/news/scitech/content/224612/hacktivist-spree-continues-tunisian-govt-site-latest-target/story/", "https://www.webcitation.org/5zbHJFF18", "https://www.webcitation.org/61TbdSoz8", "https://www.webcitation.org/5zdkR3nOy", "https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments", "https://www.cnet.com/news/lulzsec-takes-down-brazil-government-sites/", "https://www.webcitation.org/5zaPT1ekX" ], "sources_attribution": [ "Not available" ] }, { "ID": 222, "name": "Operation AntiSec", "description": "As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec deface several websites with their logo and political messages, including the websites of the British newspaper The Sun, of the Australian Casino, Liquor and Gaming Control Authority, of an Italian Prison Agency and of several Turkish businesses and governmental websites.", "added_to_DB": "2022-08-15", "start_date": "2011-06-20", "end_date": "2011-12-01", "updated_at": "2023-08-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "222_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Civil service / administration", "Police", "Not available", "Not available" ] }, { "receiver_id": "222_1", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Civil service / administration", "Police", "Not available", "Not available" ] }, { "receiver_id": "222_2", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Civil service / administration", "Police", "Not available", "Not available" ] }, { "receiver_id": "222_3", "receiver_name": null, "receiver_country": "Italy", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Civil service / administration", "Police", "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous", "LulzSec" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 287, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "LulzSec" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackmageddon.com/2011/08/05/italian-prison-guards-hacked/", "https://www.webcitation.org/60HMbQTWj", "https://www.cyberwarnews.info/2011/11/27/australian-government-website-defaced-by-anonymous/" ], "sources_attribution": [ "Not available" ] }, { "ID": 223, "name": "Operation AntiSec", "description": "As part of Operation AntiSec, the related hackergroups Anonymous and LulzSec hack several political and commercial entities and publish data, often times including confidential information. The hacked organisations include police and cyberterrorism agencies in the USA, Italy and Brazil, US government contractors and multinational businesses.", "added_to_DB": "2022-08-15", "start_date": "2011-06-20", "end_date": "2011-12-01", "updated_at": "2023-08-11", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "223_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] }, { "receiver_id": "223_1", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] }, { "receiver_id": "223_2", "receiver_name": null, "receiver_country": "Italy", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] }, { "receiver_id": "223_3", "receiver_name": null, "receiver_country": "Anguilla", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] }, { "receiver_id": "223_4", "receiver_name": null, "receiver_country": "Zimbabwe", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] }, { "receiver_id": "223_5", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary", "Police", "Political parties", "Not available" ] } ], "initiator_name": [ "Anonymous", "LulzSec" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 288, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "LulzSec" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/another-government-contractor-pcs.html", "https://uk.pcmag.com/news/107504/lulzboat-sails-on-anonymous-dumps-more-arizona-data", "https://www.webcitation.org/5zijhtzV4", "https://www.webcitation.org/5zwEwc1It", "https://www.webcitation.org/5zxoSRQ4X", "https://www.theinquirer.net/inquirer/news/2082148/anonymous-hacks-anguilla-brazil-zimbabwe-australia-governments", "https://www.webcitation.org/5zxp1vmNv", "https://www.hackmageddon.com/2011/08/07/the-lulz-boat-sails-to-brazil-and-leaks-8-gb-of-data/", "https://thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html", "https://www.webcitation.org/5zxppc1WY", "https://www.webcitation.org/612Cy17OA", "https://thehackernews.com/2011/08/operation-satiagraha-brazil-corruption.html", "https://www.cnet.com/news/anonymous-ready-to-roll-in-post-lulzsec-world/", "https://www.cyberwarnews.info/2011/12/25/new-york-city-public-advocate-hacked-and-database-dumped-by-anonymous/", "https://www.hackmageddon.com/2011/10/22/another-friday-another-dump/", "https://www.hackmageddon.com/2011/08/06/i-shot-the-sheriff/", "https://www.webcitation.org/61TbdSoz8" ], "sources_attribution": [ "Not available" ] }, { "ID": 224, "name": "Team P0ison leaks Tony Blairs AdressBook", "description": "Pakistani hacker allegedly accessed Tony Blair's e-mail account and leak his addressbook.", "added_to_DB": "2022-08-15", "start_date": "2011-06-24", "end_date": "2011-06-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "224_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Legislative", "Political parties", "Not available" ] } ], "initiator_name": [ "Team P0ison" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 289, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team P0ison" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/06/teamp0ison-leak-former-british-pm-tony.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 225, "name": "Attack on Al-Qaida Comm-Systems", "description": "Communication networks of Al Qaida are disrupted for severeal days by unknown hacker.", "added_to_DB": "2022-08-15", "start_date": "2011-06-29", "end_date": "2011-07-01", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "225_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 290, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/06/hackers-target-al-qaida-internet.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 226, "name": "Operation BlackTulip", "description": "Presumably Iranian hackers gain access to a DutchSSL certificate supplier, is suing fraudulent certificates and thus gaining access to more than 300000 Iranian Google-Mail-Accounts.", "added_to_DB": "2022-08-15", "start_date": "2011-07-01", "end_date": "Not available", "updated_at": "2023-08-07", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "226_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available" ] }, { "receiver_id": "226_1", "receiver_name": null, "receiver_country": "Netherlands", "receiver_region": "WESTEU", "receiver_category": [ "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 291, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 292, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2011/08/31/technology/internet/hackers-impersonate-google-to-snoop-on-users-in-iran.html?_r=3", "https://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands", "https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/", "https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/" ], "sources_attribution": [ "https://bits.blogs.nytimes.com/2013/06/12/google-says-it-has-uncovered-iranian-spy-campaign/", "https://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/" ] }, { "ID": 227, "name": "LulzSec attack FoxNews Twitter", "description": "LuzSec hackers take control of @fox newspolitics, post tweets about death of Barack Obama.", "added_to_DB": "2022-08-15", "start_date": "2011-07-04", "end_date": "2011-07-04", "updated_at": "2024-02-14", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "227_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "LulzSec" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 293, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2011/jul/04/hacking-twitter-feed-fix-news" ], "sources_attribution": [ "Not available" ] }, { "ID": 228, "name": "Energy Labs breached", "description": "The Websites of the Energy Department's\u00a0Pacific Northwest National Lab\u00a0and\u00a0Jefferson National Lab\u00a0were down today in the after math of \"sophisticated\" attacks, no classified information has been stolen.", "added_to_DB": "2022-08-15", "start_date": "2011-07-06", "end_date": "2011-07-06", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "228_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 294, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cnet.com/news/sophisticated-attack-targets-two-energy-dept-labs/" ], "sources_attribution": [ "Not available" ] }, { "ID": 229, "name": "Moodys Defaced", "description": "Portuguese hackers responded to a negative assessment of the country's ability to repay loans by defacing the website of credit reference agency Moody's.", "added_to_DB": "2022-08-15", "start_date": "2011-07-08", "end_date": "2011-07-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "229_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Portugal" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 295, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Portugal" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/" ], "sources_attribution": [ "Not available" ] }, { "ID": 230, "name": "NN-Crew", "description": "A group calling itself NN-Crew says it has broken into a server used by Germany's Federal Police and stole thousands of data used to GPS-track suspects under surveillance. The police apparently used the hacked server as a datapool and server to download GPS tracking software; it also contained instructions for installation and operation of that software, several usernames and passwords along with telephone numbers , licenseplate numbers, locations, and coordinates.Numerous internal documents used by the authorities were also stored on the server.", "added_to_DB": "2022-08-15", "start_date": "2011-07-08", "end_date": "2011-07-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "230_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "NN-Crew" ], "initiator_country": [ "Germany" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 296, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NN-Crew" ], "attributed_initiator_country": [ "Germany" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 231, "name": "Anonymous breach of Defense Contractor", "description": "Anonymous announced that it had penetrated a server belonging to the defense contractor Booz Allen Hamilton and released what it claims are 90,000 military email addresses, encrypted passwords and an assortment of data related to other companies and government networks.", "added_to_DB": "2022-08-15", "start_date": "2011-07-11", "end_date": "2011-07-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "231_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 297, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.forbes.com/sites/andygreenberg/2011/07/11/anonymous-hackers-breach-booz-allen-hamilton-dump-90000-military-email-addresses/#597956a376bb" ], "sources_attribution": [ "Not available" ] }, { "ID": 232, "name": "InjectorTeam vs. IOM", "description": "The website of the International Organization for Migration is defaced by Libyanhackers, who leave a political message about the Libyan civilwar.", "added_to_DB": "2022-08-15", "start_date": "2011-07-12", "end_date": "2011-07-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "232_0", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Inj3ct0rTeam" ], "initiator_country": [ "Libya" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 298, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Inj3ct0rTeam" ], "attributed_initiator_country": [ "Libya" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/07/international-organization-for.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 233, "name": "Anonymous vs. GEMA", "description": "German creative author's society GEMA is hacked, log-in credentials are leaked and the website is later replaced with political message.", "added_to_DB": "2022-08-15", "start_date": "2011-07-13", "end_date": "2011-08-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "233_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 299, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.heise.de/security/meldung/Anonymous-legt-GEMA-Seite-lahm-1327285.html", "https://www.heise.de/security/meldung/Gema-offenbar-gleich-mehrfach-gehackt-1328737.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 234, "name": "Information Theft US Military", "description": "The US Deputy Defense Secretary William Lynn has revealed that a foreign intelligence agency was behind a hackattack that stole classified information about a topsecret weapons system which now has to be redesigned.", "added_to_DB": "2022-08-15", "start_date": "2011-07-13", "end_date": "2011-07-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "234_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 300, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nakedsecurity.sophos.com/2011/07/15/hackers-governmentsecret-plans-pentagon/" ], "sources_attribution": [ "Not available" ] }, { "ID": 235, "name": "Israeli Websites hacked by Palestinian Hackers", "description": "Palestinian hackers defaces several Israeli websites, demanding freedom for Palestine.", "added_to_DB": "2022-08-15", "start_date": "2011-07-18", "end_date": "2011-07-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "235_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Dr. Torjan", "Code 5" ], "initiator_country": [ "Palestine", "Palestine" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 301, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Dr. Torjan", "Code 5" ], "attributed_initiator_country": [ "Palestine", "Palestine" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/07/israel-web-hosting-server-hacked-for.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 236, "name": "Taliban Networks hacked", "description": "The Taliban said their phones, email and website had been hacked to spread a false report that the movement\u2019s spiritual leader, Mullah Omar, was dead. They identify US intelligence services behind the attack.", "added_to_DB": "2022-08-15", "start_date": "2011-07-20", "end_date": "2011-07-20", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "236_0", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 302, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-afghanistan-taliban-technology/tech-savvy-taliban-fights-war-in-cyberspace-idUSTRE76J1IL20110720" ], "sources_attribution": [ "Not available" ] }, { "ID": 237, "name": "Anonymous vs. NATO 2011", "description": "Anonymous claimed credit Thursday for hacking into NATO servers and stealing 1 gigabyte of sensitive information", "added_to_DB": "2022-08-15", "start_date": "2011-07-21", "end_date": "2011-07-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "237_0", "receiver_name": null, "receiver_country": "NATO (institutions)", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 303, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtonpost.com/world/national-security/nato-web-site-hacked-by-anonymous/2011/07/21/gIQACLFCSI_story.html?noredirect=on&utm_term=.f3d9e4435ee6" ], "sources_attribution": [ "Not available" ] }, { "ID": 238, "name": "Anonymous vs. Public Broadcaster", "description": "Anon Austria hack data base of public broadcaster (GIS), leak personal information and bank details of 100 employees of police ministry of the interior.", "added_to_DB": "2022-08-15", "start_date": "2011-07-22", "end_date": "2011-07-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "238_0", "receiver_name": null, "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Austria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 304, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Austria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://diepresse.com/home/techscience/internet/sicherheit/680144/GIS-gehackt_Anonymous-kapern-95954-Bankdaten" ], "sources_attribution": [ "Not available" ] }, { "ID": 239, "name": "Anonymous vs. Colombia National Police", "description": "Colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.", "added_to_DB": "2022-08-15", "start_date": "2011-07-23", "end_date": "2011-07-23", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "239_0", "receiver_name": null, "receiver_country": "Colombia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Colombia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 305, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Colombia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/07/colombian-anonymous-hackers-reveal.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 240, "name": "Defacing Anonymous", "description": "Unidentified hackers deface Anonplus, the social network of hacker group Anonymous, in retaliation against Turkish government websites earlier in July.", "added_to_DB": "2022-08-15", "start_date": "2011-07-23", "end_date": "2011-07-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "240_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Hacktivist" ] } ], "initiator_name": [ "Akincilar" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 306, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Akincilar" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://gizmodo.com/5823351/hackers-hacked-the-hackers-anonplus-social-network" ], "sources_attribution": [ "Not available" ] }, { "ID": 241, "name": "Chinese Trojan Horse in Japan", "description": "Computers and servers in the lower house of Japan's parliament became infected by a Trojan horse virus after one politician opened an email attachment. Computer IDs and passwords of all the lawmakers in the House of Representatives were leaked, e-mails sent to its lawmakers might have been accessible to hackers for a maximum of 15 days and computers were found to have made improper communications with overseas Websites", "added_to_DB": "2022-08-15", "start_date": "2011-07-25", "end_date": "2011-10-31", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "241_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 307, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.asiaone.com/News/Latest%2BNews/Asia/Story/A1Story20111116-310940.html", "https://nakedsecurity.sophos.com/2011/10/25/japanese-parliament-hit-by-cyber-attack/", "https://thenextweb.com/asia/2011/10/25/japanese-government-hit-by-chinese-trojan-horse-attack/" ], "sources_attribution": [ "Not available" ] }, { "ID": 242, "name": "Anonymous vs. Italian Cyber Police", "description": "Anonymous leaks webpage data of Italian cyber police unit (CNAIPIC).", "added_to_DB": "2022-08-15", "start_date": "2011-07-25", "end_date": "2011-07-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "242_0", "receiver_name": null, "receiver_country": "Italy", "receiver_region": "EU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 308, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.computerworld.com/article/2509444/government-it/anonymous-hacks-italy-s-cybercrime-police.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 243, "name": "Anonymous vs. ManTech", "description": "Anonymous hacks ManTech, a contractor that provides cyber security services to the FBI, releases 500mb of internal data.", "added_to_DB": "2022-08-15", "start_date": "2011-07-28", "end_date": "2011-07-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "243_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 309, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/anonymous-claims-it-hacked-mantech-fbi-cybersecurity-contractor" ], "sources_attribution": [ "Not available" ] }, { "ID": 244, "name": "Get Him Outgame", "description": "Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a video game called 'GetHimOut'. Under the formal banner introducing the site, a cartoon image of the French president was pictured on a go-kart heading towards the gates of the palace. For each click on a Facebook 'like' button beside the game, the French leader moved one step closer out into the street", "added_to_DB": "2022-08-15", "start_date": "2011-07-28", "end_date": "2011-07-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "244_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 310, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/07/nicolas-sarkozys-official-elysee-palace.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 245, "name": "Anonymous vs. SpecialForces.com", "description": "Members of the hacker collective Anonymous claim they have stolen about 14,000 user passwords and 8,000 credit card numbers from SpecialForces.com, a military and law enforcement equipment retailer. The data breach occurred several months ago, according to Anonymous, but the group only now decided to post the data online. The purloined password list had reportedly been posted online several weeks ago as well.", "added_to_DB": "2022-08-15", "start_date": "2011-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "245_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 311, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.pcworld.com/article/247072/anonymous_hacks_specialforces_com_posts_passwords_and_credit_card_data.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 246, "name": "Chinese Hack Japanese Defense Contractor", "description": "Allegedly Chinese hackers gain access to 85 computers of Mitsubishi Heavy Industries, a Japanese defence supplier, stealing classified information.", "added_to_DB": "2022-08-15", "start_date": "2011-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "246_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 312, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Decolonization" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2011/sep/20/china-denies-hacking-attack-japan", "https://nakedsecurity.sophos.com/2011/09/19/mitsubishi-defense-contractor-hack/" ], "sources_attribution": [ "Not available" ] }, { "ID": 247, "name": "Attack against Endusers in ISR-EGY Cyberwar", "description": "Egyptian hackers release a computer worm to US American and Israeli users condemning Israel's foreign policy, especially towards Egypt.", "added_to_DB": "2022-08-15", "start_date": "2011-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "247_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "247_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Egypt" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 313, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Egypt" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/cyber-war-against-israel-have-taken.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 248, "name": "Operation Defense", "description": "Anonymous and colombian hackers spambomb several addresses of the Colombian police and leak personal information on police officers.", "added_to_DB": "2022-08-15", "start_date": "2011-08-02", "end_date": "2011-08-02", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "248_0", "receiver_name": null, "receiver_country": "Colombia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Intelligence agencies", "Political parties" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Colombia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 314, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Colombia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/operation-defense-anonymous-shut-down.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 249, "name": "Alexploiter hacks website of Yemens customs authority", "description": "Hacktivists defaces the website of Yemen's customs authority to protest the government.", "added_to_DB": "2022-08-15", "start_date": "2011-08-05", "end_date": "2011-08-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "249_0", "receiver_name": null, "receiver_country": "Yemen", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Alexploiter" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 315, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Alexploiter" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/customs-authority-of-yemen-hacked-for.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 250, "name": "Anonymous takes down Syrian defense ministry website", "description": "The Syrian Ministry of Defense's website was inaccessible after it was hacked by Anonymous, which replaced its content by an anti-government message.", "added_to_DB": "2022-08-15", "start_date": "2011-08-07", "end_date": "2011-08-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "250_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 316, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://edition.cnn.com/2011/WORLD/meast/08/08/syria.ministry.site.hacked/index.html", "https://thehackernews.com/2011/08/syrian-ministry-of-defense-hacked-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 251, "name": "Syrian ElectronicArmy vs. AnonPlus", "description": "In retaliation for the defacement of the Syrian Ministry of Defense's website, the Syrian Electronic Army hacks and defaces AnonPlus, an alternative social network of Anonymous", "added_to_DB": "2022-08-15", "start_date": "2011-08-08", "end_date": "2011-08-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "251_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Hacktivist" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 317, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2011" ] }, { "attribution_id": 318, "settled": null, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.computerworld.com/article/2510039/cybercrime-hacking/syrian-hackers-retaliate--deface-anonymous--social-network.html", "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 252, "name": "Team P0ison vs. BlackBerry", "description": "Hacktivists left their mark of dissatisfaction on Blackberry's website after it announced that they would help police track down rioters in London", "added_to_DB": "2022-08-15", "start_date": "2011-08-09", "end_date": "2011-08-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "252_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Team P0ison" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 319, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team P0ison" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.businessinsider.com/blackberry-hacked-london-riots-2011-8?IR=T" ], "sources_attribution": [ "Not available" ] }, { "ID": 253, "name": "Egyptian Hacker Defacement of Page of Israeli Prime Minister", "description": "An Egyptian hacker managed on Sunday to hack into the website of Israeli Prime Minister, Benjamin Netanyahu, and placed a picture of Egyptian soldiers raising the Egyptian flag in Sinai during the October,6 , 1973, on the sites\u2019 homepage. The hacker who managed to penetrate the webpage of Netanyahu wrote \u201cAntiZionism\u201d, the site was then gradually taken offline.", "added_to_DB": "2022-08-15", "start_date": "2011-08-21", "end_date": "2011-08-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "253_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Egyptian Hacker" ], "initiator_country": [ "Egypt" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 320, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Egyptian Hacker" ], "attributed_initiator_country": [ "Egypt" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/israeli-prime-minister-netanyahus.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 254, "name": "Electr0nde faces NIC", "description": "Hackers calling themselves \u201cElectr0n\u201dhave defaced the nic.ly website, the main registry which administers .ly domainnames and replaced it with an anti-Gaddhafi message", "added_to_DB": "2022-08-15", "start_date": "2011-08-22", "end_date": "2011-08-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "254_0", "receiver_name": null, "receiver_country": "Libya", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Electr0n" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 321, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Electr0n" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nakedsecurity.sophos.com/2011/08/22/hackers-deface-libya-anti-gadaffi/" ], "sources_attribution": [ "Not available" ] }, { "ID": 255, "name": "Breach of US contractor", "description": "An admirer of Anonymous acted independently to breach an outsourced provider and steal a customer list with log-in credentials. Many on the list were U.S. government employees.", "added_to_DB": "2022-08-15", "start_date": "2011-08-24", "end_date": "2011-08-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "255_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 322, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.eweek.com/security/cyber-attacker-dumps-log-ins-for-20-000-customers-u.s.-employees" ], "sources_attribution": [ "Not available" ] }, { "ID": 256, "name": "PrivateX vs. PNRI", "description": "Private Xhackers defaced the website of the Philippine Nuclear Research Institute (PNRI) and left a message accusing another government agency of corruption, to support President Benigno AquinoIII and his State of the Nation Address", "added_to_DB": "2022-08-15", "start_date": "2011-08-25", "end_date": "2011-08-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "256_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Science" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "PrivateX" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 323, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "PrivateX" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/08/philippine-nuclear-research-institute.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 257, "name": "DDOS vs. Wikileaks", "description": "Website of WikiLeaks is disabled with a major DDoS attack, hours after classified documents of the USA find their way online.", "added_to_DB": "2022-08-15", "start_date": "2011-08-30", "end_date": "2011-08-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "257_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 324, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.techspot.com/news/45314-wikileaks-website-targeted-by-hackers.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 258, "name": "North Korea vs. Inche on Airport", "description": "The south Korean police suspects that the North\u2019s Reconnaissance General Bureau is behind a technical glitch in the flight data process or that paralyzed airtraffic control at Inche on International Airport for nearly an hour last Sept.15. It was presumably enabled by a botnet of south Korean computers, which have been infected by a compromised pc gaming version, distributed by a southKorean citizen, which was instructed by the Reconnaissance General Bureau of the Norths Military.", "added_to_DB": "2022-08-15", "start_date": "2011-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "258_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation" ] } ], "initiator_name": [ "South Korean Citizen", "Reconnaissance General Bureau" ], "initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 325, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "South Korean Citizen", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://koreajoongangdaily.joins.com/2012/06/04/socialAffairs/Incheon-Airport-cyberattack-traced-to-Pyongyang/2953940.html", "https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/" ], "sources_attribution": [ "https://threatpost.com/report-north-korea-accused-ddos-attack-south-korean-airport-060712/76664/" ] }, { "ID": 259, "name": "Chinese Phishing vs. US Gas Companies", "description": "Allegedly Chinese cyberspies targeted 23 US American gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks and obtain information,that would enable them to attack the country's whole gas system easily.", "added_to_DB": "2022-08-15", "start_date": "2011-09-01", "end_date": "Not available", "updated_at": "2023-01-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "259_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 327, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 326, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://cyberscoop.com/s4x24-volt-typhoon-critical-infrastructure/", "https://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage", "https://www.recordedfuture.com/from-coercion-to-invasion-the-theory-and-execution-of-china-cyber-activity" ], "sources_attribution": [ "Not available" ] }, { "ID": 260, "name": "Gauss", "description": "Gauss, a Stuxnet-related malware was created to steal sensitive information mainly from Lebanon Banking Sector.", "added_to_DB": "2022-08-15", "start_date": "2011-09-01", "end_date": "Not available", "updated_at": "2023-08-07", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "260_0", "receiver_name": null, "receiver_country": "Lebanon", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Defence industry", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8549, "settled": false, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 8550, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf", "https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined", "https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html", "https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/" ], "sources_attribution": [ "https://bits.blogs.nytimes.com/2012/08/09/researchers-find-possible-state-sponsored-virus-in-mideast/?mtrref=undefined", "https://www.golem.de/news/kaspersky-lab-gauss-ist-staatliche-malware-zum-kontenraub-1208-93780.html", "https://de.securelist.com/kaspersky-security-bulletin-2012-cyberwaffen/59256/" ] }, { "ID": 261, "name": "Inj3ct0r Team vs. European Comission", "description": "Hackinggroup Inj3ct0rTeam deface the website of the European Commission's Joint Research Service, leave political messages and publish server data.", "added_to_DB": "2022-08-15", "start_date": "2011-09-04", "end_date": "2011-09-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "261_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Inj3ct0rTeam" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 330, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Inj3ct0rTeam" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/european-union-hacked-by-inj3ct0r-team.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 262, "name": "Akincilar vs. Israel", "description": "Several Israeli websites are defaced by Turkish hackers who oppose Israel's foreign policy and its tensions with Turkey.", "added_to_DB": "2022-08-15", "start_date": "2011-09-04", "end_date": "2011-09-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "262_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Akincilar" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 331, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Akincilar" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/100s-of-israel-websites-hacked-by-cyber.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 263, "name": "ScriptKiddies vs. NBC", "description": "Hackergroup the ScriptKiddies gain access to the\u00a0NBC News Twitteraccount and post false tweets on terrorist attacks at Ground Zero.", "added_to_DB": "2022-08-15", "start_date": "2011-09-09", "end_date": "2011-09-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "263_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "ScriptKiddies" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 332, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "ScriptKiddies" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackmageddon.com/2011/09/11/an-e-mail-attack-to-ground-zero/" ], "sources_attribution": [ "Not available" ] }, { "ID": 264, "name": "Muslim Liberation Army vs. Christian Sites", "description": "20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army in support of Muslims in ongoing international conflicts and to protest against burings of Quran.", "added_to_DB": "2022-08-15", "start_date": "2011-09-11", "end_date": "2011-09-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "264_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Religious" ] } ], "initiator_name": [ "Muslim Liberation Army" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 333, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Muslim Liberation Army" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/truth-alliance-network-and-20-churches.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 265, "name": "FatalErrorCrew vs. Nigeria", "description": "Fatal Error Crew deface the official website of the Nigerian government with a message in Portuguese.", "added_to_DB": "2022-08-15", "start_date": "2011-09-12", "end_date": "2011-09-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "265_0", "receiver_name": null, "receiver_country": "Nigeria", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Fata Error Crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 334, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Fata Error Crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nakedsecurity.sophos.com/2011/09/12/nigerian-government-website-defacement/" ], "sources_attribution": [ "Not available" ] }, { "ID": 266, "name": "Protest vs. David Camerons visit to Russia", "description": "Unknown hackers take down the website of the Russian Embassy in the United Kingdom, presumably to protest the visit of PM David Cameron to Russia.", "added_to_DB": "2022-08-15", "start_date": "2011-09-12", "end_date": "2011-09-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "266_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 335, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/DDoS-Attack-Targets-Russian-Embassy-Website-221257.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 267, "name": "Anonymous vs. INSA", "description": "United States\u00a0trade association for intelligence contractors Intelligence and National Security Association (INSA) was hacked, and personal information of its 3000 members, including e-mail and home addresses is leaked.", "added_to_DB": "2022-08-15", "start_date": "2011-09-14", "end_date": "2011-09-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "267_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Police", "Intelligence agencies" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 336, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.computerworld.com/article/2471073/endpoint-security/3-000-intelligence-officials--names--emails-leaked-as--insa-spies-.html", "https://thehackernews.com/2011/09/intelligence-and-national-security.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 268, "name": "Mexican Independence Day Hack", "description": "Anonymous takes down several Mexican government websites on Mexico's Independence Day.", "added_to_DB": "2022-08-15", "start_date": "2011-09-15", "end_date": "2011-09-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "268_0", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 337, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/operation-opindependencia-anonymous-hit.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 269, "name": "Trick(ing) the City of Rennes", "description": "Website of the City of Rennes is defaced in protest against Anti-Islam policies.", "added_to_DB": "2022-08-15", "start_date": "2011-09-19", "end_date": "2011-09-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "269_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Trick" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 338, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Trick" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/city-of-rennes-france-hacked-against.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 270, "name": "Anonymous Austria leaks Police Data", "description": "AnonAustria publishes personal information of almost 25000 police officials in protest against a draft law which would require telecommunications companies to store details of all telephone and internet traffic for six months and make them available to the police", "added_to_DB": "2022-08-15", "start_date": "2011-09-26", "end_date": "2011-09-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "270_0", "receiver_name": null, "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Austria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 339, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Austria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://nakedsecurity.sophos.com/2011/09/28/names-addresses-25000-police-officers-anonymous-cell/", "https://www.bbc.co.uk/news/world-europe-15065931" ], "sources_attribution": [ "Not available" ] }, { "ID": 271, "name": "Anonymous and RevoluSec Deface Syrian government pages", "description": "Hackers of Anomyous and RevoluSec deface websites of several Syrian government websites in support of the Syrian opposition.", "added_to_DB": "2022-08-15", "start_date": "2011-09-26", "end_date": "2011-09-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "271_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous", "RevoluSec" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 340, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "RevoluSec" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.aljazeera.com/news/middleeast/2011/09/201192692416534215.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 272, "name": "A sophisticated cyberattack with a Syrian background was carried out on Harvard University's website in September 2011", "description": "Syrian Electronic Army hackers launched a \"sophisticated\" cyberattack on Harvard University's website on 26 September 2011. The compromised homepage featured a picture of Syrian President Bashar al-Assad alongside the message \"Syrian Electronic Army Were Here\", which contained terror threats against the United States and criticised its stance against the Assad regime. The university confirmed the security breach, noting that the attack was likely carried out by a skilled individual or group. ", "added_to_DB": "2022-08-15", "start_date": "2011-09-26", "end_date": "2011-09-26", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Not available", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "272_0", "receiver_name": "Harvard University", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Education" ], "receiver_category_subcode": [ "Research", "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 10761, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/harvard-university-website-hacked-by.html", "https://www.bbc.com/news/education-15061377", "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://threatpost.com/pro-syrian-electronic-army-hacks-harvard-university-site-092711/75695/" ] }, { "ID": 273, "name": "Zombie_Ksa vs. SupremeCourtofPakistan", "description": "Website of the Supreme Court of Pakistan is hacked and political remarks are left.", "added_to_DB": "2022-08-15", "start_date": "2011-09-28", "end_date": "2011-09-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "273_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Judiciary" ] } ], "initiator_name": [ "Zombie_Ksa" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 342, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zombie_Ksa" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/09/supreme-court-of-pakistan-website.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 274, "name": "Twitter of Thai PM hacked", "description": "Thailand\u2019s PrimeMinister, Yingluck Shinawatra, had her Twitter account hacked this weekend\u2013meaning that her followers saw a stream of messages criticising her leadership.", "added_to_DB": "2022-08-15", "start_date": "2011-10-03", "end_date": "2011-10-03", "updated_at": "2024-01-05", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "274_0", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Thailand" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 343, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Thailand" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://metro.co.uk/2011/10/03/thailands-prime-minister-yingluck-shinawatra-targeted-by-twitter-hackers-170901/", "https://nakedsecurity.sophos.com/2011/10/03/thai-pm-is-twitter-hacked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 275, "name": "Iron Dome Hack", "description": "Three Israeli defense contractors responsible for building the \u201cIron Dome\u201d missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology.", "added_to_DB": "2022-08-15", "start_date": "2011-10-10", "end_date": "2012-08-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "275_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 344, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Resources" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/" ], "sources_attribution": [ "Not available" ] }, { "ID": 276, "name": "MNDF Website Hacked", "description": "The Maldives National Defence Force (MNDF) has confirmed that its website was hacked last night by an unknown attacker.", "added_to_DB": "2022-08-15", "start_date": "2011-10-16", "end_date": "2011-10-16", "updated_at": "2023-02-17", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "276_0", "receiver_name": null, "receiver_country": "Maldives", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 345, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/02/maldives-national-defence-force-mndf.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 277, "name": "ZHC defaces page of Indian National Congress", "description": "Pakistani hackers deface the website of the Indian National Congress and leave political remarks on the Kashmir conflict.", "added_to_DB": "2022-08-15", "start_date": "2011-10-18", "end_date": "2011-10-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "277_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Zcompany Hacking Crew" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 346, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zcompany Hacking Crew" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power", "Cyber-specific" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/10/indian-national-congress-party-official.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 278, "name": "CabinCr3w vs. Citigroup", "description": "Hackers of CabinCr3w leak sensitive personal information of CitiGroup's CEO in support of the OccupyWallstreet movement.", "added_to_DB": "2022-08-15", "start_date": "2011-10-21", "end_date": "2011-10-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "278_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "CabinCr3w" ], "initiator_country": [ "United States" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 347, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CabinCr3w" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/10/hackers-leak-citigroup-ceos-personal.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 279, "name": "DDOS on Korean By-Election", "description": "Associates of the ruling party attacked the servers of the national electoral commision on the day of the 2011 Seoul-by-election", "added_to_DB": "2022-08-15", "start_date": "2011-10-26", "end_date": "2011-10-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Not available" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "279_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 348, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://web.archive.org/web/20120108030022/http://koreatimes.co.kr/www/news/nation/2012/01/117_102260.html", "http://www.koreatimes.co.kr/www/nation/2018/12/113_100097.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 280, "name": "Anonymous vs. Oakland", "description": "Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors, taking down their websites with DDoS attacks.", "added_to_DB": "2022-08-15", "start_date": "2011-10-27", "end_date": "2011-10-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "280_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 349, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/10/anonymous-ddos-oakland-police-site.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 281, "name": "Anonymous defaces Website of Political Candidate that colloborates with Cartels", "description": "In a slate against the Mexican Drug Cartel Los Zetas, Anonymous Mexico defaces the website of the politician Gustavo Rosario Torres, claiming that he collaborates with the cartel.", "added_to_DB": "2022-08-15", "start_date": "2011-10-29", "end_date": "2011-10-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "281_0", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Mexico" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 350, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Mexico" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Subnational predominance", "Resources", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 282, "name": "DDOS vs. Palestinian Pages", "description": "Internet services in the WestBank and Gaza have come under \"sustained attack\" in multiple locations, a day after Palestine's accession to the UNESCO. Palestinian officials hint at Israel as the inititator.", "added_to_DB": "2022-08-15", "start_date": "2011-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "282_0", "receiver_name": null, "receiver_country": "Palestine", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Israel" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 351, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.aljazeera.com/indepth/opinion/2011/11/2011117151559601957.html", "https://www.theguardian.com/world/2011/nov/01/palestinians-hit-cyber-attack-unesco" ], "sources_attribution": [ "Not available" ] }, { "ID": 283, "name": "Anonymous vs. El Salvador", "description": "The Anonymous hacking group launched an online strike against government websites in El Salvador last Saturday, forcing several of them to shut down to prevent the theft of high-ranking officials' personal information.", "added_to_DB": "2022-08-15", "start_date": "2011-11-05", "end_date": "2011-11-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "283_0", "receiver_name": null, "receiver_country": "El Salvador", "receiver_region": "CENTAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 352, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.nbcnews.com/id/45214010/ns/technology_and_science-security/t/hackers-hit-el-salvador-government-sites/#.W4k_4ScVREY" ], "sources_attribution": [ "Not available" ] }, { "ID": 284, "name": "Anonymous leaks finish Neo-Nazi site data", "description": "Anonymous hacks the database of a Finnish neo-nazi group and leaks data of 16000 members.", "added_to_DB": "2022-08-15", "start_date": "2011-11-08", "end_date": "2011-11-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "284_0", "receiver_name": null, "receiver_country": "Finland", "receiver_region": "NORTHEU", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 353, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/11/anonymous-hackers-hack-neo-nazis.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 285, "name": "DDOS in the preceding days of the russian parliament election", "description": "DDoS have in the days preceding parliamentary elections shutdown a large number of media websites. Russia\u2019s most popular bloggingsite, LiveJournal, was hobbled. The cyberattack also simultaneously crippled the websites of leading radio station EkhoMoskvy-owned by state energy monopoly Gazprom-Kommersant newspaper and other topmedia outlets. Russia\u2019s main independent vote monitor, Golos, was another target.", "added_to_DB": "2022-08-15", "start_date": "2011-11-08", "end_date": "2011-11-12", "updated_at": "2022-12-28", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "285_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 354, "settled": true, "attribution_year": 2011, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2011" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf", "https://www.reuters.com/article/us-russia-protests-socialmedia/insight-social-media-makes-anti-putin-protests-snowball-idUSTRE7B60R720111207", "https://www.bbc.com/news/technology-16032402?print=true" ], "sources_attribution": [ "https://www.bbc.com/news/technology-16032402?print=true" ] }, { "ID": 286, "name": "Q!sRQaTaR-Hacker Alajman vs. Ankara Government", "description": "Qatari hacker defaces several websites belonging to the Turkish government.", "added_to_DB": "2022-08-15", "start_date": "2011-11-10", "end_date": "2011-11-10", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "286_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Q!sRQaTaR - Hacker Alajman" ], "initiator_country": [ "Qatar" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 355, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Q!sRQaTaR - Hacker Alajman" ], "attributed_initiator_country": [ "Qatar" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Turkish-Government-Websites-Defaced-by-Qatar-Hacker-226486.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 287, "name": "3xp1r3 Cyber Army vs. Supreme Court of Bangladesh", "description": "The website of the Supreme Court of Bangladesh is defaced with crude political messages.", "added_to_DB": "2022-08-15", "start_date": "2011-11-10", "end_date": "2011-11-10", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "287_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Judiciary" ] } ], "initiator_name": [ "3xp1r3 Cyber Army" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 356, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "3xp1r3 Cyber Army" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/11/bangladesh-supreme-court-website-hacked.html", "https://www.thedailystar.net/news-detail-209824" ], "sources_attribution": [ "https://www.thedailystar.net/news-detail-209824" ] }, { "ID": 288, "name": "Anonymous vs. The Muslim Brotherhood", "description": "Anonymous Hackers take down the The Muslim Brotherhood websites.", "added_to_DB": "2022-08-15", "start_date": "2011-11-11", "end_date": "2011-11-11", "updated_at": "2023-11-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "288_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "France", "Germany", "Slovakia", "United States" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 357, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "France", "Germany", "Slovakia", "United States" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 358, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "France", "Germany", "Slovakia", "United States" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/11/operation-brotherhood-shutdown-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 289, "name": "Anonymous vs. Israeli Foreign Ministry", "description": "To protest what they call the \"barbaric, brutal and despicable treatment of the Palestinian people,\" hackers from the collective Anonymous have been attacking a number of Israeli Web sites, including Israel\u2019s Foreign Ministry and the municipal Web site for Tel Aviv.The group has also deleted the databases of the Israel Ministry of Foreign Affairs and Bank of Jerusalem, and leaked e-mail addresses and passwords for other sites.", "added_to_DB": "2022-08-15", "start_date": "2011-11-17", "end_date": "2011-11-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft", "Disruption" ], "receivers": [ { "receiver_id": "289_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 359, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtonpost.com/news/worldviews/wp/2012/11/17/anonymous-is-hacking-israeli-web-sites/?noredirect=on&utm_term=.eb177b12241b" ], "sources_attribution": [ "Not available" ] }, { "ID": 290, "name": "TeamP0ison leaks UN login data", "description": "The TeaM p0isoN hacking gang has leaked over one hundred usernames, email addresses and passwords that appear to belong to individuals at the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation(WHO) and other groups. The UN states that an old server had been compromised, and that the passwords would be outdated.", "added_to_DB": "2022-08-15", "start_date": "2011-11-29", "end_date": "2011-11-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "290_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "290_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "290_2", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Team P0ison" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 360, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team P0ison" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.bbc.com/news/technology-15951883", "https://nakedsecurity.sophos.com/2011/11/29/united-nations-hacked-email-addresses-and-passwords-leaked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 291, "name": "Attack on the Syrian MFA", "description": "An unknown actor attacked the Syrian MFA via a spear-phishing attack", "added_to_DB": "2022-08-15", "start_date": "2011-12-05", "end_date": "2011-12-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "291_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 361, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/a-targeted-attack-against-the-syrian-ministry-of-foreign-affairs/34742/" ], "sources_attribution": [ "Not available" ] }, { "ID": 292, "name": "Indishell vs. Dawrn", "description": "Indian hackers deface a big Pakistani news page and leak its database, presumably relating to Kashmeer conflict.", "added_to_DB": "2022-08-15", "start_date": "2011-12-08", "end_date": "2011-12-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "292_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Indishell" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 362, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Indishell" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/12/biggest-pakistan-news-site-dawncom.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 293, "name": "Anonymous vs. Coalition of Law Enforcement", "description": "Hacktivists leak the database with log-in credentials of the US Coalition of Law Enforcement and Retail in support of Occupy protests.", "added_to_DB": "2022-08-15", "start_date": "2011-12-12", "end_date": "2011-12-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "293_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 363, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/12/coalition-of-law-enforcement-hacked.html", "https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html" ], "sources_attribution": [ "https://www.csoonline.com/article/2221299/lulzlover-hacked-coalition-of-law-enforcement--data-dumped-for-2-400-cops-and-feds.html" ] }, { "ID": 294, "name": "Anti-Israel Hack of Guyana", "description": "Hacker defaces the website of the President of Guyana and leaves anti-Israel messages.", "added_to_DB": "2022-08-15", "start_date": "2011-12-12", "end_date": "2011-12-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "294_0", "receiver_name": null, "receiver_country": "Guyana", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "The Hacker Team" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 364, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "The Hacker Team" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/12/president-of-guyanas-website-defaced-by.html", "https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml" ], "sources_attribution": [ "https://news.softpedia.com/news/Presidency-of-Guyana-and-Anonymous-Websites-Defaced-by-Tha-Disaster-240003.shtml" ] }, { "ID": 295, "name": "Anonymous leaks Senate Data", "description": "Right after the National Defense Authorization Act (NDAA) passed through the Senate, hackers who operate under the name Anonymous leaked detailed information on many of the politicians.", "added_to_DB": "2022-08-15", "start_date": "2011-12-19", "end_date": "2011-12-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "295_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 365, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Leaks-Information-on-Senators-who-Passed-NDAA-241675.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 296, "name": "Revenge for Bradley Menning", "description": "Anonymous hacks the US American intelligence company Stratfor, leaking personal and creditcard information of its customers and donating over 500$ from said credit cards to charity. Action was supposedly motivated by frustration over treatment of US whistleblower Bradley Manning.", "added_to_DB": "2022-08-15", "start_date": "2011-12-24", "end_date": "2011-12-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "296_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 366, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://venturebeat.com/2011/12/25/anonymous-hackers-steals-data-stratfor-security/", "https://venturebeat.com/2011/12/27/anonymous-stole-9k-credit-cards-stratfor-hack/", "https://www.theguardian.com/technology/2011/dec/27/security-stratfor-hackers-credit-cards" ], "sources_attribution": [ "Not available" ] }, { "ID": 297, "name": "Hack of french MP", "description": "Turkish hackers deface the website of French parliamentarian Valerie Boyer, the author of a bill criminalizing the denial of the Armenian genocide, that had been adopted a couple of days earlier by the French National Assembly.", "added_to_DB": "2022-08-15", "start_date": "2011-12-26", "end_date": "2011-12-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "297_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Turkish Hackers" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 367, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turkish Hackers" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2011/12/french-mp-valerie-boyers-website-hacked.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 298, "name": "XDSpy Espionage campaign", "description": "New hacking group XDSpy got discovered stealing government secrets in Eastern Europe and the Balkans since 2011", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "298_0", "receiver_name": null, "receiver_country": "Eastern Europe", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available" ] }, { "receiver_id": "298_1", "receiver_name": null, "receiver_country": "Balkans (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available" ] } ], "initiator_name": [ "XDSpy" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 368, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "XDSpy" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/", "https://www.eset.com/us/about/newsroom/press-releases/eset-researchers-discover-xdspy-an-apt-group-stealing-government-secrets-in-europe-since-2011-2/" ], "sources_attribution": [ "Not available" ] }, { "ID": 299, "name": "Leviathan vs. Maritime & Defense Targets", "description": "Chinese APT Leviathan targets defense contractors, universities (particularly those with military research ties), legal organizations and government agencies. The actor has particular interest in naval industries including shipbuilding and related research.", "added_to_DB": "2022-08-15", "start_date": "2011-01-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "299_0", "receiver_name": null, "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_1", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_2", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_3", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_4", "receiver_name": null, "receiver_country": "Norway", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_5", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_6", "receiver_name": null, "receiver_country": "Malaysia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_7", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_8", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "299_9", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)", "Hainan Xiandun Company/MSS" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 13887, "settled": false, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)", "Hainan Xiandun Company/MSS" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2020" ] }, { "attribution_id": 13888, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)", "Hainan Xiandun Company/MSS" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "IT-security attribution before political attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion", "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", "https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html" ], "sources_attribution": [ "https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion", "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", "https://www.fireeye.com/blog/threat-research/2019/03/APT 40-examining-a-china-nexus-espionage-actor.html" ] }, { "ID": 300, "name": "Operation Quantum Entanglement/Dragon OK", "description": "The attack group \u201cDragon OK\u201d (named after an event name in one of their payload executables 6) appears to operate out of the Jiangsu province in China, and is known to target high-tech and manufacturing companies in Japan and Taiwan", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "300_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "300_1", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "DragonOk" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 371, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "DragonOk" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 301, "name": "Molerats aka Gaza Cybergang 2012", "description": "Spear-Phishing campaign by the Group Molerats aka Gaza Cybergang against Israeli, US and UK government. The group has been later attributed to Hamas.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2024-02-15", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "301_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "301_1", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "301_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Terrorist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17168, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Terrorist(s)" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/new-xtreme-rat-attacks-on-usisrael-and-other-foreign-governments/", "https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", "https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas", "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html", "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion" ], "sources_attribution": [ "https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", "https://www.securityweek.com/gaza-cybergang-attacks-attributed-hamas", "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html", "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion" ] }, { "ID": 302, "name": "SpringDragon aka LotusBlossom", "description": "Since as early as 2012, the maintargets of SpringDragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "302_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Telecommunications", "Not available" ] }, { "receiver_id": "302_1", "receiver_name": null, "receiver_country": "Indonesia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Telecommunications", "Not available" ] }, { "receiver_id": "302_2", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Telecommunications", "Not available" ] }, { "receiver_id": "302_3", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Telecommunications", "Not available" ] }, { "receiver_id": "302_4", "receiver_name": null, "receiver_country": "Thailand", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Legislative", "Political parties", "Telecommunications", "Not available" ] } ], "initiator_name": [ "Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 374, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lotus Blossom/Spring Dragon/ST Group/DRAGONFISH/G0030" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Resources" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://securelist.com/spring-dragon-updated-activity/79067/", "https://unit42.paloaltonetworks.com/operation-lotus-blossom/" ], "sources_attribution": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://unit42.paloaltonetworks.com/operation-lotus-blossom/" ] }, { "ID": 303, "name": "Dark Caracal", "description": "Look out and EFF revealed a worldwide cyber-espionage-campaign, allegedly sponsored or conducted by Lebanon.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company", "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ "Not available" ], "initiator_name": [ "Dark Carceral" ], "initiator_country": [ "Lebanon" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 373, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Dark Carceral" ], "attributed_initiator_country": [ "Lebanon" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign" ], "sources_attribution": [ "https://www.vice.com/en_us/article/gyw3n9/lebanese-government-hackers-hit-thousands-of-victims-with-incredibly-simple-campaign" ] }, { "ID": 304, "name": "StealthFalcon aka FruityArmor", "description": "Spy-Campaign against dissidents, journalistis and activists, allegedly tied to the United Arab Emirates government.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-09-25", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "304_0", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "304_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Stealth Falcon/Fruity Armor" ], "initiator_country": [ "United Arab Emirates" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 375, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Stealth Falcon/Fruity Armor" ], "attributed_initiator_country": [ "United Arab Emirates" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://citizenlab.ca/2016/05/stealth-falcon/", "https://securityaffairs.com/151298/malware/deadglyph-backdoor-middle-east.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 305, "name": "Operation Slingshot", "description": "Kaspersky revealed an allegedly US-counter terrorism cybercampaign in MENA countries, especially Kenya and Yemen.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "305_0", "receiver_name": null, "receiver_country": "Kenya", "receiver_region": "SSA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] }, { "receiver_id": "305_1", "receiver_name": null, "receiver_country": "Yemen", "receiver_region": "MEA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] }, { "receiver_id": "305_2", "receiver_name": null, "receiver_country": "Iraq", "receiver_region": "MEA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] }, { "receiver_id": "305_3", "receiver_name": null, "receiver_country": "Middle East (region)", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] }, { "receiver_id": "305_4", "receiver_name": null, "receiver_country": "Africa", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Slingshot" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 376, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Slingshot" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 377, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Slingshot" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.scmagazine.com/home/security-news/apts-cyberespionage/slingshot-apt-campaign-exposed-after-six-years-of-sophisticated-spying/", "https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/", "https://securelist.com/apt-slingshot/84312/" ], "sources_attribution": [ "https://www.cyberscoop.com/kaspersky-slingshot-isis-operation-socom-five-eyes/", "https://securelist.com/apt-slingshot/84312/" ] }, { "ID": 306, "name": "IAEA Hack 2012", "description": "Parastoo (aka Charming Kitten), an Iran-related group, claimed to have compromised computer systems at the International Atomic Energy Agency (IAEA).", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "306_0", "receiver_name": "International Atomic Energy Agency (IAEA; Austria)", "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Parastoo" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 5929, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Parastoo" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 5930, "settled": false, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Parastoo" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thedailybeast.com/did-irans-cyber-army-hack-into-the-iaeas-computers", "https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf" ], "sources_attribution": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf" ] }, { "ID": 307, "name": "Israel Police Hack", "description": "A virus struck the Israeli Police department and gathered data for more than a week. Israeli IT company AVNET attributes the attack to Iran as a state-sponsor.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "307_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 380, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/" ], "sources_attribution": [ "https://www.timesofisrael.com/how-israel-police-computers-were-hacked-the-inside-story/" ] }, { "ID": 308, "name": "Operation SoftCell", "description": "In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT 10.\u00a0This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-03-27", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "308_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 381, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers", "https://securityaffairs.com/143928/apt/operation-soft-cell-china-telecom-providers.html", "https://www.darkreading.com/endpoint/linux-chinese-apt-alloy-taurus-back-retooling", "https://twitter.com/unix_root/status/1651283247635001346", "https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html", "https://unit42.paloaltonetworks.com/alloy-taurus/" ], "sources_attribution": [ "Not available" ] }, { "ID": 309, "name": "US Recon on Russian Power Grids", "description": "The US - according to former officials - targeted the Russian cybernetwork with reconnaissance operations, later on leading to agressive operations in 2019", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "309_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 382, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securityaffairs.co/wordpress/87220/cyber-warfare-2/malware-russian-power-grid.html", "https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 310, "name": "NSA vs. System Administrators", "description": "The American NSA hacked the computers of system admins globally, to gain access to the networks they manage.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "310_0", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 384, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 383, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://theintercept.com/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/" ], "sources_attribution": [ "Not available" ] }, { "ID": 311, "name": "GCHQ vs. Taliban", "description": "In Afghanistan, according to the 2012 presentation, the British used a blizzard of text messages, phone calls and faxes to \u201csignificantly disrupt\u201d Taliban communications, with texts and calls programmed to arrive every minute.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "311_0", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Criminal" ] } ], "initiator_name": [ "GCHQ" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 386, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 385, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GCHQ" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nbcnews.com/news/investigations/snowden-docs-british-spies-used-sex-dirty-tricks-n23091" ], "sources_attribution": [ "Not available" ] }, { "ID": 312, "name": "CSEC vs. Canadian travellers", "description": "The Canadian CSEC used airport wifi to spy on canadian travellers", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "312_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "CSEC" ], "initiator_country": [ "Canada" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 388, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CSEC" ], "attributed_initiator_country": [ "Canada" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 387, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CSEC" ], "attributed_initiator_country": [ "Canada" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881" ], "sources_attribution": [ "Not available" ] }, { "ID": 313, "name": "Operation Muscular", "description": "The NSA and GCHQ managed to access the security parameters of Yahoo and Google, therefore bypassing the encription and getting access to the full data traffic", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "313_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Telecommunications", "Not available" ] } ], "initiator_name": [ "NSA/Equation Group", "GCHQ" ], "initiator_country": [ "United States", "United Kingdom" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8556, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 8557, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group", "GCHQ" ], "attributed_initiator_country": [ "United States", "United Kingdom" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/information-technology/2013/10/how-the-nsas-muscular-tapped-googles-and-yahoos-private-networks/" ], "sources_attribution": [ "Not available" ] }, { "ID": 314, "name": "BlackTech campaign \"PLEAD\"", "description": "BlackTech attacked Taiwanese government and private actor networks with the goal of the theft of confidential documents", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "314_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "314_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "314_2", "receiver_name": null, "receiver_country": "Hong Kong", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Blacktech" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 391, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Blacktech" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 315, "name": "Machete vs. Venezuelan Army", "description": "A cyber-espionage group known as \"Machete\" has been observed stealing sensitive files from the Venezuelan military,according to an ESET report published today.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "315_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] }, { "receiver_id": "315_1", "receiver_name": null, "receiver_country": "Ecuador", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Machete" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 392, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Machete" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.zdnet.com/article/a-cyber-espionage-group-has-been-stealing-files-from-the-venezuelan-military/", "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ], "sources_attribution": [ "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ] }, { "ID": 316, "name": "OperationCleaver/CuttingKitten", "description": "Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "316_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_1", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_2", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_3", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_4", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_5", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_6", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_7", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_8", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] }, { "receiver_id": "316_9", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Civil service / administration", "Military", "Not available", "Energy", "Transportation", "Defence industry", "Not available" ] } ], "initiator_name": [ "Magic Hound/APT35/Cobalt Gypsy" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 393, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Magic Hound/APT35/Cobalt Gypsy" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html", "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ], "sources_attribution": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://www.nytimes.com/2014/12/03/world/middleeast/report-says-cyberattacks-originated-inside-iran.html", "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ] }, { "ID": 317, "name": "PLA vs. SolarWorld, ATI & USW", "description": "Chinese-government backed military hackers stole e-mails of German Solar company's executives containting solar panel technological innovations and manufacturing metrics. The same holds true for the companies ATI and USW in the respective year.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-12-04", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "317_0", "receiver_name": "ATI", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "317_1", "receiver_name": "SolarWorld", "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 14719, "settled": true, "attribution_year": 2014, "attribution_month": 5, "attribution_day": 20, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "US Department of Justice (DoJ)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014-5-20" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor", "https://twitter.com/NCSCgov/status/1659565751806709761" ], "sources_attribution": [ "https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor" ] }, { "ID": 318, "name": "Leak of Israeli CreditCard Data", "description": "Saudi hackers publish creditcard details of about 20000 Israelis, Israeli officials call cyberterrorism", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "2012-01-06", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "318_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "End user(s) / specially protected groups", "Other" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "OxOmar" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 395, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "OxOmar" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.jpost.com/International/Hackers-post-1000s-of-Israeli-credit-card-numbers", "https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html", "http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html" ], "sources_attribution": [ "https://www.huffingtonpost.com/2012/01/06/israel-hack-saudi-arabia-oxomar_n_1188979.html" ] }, { "ID": 319, "name": "Wikileaks leaks Stratfor Info", "description": "Hacked email from leading private US intelligence agency Stratfor", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "2012-02-27", "updated_at": "2023-06-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "319_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 396, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.rt.com/news/stratfor-syria-secret-wikileaks-989/" ], "sources_attribution": [ "Not available" ] }, { "ID": 320, "name": "Wikileaks leaks US Info", "description": "WikiLeaks to release two million \u2018humiliating\u2019 hacked Syrian government emails", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "2012-07-05", "updated_at": "2023-10-05", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "320_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Political parties", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 397, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/wikileaks-to-release-two-million-humiliating-hacked-syrian-government-emails/", "https://www.diepresse.com/6274092/pentagon-nennt-datenleck-sehr-hohes-sicherheitsrisiko", "https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/", "https://socradar.io/dark-peep-7-shadows-of-betrayal-and-leadership-in-flux/" ], "sources_attribution": [ "Not available" ] }, { "ID": 321, "name": "Attack on Indian Navy", "description": "China hackers enter Navy computers, plant bug to extract sensitive data", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "321_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 398, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://archive.indianexpress.com/news/china-hackers-enter-navy-computers-plant-bug-to-extract-sensitive-data/968897/" ], "sources_attribution": [ "Not available" ] }, { "ID": 322, "name": "Volatile Cedar", "description": "Volatile Cedar\u2013Analysis of a Global Cyber Espionage Campaign", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2024-02-15", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "322_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] }, { "receiver_id": "322_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] }, { "receiver_id": "322_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] }, { "receiver_id": "322_3", "receiver_name": null, "receiver_country": "Lebanon", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] }, { "receiver_id": "322_4", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] }, { "receiver_id": "322_5", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups", "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications", "Not available", "Not available", "Defence industry" ] } ], "initiator_name": [ "DeftTorero/Volatile Cedar/Lebanese Cedar" ], "initiator_country": [ "Lebanon" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17169, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "DeftTorero/Volatile Cedar/Lebanese Cedar" ], "attributed_initiator_country": [ "Lebanon" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 323, "name": "Belgian MFA hacked", "description": "Belgium\u2019s Ministry of Foreign Affairs Hacked, Foreign Policy Data Leaked", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "323_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 400, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Belgium-s-Ministry-of-Foreign-Affairs-Hacked-Foreign-Policy-Data-Leaked-384413.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 324, "name": "Op Freedom Palestine Pak CyberPirates", "description": "800 Websites Hacked by Pak CyberPyrates for #op Freedom Palestine", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "324_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Pak Cyber Pirates" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 401, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pak Cyber Pirates" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/800-websites-hacked-by-pak-cyber-pyrates-for-opfreedompalestine/" ], "sources_attribution": [ "Not available" ] }, { "ID": 325, "name": "Bangladesh Cyber Army hack indian webpages", "description": "Indian Government and 30 websites hacked by Bangladesh Cyber Army", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "325_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 402, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/indian-government-and-and-30-websites-hacked-by-bangladesh-cyber-army/" ], "sources_attribution": [ "Not available" ] }, { "ID": 326, "name": "Espionage Campaign targeting Japan", "description": "Espionage campaign targeting Japan", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "326_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 403, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/cyber-espionage-campaign-targeting-japan-may-have-ties-to-2012-taiwan-attacks-505607.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 327, "name": "Telvent Hack", "description": "A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2024-03-05", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "327_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 404, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT1/Comment Crew/Comment Panda/Byzantine Candor/Group 3/ TG-8223/BrownFox/G0006 (PLA, Unit 61398)", "PLA Unit 61398" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/", "https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html", "https://www.securityinfowatch.com/cybersecurity/article/53098118/the-us-electric-industry-is-not-responding-to-cyber-vulnerable-chinese-equipment" ], "sources_attribution": [ "https://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/", "https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html" ] }, { "ID": 328, "name": "Ocean Lotus (vs. China)", "description": "Last week, SkyEye, Qihoo 360\u2019s threat intelligence service, released a report entitled OceanLotus. The report describes the working of an APT (Advanced Persistent Threat) group engaged for at least three years in cyber espionage against Chinese targets, including ocean affairs agencies, the departments in charge of China\u2019s territorial waters, research institutes, and aviation, aeronautics, and shipping companies.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "328_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Water", "Not available", "Not available" ] } ], "initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 405, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report" ], "sources_attribution": [ "https://www.cfr.org/blog/oceanlotus-china-hits-back-its-own-cybersecurity-report" ] }, { "ID": 329, "name": "Operation Beebus/APT 1", "description": "Allegedly a Chinese-state-sponsored group spied on US defense and aerospace companies.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "329_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Defence industry", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 406, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html" ] }, { "ID": 330, "name": "Operation Quantum Entanglement/MoafeeGroup", "description": "The attack group \u201cMoafee\u201d (named after their command and control infrastructure) appears to operate out of the Guangdong province in China and is known to target the governments and military organizations of countries with national interests in the South China Sea.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "330_0", "receiver_name": null, "receiver_country": "Southeast Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] }, { "receiver_id": "330_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Moafee Group" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 407, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moafee Group" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Resources" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 331, "name": "Ox Omer leaks Saudi Credit Data", "description": "An Israeli hacker published details of hundreds of Saudi creditcards online in revenge for acts by Arab hackers.", "added_to_DB": "2022-08-15", "start_date": "2012-01-11", "end_date": "2012-01-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "331_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "OxOmer" ], "initiator_country": [ "Israel" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 408, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "OxOmer" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://english.alarabiya.net/articles/2012/01/11/1", "http://www.bbc.com/news/world-middle-east-16526067" ], "sources_attribution": [ "http://www.bbc.com/news/world-middle-east-16526067" ] }, { "ID": 332, "name": "Molerats deface Israeli Fire Service", "description": "A group of hackers claiming to be from the Gaza Strip succeeded on Thursday night in hacking into the Israeli Fire and Rescue Services' official website's homepage was changed to black with a sneering message from the hackers to the Israeli government.", "added_to_DB": "2022-08-15", "start_date": "2012-01-13", "end_date": "2012-01-13", "updated_at": "2024-02-15", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "332_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Terrorist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17167, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MoleRATs/Extreme Jackal/Blackstem/Gaza Hackers Team/TA402/WIRTE/Frankenstein/Moonlight/Gaza Cybergang Group 1 < Gaza Cybergang" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Terrorist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.ynetnews.com/articles/0,7340,L-4175183,00.html", "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion", "https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website" ], "sources_attribution": [ "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion", "https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website" ] }, { "ID": 333, "name": "Nightmare disrupts Israeli Site", "description": "Saudi hackergroup 'Nightmare', lead by 0xOmar, shortly disrupted the websites of the Tel Aviv Stock Exchange, El Al Airlines and several commercial banks. ", "added_to_DB": "2022-08-15", "start_date": "2012-01-16", "end_date": "2012-01-16", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "333_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation", "Finance" ] } ], "initiator_name": [ "Nightmare(OxOmar)" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6706, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Nightmare(OxOmar)" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-israel-hackers/israel-rattled-as-hackers-hit-bourse-banks-el-al-idUSTRE80F0V220120116", "https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html" ], "sources_attribution": [ "https://www.telegraph.co.uk/news/worldnews/middleeast/israel/9019204/Hackers-disrupt-Tel-Aviv-Stock-Exchange-and-El-Al.html" ] }, { "ID": 334, "name": "IDF-Team takes down Stock Exchanges", "description": "Israeli hackers brought down the websites of both the Saudi Stock Exchange (Tadawul) and the Abu Dhabi Securities Exchange (ADX) Tuesday, in the latest episode of a continuing cyberwar between hackers in the two countries.", "added_to_DB": "2022-08-15", "start_date": "2012-01-17", "end_date": "2012-01-17", "updated_at": "2023-02-09", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "334_0", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] }, { "receiver_id": "334_1", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "IDF-Team" ], "initiator_country": [ "Israel" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6705, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "IDF-Team" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.haaretz.com/1.5166851" ], "sources_attribution": [ "Not available" ] }, { "ID": 335, "name": "Anonymous revenge for Megaupload Shutdown", "description": "Department of Justice, FBI, and Universal Music sites hacked after Megaupload shutdown, Anonymous claims credit", "added_to_DB": "2022-08-15", "start_date": "2012-01-20", "end_date": "2012-01-20", "updated_at": "2023-04-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "335_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Civil service / administration", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 412, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtonpost.com/business/economy/department-of-justice-site-hacked-after-megaupload-shutdown-anonymous-claims-credit/2012/01/20/gIQAl5MNEQ_story.html?utm_term=.a9426cb8a27d", "https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/", "https://tarnkappe.info/artikel/hintergrundberichte/beruehmte-hacker-die-uns-noch-lange-in-erinnerung-bleiben-werden-teil-4-273234.html" ], "sources_attribution": [ "https://www.hackread.com/us-top-government-security-website-hacked-by-anonymous-and-login-details-leaked/" ] }, { "ID": 336, "name": "Anonymous takes down Israeli hospital and newspaper websites", "description": "Anonymous Palestina shuts down two Israeli hospital websites and one newspaper website.", "added_to_DB": "2022-08-15", "start_date": "2012-01-25", "end_date": "2012-01-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "336_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "Media" ], "receiver_category_subcode": [ "Health", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 413, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.haaretz.com/1.5174761", "http://jerusalemworldnews.com/2012/01/25/palestinian-hackers-jam-israeli-hospital-websites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 337, "name": "Mofang_ShimRat", "description": "A threatgroup called \"Mofang\" believed to be affiliated with the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware\"ShimRat\".", "added_to_DB": "2022-08-15", "start_date": "2012-02-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "337_0", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "337_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "337_2", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "337_3", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "337_4", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "337_5", "receiver_name": null, "receiver_country": "Singapore", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Mofang" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 414, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Mofang" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/chinese-attackers-conduct-cyberespionage-economic-gain", "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ], "sources_attribution": [ "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ] }, { "ID": 338, "name": "Anonmyous leaks Conversation between FBI and Scotland Yard", "description": "Anonymous hacks into phone call between FBI and Scotland Yard, leaks recordings.", "added_to_DB": "2022-08-15", "start_date": "2012-02-03", "end_date": "2012-02-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "338_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] }, { "receiver_id": "338_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 415, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2012/feb/03/anonymous-hacks-call-fbi-scotland-yard" ], "sources_attribution": [ "Not available" ] }, { "ID": 339, "name": "SilentHacker Defaces Bangladeshi Pages", "description": "Indian hacker \"SilentHacker\"defaces 30 Bangladeshi government websites.", "added_to_DB": "2022-08-15", "start_date": "2012-02-09", "end_date": "2012-02-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "339_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Silent Hacker" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 416, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Silent Hacker" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.infosecurity-magazine.com/news/cyberwar-between-india-and-bangladesh-escalates/" ], "sources_attribution": [ "Not available" ] }, { "ID": 340, "name": "Anonymous takedown of CIA website", "description": "Anonymous takes down CIA website in large-scale DDos attack.", "added_to_DB": "2022-08-15", "start_date": "2012-02-11", "end_date": "2012-02-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "340_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 417, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/world-us-canada-16993488", "https://www.hackread.com/cia-website-hacked-taken-down-by-anonymous/", "https://www.rt.com/news/anonymous-cia-interpol-down-702/" ], "sources_attribution": [ "https://www.rt.com/news/anonymous-cia-interpol-down-702/" ] }, { "ID": 341, "name": "Indishell defaces Bangladeshi government pages", "description": "Indians hacking Group \"Indishell\" deface 38 Bangladeshi government websites, including ministry of\u00a0the ministries are communications, youth and sports, primary and mass education,\u00a0Trading Corporation of Bangladesh, leaving remarks on border disputes.", "added_to_DB": "2022-08-15", "start_date": "2012-02-11", "end_date": "2012-02-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "341_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Indishell" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 418, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Indishell" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2012/02/38-bangladeshi-government-sites-defaced.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 342, "name": "Black Hat Hackers defaces Indian Pages", "description": "Bangaldeshi group Black Hat Hackers hack into roughly 10000 Indian websites, including governmental ones.", "added_to_DB": "2022-08-15", "start_date": "2012-02-12", "end_date": "2012-02-12", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "342_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Black Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 419, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Black Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/over-200-bangladeshi-government-and-private-websites-hacked-by-indishell/", "https://www.hackread.com/over-20000-indian-websites-hacked-by-bangladeshi-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 343, "name": "Bangladesh Cyber Army hack indian regional government", "description": "Bangladeshi hackers deface website of Indian local government (and claim to have hacked 20,000 other pages), leave message that calls for end of innocent killings at border.", "added_to_DB": "2022-08-15", "start_date": "2012-02-15", "end_date": "2012-02-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "343_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 420, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/indian-kaliabor-sub-division-government-website-hacked-by-bangladesh-cyber-army/", "https://www.kahawatungu.com/2012/02/15/bangladesh-hackers-engages-indian-hackers-in-major-cyber-warfare/" ], "sources_attribution": [ "Not available" ] }, { "ID": 344, "name": "rOOtw0rm vs. UNEP", "description": "The hacking group\u00a0rOOtw0rm\u00a0hacked and leaked the\u00a0database of\u00a0United Nations Environment Programme\u00a0UNEP, including admin login and usersdata. UNEP's website service was also disrupted.", "added_to_DB": "2022-08-15", "start_date": "2012-02-28", "end_date": "2012-02-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "344_0", "receiver_name": null, "receiver_country": "United Nations", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "rOOtw0rm" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 421, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "rOOtw0rm" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/united-nations-environment-programme-database-leaked-by-r00tw0rm/" ], "sources_attribution": [ "Not available" ] }, { "ID": 345, "name": "Anonymous disrupt Interpol", "description": "Anonymous disrupts website of Interpol with DDos attack, after the arrest of 25 alleged hackers.", "added_to_DB": "2022-08-15", "start_date": "2012-02-29", "end_date": "2012-02-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "345_0", "receiver_name": null, "receiver_country": "Interpol", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 422, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2012/feb/29/interpol-website-cyber-attack" ], "sources_attribution": [ "Not available" ] }, { "ID": 346, "name": "Op Freedom Palestine & Kashmir", "description": "OP Palestine and\u00a0Kashmir", "added_to_DB": "2022-08-15", "start_date": "2012-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "346_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Other" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Pak Cyber Pirates" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 423, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pak Cyber Pirates" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Autonomy" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/over-400-indian-websites-hacked-pak-cyber-pyrates-for-opfreedom-palestine-kashmir/" ], "sources_attribution": [ "Not available" ] }, { "ID": 347, "name": "Anonymous takes down Vatikan Pages 2012", "description": "Anonymous brings down Vatican website", "added_to_DB": "2022-08-15", "start_date": "2012-03-01", "end_date": "2012-03-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "347_0", "receiver_name": null, "receiver_country": "Holy See (Vatican City State)", "receiver_region": "EUROPE", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Telecommunications" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 424, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/official-vatican-radio-website-hacked-once-again-by-anonymous/" ], "sources_attribution": [ "Not available" ] }, { "ID": 348, "name": "YeiZeta Data Leak", "description": "Pentagon and Mexican Presidential Servers Hacked", "added_to_DB": "2022-08-15", "start_date": "2012-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "348_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "348_1", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "YeiZeta" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 425, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "YeiZeta" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/pentagon-and-mexican-presidential-servers-hacked-by-yei-zeta-and-database-leaked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 349, "name": "Muslim Liberation Army Defacement of Indian pages", "description": "Indian websites hacked by MLA", "added_to_DB": "2022-08-15", "start_date": "2012-03-01", "end_date": "2012-03-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "349_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available", "Not available" ] } ], "initiator_name": [ "Muslim Liberation Army" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 426, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Muslim Liberation Army" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/2300-indian-websites-hacked-including-government-and-online-channels-websites-by-muslim-liberation-army-mla/" ], "sources_attribution": [ "Not available" ] }, { "ID": 350, "name": "Guardian on\u00a0Iranian cyber-attack", "description": "BBC fears Iranian cyber-attack over its Persian TV service", "added_to_DB": "2022-08-15", "start_date": "2012-03-02", "end_date": "2012-03-02", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "350_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 427, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/media/2012/mar/14/bbc-fears-iran-cyber-attack-persian" ], "sources_attribution": [ "Not available" ] }, { "ID": 351, "name": "Cyberwar against Israel for freedom of Palestine", "description": "34 Israeli Websites hacked by GaZaHaCkeRTeam", "added_to_DB": "2022-08-15", "start_date": "2012-03-21", "end_date": "2012-03-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "351_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "GaZaHaCkeRTeam" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 428, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "GaZaHaCkeRTeam" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/34-israeli-websites-hacked-by-gaza-hacker-team/" ], "sources_attribution": [ "Not available" ] }, { "ID": 352, "name": "Pirate Cr3wdoxxes Israeli Parliament", "description": "Massive Israeli Government Doxby PirateCr3w", "added_to_DB": "2022-08-15", "start_date": "2012-03-25", "end_date": "2012-03-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "352_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Government / ministries" ] } ], "initiator_name": [ "PirateCr3w" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 429, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "PirateCr3w" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/massive-israeli-government-dox-by-piratecr3w/" ], "sources_attribution": [ "Not available" ] }, { "ID": 353, "name": "Team P0ison Defaces NATO Website", "description": "Official NATO Croatia Website defaced", "added_to_DB": "2022-08-15", "start_date": "2012-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "353_0", "receiver_name": null, "receiver_country": "Croatia", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Team P0ison" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 430, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team P0ison" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/official-nato-croatia-website-defaced-by-teamp0ison/" ], "sources_attribution": [ "Not available" ] }, { "ID": 354, "name": "AlQaedaSec DDOS vs. NYC", "description": "DDOS attack on the official site of New York City", "added_to_DB": "2022-08-15", "start_date": "2012-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "354_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Al Qaeda Sec" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 431, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Al Qaeda Sec" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/AlQaedaSec-Launch-DDOS-Attack-on-New-York-City-Website-264960.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 355, "name": "Anonymous attacks chinese government sited", "description": "Anonymous hackers attack Chinese govt websites", "added_to_DB": "2022-08-15", "start_date": "2012-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "355_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Media", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Military" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 432, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://tvnewswatch.blogspot.de/2012/04/anonymous-hackers-attack-chinese-govt.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 356, "name": "Team GhostShell hack Uarkansas", "description": "Team GhostShell Hacks University of Arkansas Computer Store", "added_to_DB": "2022-08-15", "start_date": "2012-04-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "356_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Science" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Team Ghostshell" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 433, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team Ghostshell" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Team-GhostShell-Hacks-University-of-Arkansas-Computer-Store-264675.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 357, "name": "Anonymous DDOS CIA Part II", "description": "(DDOS) attacks against the official site of the Central Intelligence Agency", "added_to_DB": "2022-08-15", "start_date": "2012-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "357_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 434, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Hackers-Launch-DDOS-Attacks-on-CIA-and-DOD-Sites-264665.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 358, "name": "The Unknowns hack NASA", "description": "The Unknowns' hack NASA", "added_to_DB": "2022-08-15", "start_date": "2012-04-20", "end_date": "2012-04-20", "updated_at": "2023-05-26", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "358_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "The Unknowns" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 435, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "The Unknowns" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.pri.org/stories/2012-05-04/unknowns-hack-nasa" ], "sources_attribution": [ "Not available" ] }, { "ID": 359, "name": "Wiper", "description": "Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April, sharing some similarities with Stuxnet, Duqu, Gauss and Flame, according to Kaspersky.", "added_to_DB": "2022-08-15", "start_date": "2012-04-21", "end_date": "2012-04-30", "updated_at": "2023-03-16", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "359_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 3192, "settled": false, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 3193, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html", "https://www.wired.com/2012/08/wiper-possible-origins/", "https://securelist.com/what-was-that-wiper-thing-48/34088/" ], "sources_attribution": [ "https://securelist.com/what-was-that-wiper-thing-48/34088/" ] }, { "ID": 360, "name": "UgNazi vs. CIA", "description": "UG NaziHackers Launch DDOS Attacks on CIA", "added_to_DB": "2022-08-15", "start_date": "2012-04-24", "end_date": "2012-04-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "360_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "UGNazi" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 438, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "UGNazi" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/UGNazi-Hackers-Launch-DDOS-Attack-on-CIA-DOJ-Site-to-Protest-CISPA-266033.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 361, "name": "Defacement of Taliban Website", "description": "Taliban website hacked", "added_to_DB": "2022-08-15", "start_date": "2012-04-26", "end_date": "2012-04-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "361_0", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 439, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/net-us-afghanistan-taliban-hacking/taliban-website-hacked-as-afghan-cyber-war-heats-up-idUSBRE83Q09I20120427" ], "sources_attribution": [ "Not available" ] }, { "ID": 362, "name": "Mofang_ShimRat Reporter", "description": "A threatgroup called \"Mofang\" believed to be affiliated with the Chinese government has been conducting cyberespionage operations against Myanmar and other countries for economic gain, using the malware\"ShimRatReporter\".", "added_to_DB": "2022-08-15", "start_date": "2012-05-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "362_0", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "362_1", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "362_2", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "362_3", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "362_4", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "362_5", "receiver_name": null, "receiver_country": "Singapore", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Mofang" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 440, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Mofang" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ], "sources_attribution": [ "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ] }, { "ID": 363, "name": "Anonymous vs. DOJ", "description": "Anonymous Hacks Department of Justice", "added_to_DB": "2022-08-15", "start_date": "2012-05-22", "end_date": "2012-05-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "363_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Judiciary" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 441, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 442, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://mashable.com/2012/05/22/anonymous-department-justice/#YTbwFNx45ZqN" ], "sources_attribution": [ "Not available" ] }, { "ID": 364, "name": "Zcompany Hacking Crew hacks government pages", "description": "Government & Civilian Websites Hacked by Zcompany Hacking Crew", "added_to_DB": "2022-08-15", "start_date": "2012-05-29", "end_date": "2012-05-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "364_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Zcompany Hacking Crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 443, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zcompany Hacking Crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/1846-government-civilian-websites-hacked-by-z-company-hacking-crew/" ], "sources_attribution": [ "Not available" ] }, { "ID": 365, "name": "Bangladeshi Cyber Army Declares War", "description": "Bangladeshi Cyber Army Declares War on Myanmar", "added_to_DB": "2022-08-15", "start_date": "2012-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "365_0", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "International / supranational organization", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 444, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Bangladeshi-Cyber-Army-Declares-War-on-Myanmar-Attacks-Websites-276450.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 366, "name": "Danish Car Register Hacked", "description": "Hackers have got into the identity register", "added_to_DB": "2022-08-15", "start_date": "2012-06-01", "end_date": "Not available", "updated_at": "2023-10-20", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "366_0", "receiver_name": null, "receiver_country": "Denmark", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 445, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://politiken.dk/newsinenglish/art5450702/Hackers-have-got-into-the-identity-register" ], "sources_attribution": [ "Not available" ] }, { "ID": 367, "name": "Anonymous vs. ARE", "description": "The hacking group Anonymous leaked data from the netfilter server of the United Arab Emirates", "added_to_DB": "2022-08-15", "start_date": "2012-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "367_0", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 446, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-from-United-Arab-Emirates-Netfilter-Servers-278274.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 368, "name": "Project Hell Fire Leak", "description": "Massive Leak: Project Hell Fire Hackers Dump 1 Million Accounts from 100 Sites", "added_to_DB": "2022-08-15", "start_date": "2012-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "368_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Team Ghostshell" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 447, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team Ghostshell" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.csoonline.com/article/2223032/microsoft-subnet/massive-leak--project-hellfire-hackers-dump-1-million-accounts-from-100-sites.html", "https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/" ], "sources_attribution": [ "https://www.imperva.com/blog/analyzing-the-team-ghostshell-attacks/" ] }, { "ID": 369, "name": "Myanmar CyberArmy strikes back against Bangladesh", "description": "92 Bangladeshi Government Sites Taken Down", "added_to_DB": "2022-08-15", "start_date": "2012-06-19", "end_date": "2012-06-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "369_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "Media", "Other" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Myanmar Cyber Army" ], "initiator_country": [ "Myanmar" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 448, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Myanmar Cyber Army" ], "attributed_initiator_country": [ "Myanmar" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Myanmar-Hackers-Fight-Back-92-Bangladeshi-Government-Sites-Taken-Down-276714.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 370, "name": "Hitcher vs. Knesset", "description": "Israeli Government Site Hacked", "added_to_DB": "2022-08-15", "start_date": "2012-06-26", "end_date": "2012-06-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft", "Disruption" ], "receivers": [ { "receiver_id": "370_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Hitcher" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 449, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Hitcher" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Israeli-Government-Site-Hacked-in-Protest-Against-Mr-Badoo-s-Arrest-277842.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 371, "name": "Iran Hack Security Team Hacks Israeli Pages", "description": "45 Israeli Websites hacked by Iran Hack SecurityTeam", "added_to_DB": "2022-08-15", "start_date": "2012-06-27", "end_date": "2012-06-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "371_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Iran Hack Security Team" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 450, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Iran Hack Security Team" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Subnational predominance" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/45-israeli-websites-hacked-by-iran-hack-security-team/" ], "sources_attribution": [ "Not available" ] }, { "ID": 372, "name": "Anonymous vs. Tamil Cyber Crime Cell", "description": "Tamil Nadu\u2019s Cyber Crime Cell website taken by Anonymous", "added_to_DB": "2022-08-15", "start_date": "2012-07-01", "end_date": "Not available", "updated_at": "2023-10-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "372_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 451, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/tamil-nadus-cyber-crime-cell-website-taken-by-anonymous/" ], "sources_attribution": [ "Not available" ] }, { "ID": 373, "name": "Poltergeist h4cker hacks Iranian and Chinese Websites", "description": "66 Iranian and Chinese websites hacked by Poltergeist h4cker", "added_to_DB": "2022-08-15", "start_date": "2012-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "373_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "373_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Poltergeisth4cker" ], "initiator_country": [ "Netherlands" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 452, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Poltergeisth4cker" ], "attributed_initiator_country": [ "Netherlands" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/66-iranian-and-chinese-websites-hacked-by-poltergeisth4cker-from-netherlands/" ], "sources_attribution": [ "Not available" ] }, { "ID": 374, "name": "NullCrew vs. PBS and WHO", "description": "PBS and World Health Organization Hacked, User Details Leaked", "added_to_DB": "2022-08-15", "start_date": "2012-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "374_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "International / supranational organization", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Null Crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 453, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Null Crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/PBS-and-World-Health-Organization-Allegedly-Hacked-User-Details-Leaked-281123.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 375, "name": "Sharp-Cyber-Group vs. Indian Websites", "description": "216 Indian Websites hacked by Hcrack2ofSharp-CyberGroup", "added_to_DB": "2022-08-15", "start_date": "2012-07-13", "end_date": "2012-07-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "375_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Other" ], "receiver_category_subcode": [ "Political parties", "Not available" ] } ], "initiator_name": [ "Sharp-Cyber-Group" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 454, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sharp-Cyber-Group" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/216-indian-websites-hacked-by-hcrack2-of-sharp-cyber-group/" ], "sources_attribution": [ "Not available" ] }, { "ID": 376, "name": "OP Free Assange Part II", "description": "Anonymous Attacks UK Home Office, DWP, Ministry of Justice in Op Free Assange", "added_to_DB": "2022-08-15", "start_date": "2012-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "376_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Not available", "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 455, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Attacks-UK-Home-Office-DWP-Ministry-of-Justice-in-OpFreeAssange-287189.shtml", "http://www.bbc.com/news/uk-wales-19381444", "https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange" ], "sources_attribution": [ "http://www.bbc.com/news/uk-wales-19381444", "https://www.theguardian.com/technology/2012/aug/21/anonymous-hits-government-websites-julian-assange" ] }, { "ID": 377, "name": "Anonymous vs. Uganda", "description": "Uganda Government Websites Hacked By Anonymous In Defense Of Gay Pride, LGBT Rights", "added_to_DB": "2022-08-15", "start_date": "2012-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "377_0", "receiver_name": null, "receiver_country": "Uganda", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 456, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 378, "name": "SEA vs. Reuters Round I 2012", "description": "Disinformation flies in Syria's growing cyberwar: Reuters Twitter Account hacked allegedly by Assad-supporters.", "added_to_DB": "2022-08-15", "start_date": "2012-08-03", "end_date": "2012-08-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "378_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 457, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-syria-crisis-hacking/disinformation-flies-in-syrias-growing-cyber-war-idUSBRE8760GI20120807" ], "sources_attribution": [ "Not available" ] }, { "ID": 379, "name": "Saudi Aramco/Shamoon", "description": "Cyberattack on Saudi Firm Saudi Aramco, by the self-proclaimed Hacking Group \"Cutting Sword of Justice\". The virus erased data on three-quarters of Aramco\u2019s corporate PCs \u2014 documents, spreadsheets, e-mails, files \u2014 replacing all of it with an image of a burning American flag.", "added_to_DB": "2022-08-15", "start_date": "2012-08-15", "end_date": "Not available", "updated_at": "2023-06-28", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "379_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] }, { "receiver_id": "379_1", "receiver_name": null, "receiver_country": "Qatar", "receiver_region": "GULFC", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 458, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] }, { "attribution_id": 459, "settled": null, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT33/Elfin/MAGNALLIUM/Peach Sandstorm fka HOLMIUM/Magic Hound/G0064/Refined Kitten" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months", "https://cyberscoop.com/iran-peach-sandstorm-apt33/", "https://www.darkreading.com/dr-global/mideast-oil-gas-facilities-could-face-cyber-energy-disruptions", "https://www.wired.com/2012/08/hack-attack-strikes-rasgas/", "https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html", "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/", "https://www.reuters.com/article/saudi-attack-idUSL5E8N91UE20121209", "https://arstechnica.com/information-technology/2022/12/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere/", "https://cyberscoop.com/pro-iranian-abraham-ax-saudi-israel-moses-staff/", "https://twitter.com/780thC/status/1618571785276100609", "https://twitter.com/DarkReading/status/1620558295672012807" ], "sources_attribution": [ "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=281521ea-2d18-4bf9-9e88-8b1dc41cfdb6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/" ] }, { "ID": 380, "name": "Anonymous defaces Page of Pritish Prime Minister", "description": "Hackers Deface website of former British cabinet minister", "added_to_DB": "2022-08-15", "start_date": "2012-08-25", "end_date": "2012-08-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "380_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 461, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 460, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2012/08/hackers-deface-website-of-former.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 381, "name": "HonkerUnion attacks Japan", "description": "Chinese cyberattacks hit Japan over islands dispute", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "381_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary" ] } ], "initiator_name": [ "Honker Union" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 462, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Honker Union" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theglobeandmail.com/news/world/chinese-cyber-attacks-hit-japan-over-islands-dispute/article4553048/" ], "sources_attribution": [ "Not available" ] }, { "ID": 382, "name": "BedU33N vs. UN Department of Agriculture", "description": "US Department of Agriculture Sites Hacked by BedU33N against Anti-Islamic Movie", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "382_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "BedU33N" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 463, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "BedU33N" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/us-department-of-agriculture-sites-hacked-by-bedu33n-against-anti-islamic-movie/" ], "sources_attribution": [ "Not available" ] }, { "ID": 383, "name": "Phillipines CyberArmy vs. Government of Phillipines", "description": "Government of Philippines Hacked by Philippines CyberArmy", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "383_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Philippines Cyber Army" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 464, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Philippines Cyber Army" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/government-of-philippines-hacked-by-philippines-cyber-army/" ], "sources_attribution": [ "Not available" ] }, { "ID": 384, "name": "Domainer and Anonymous Leak Data of the South African Police Department", "description": "South African Police Database Hacked and Leaked by Domainer & Anonymous", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2023-11-21", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "384_0", "receiver_name": null, "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous", "Domainer" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 465, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "Domainer" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/south-african-police-database-hacked-and-leaked-by-domainer-anonymous/" ], "sources_attribution": [ "Not available" ] }, { "ID": 385, "name": "Sizzling Soulhacks Mexican Regional Governments", "description": "Three Mexican Government Websites Hacked by SizzlingSoul Against Anti-Islamic Movie", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "385_0", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Sizzling Soul (Pakistan Cyber Army)" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 466, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sizzling Soul (Pakistan Cyber Army)" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/three-mexican-government-websites-hacked-by-sizzling-soul-against-anti-islamic-movie/" ], "sources_attribution": [ "Not available" ] }, { "ID": 386, "name": "Bangladesh Cyber Army attacks Israeli and Bangladeshi Sites", "description": "25 Israeli and 118 British, Including Government Websites Hacked by Bangladesh Cyber Army", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "386_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "386_1", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 467, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/25-israeli-and118-british-websites-hacked-by-bangladesh-cyber-army/" ], "sources_attribution": [ "Not available" ] }, { "ID": 387, "name": "TurkHackTeam vs. UN and UNESCO", "description": "UNESCO Cuba and UN Philippine Hacked By SaMuRa! Of TurkHackTeam", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "387_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "387_1", "receiver_name": null, "receiver_country": "Cuba", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Turk Hack Team" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 468, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turk Hack Team" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/unesco-cuba-and-un-philippine-hacked-by-samura-of-turk-hack-team/" ], "sources_attribution": [ "Not available" ] }, { "ID": 388, "name": "Godzilla pentrated Database of Pakistan Army", "description": "IndianHacker Claims to Leak Database of Pakistan Army and KSE Websites", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "388_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Godzilla" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 469, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Godzilla" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/indian-hacker-claims-to-leak-database-of-pakistan-army-and-kse-websites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 389, "name": "RedHack leak Data of Turkish Ministry of Culture", "description": "Turkish Ministry of Culture & Tourism Website Taken Down by RedHack Hackers", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "389_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 470, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/turkish-ministry-of-culture-tourism-website-taken-down-by-redhack-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 390, "name": "PennState University Hack", "description": "Hackers from China infiltrated the computer systems of Pennsylvania State University\u2018s College of Engineering, gaining usernames and passwords in what investigators described as a sophisticated cyberattack that lasted more than two years.", "added_to_DB": "2022-08-15", "start_date": "2012-09-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Not available", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "390_0", "receiver_name": "Penn State University", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Education" ], "receiver_category_subcode": [ "Civil service / administration", "Research", "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 10760, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com" ], "sources_attribution": [ "https://bits.blogs.nytimes.com/2015/05/15/penn-states-college-of-engineering-hit-by-cyberattack/?mtrref=www.google.com" ] }, { "ID": 391, "name": "Website of Al-Jazeera hacked", "description": "Al-Jazeera websites hacked", "added_to_DB": "2022-08-15", "start_date": "2012-09-05", "end_date": "2012-09-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "391_0", "receiver_name": null, "receiver_country": "Qatar", "receiver_region": "GULFC", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 472, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://phys.org/news/2012-09-al-jazeera-websites-hacked.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 392, "name": "Anonymous revenge for Pirate Bay", "description": "Hackers Protest Against Arrest of TPB Co-Founder, 5,000 Documents Leaked", "added_to_DB": "2022-08-15", "start_date": "2012-09-11", "end_date": "2012-09-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "392_0", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 473, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Hackers-Protest-Against-Arrest-of-TPB-Co-Founder-5-000-Documents-Leaked-291495.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 393, "name": "Anonymous vs. NTC Phillipines", "description": "ANONYMOUS BRINGS GOVERNMENT SITES OFFLINE IN PHILIPPINES", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "393_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 474, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://threatpost.com/anonymous-brings-government-sites-offline-philippines-petition-cybercrime-law-100112/77064/" ], "sources_attribution": [ "Not available" ] }, { "ID": 394, "name": "Kosova Hacker\u2019s Security vs. Us_weather.gov", "description": "US Weather.Gov hacked, Data leaked by Kosova Hacker\u2019s Security", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "394_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Kosova Hacker\u2019s Security" ], "initiator_country": [ "United Kingdom" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 475, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Kosova Hacker\u2019s Security" ], "attributed_initiator_country": [ "United Kingdom" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/us-weather-gov-hacked-data-leaked-by-kosova-hackers-security/" ], "sources_attribution": [ "Not available" ] }, { "ID": 395, "name": "CapoO_TunisiAnoO hack vs. Israel", "description": "86 Israeli websites hacked by CapoO_TunisiAnoO", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "395_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "CapoO_TunisiAnoO" ], "initiator_country": [ "Tunisia" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 476, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CapoO_TunisiAnoO" ], "attributed_initiator_country": [ "Tunisia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/86-israeli-websites-hacked-by-capoo_tunisianoo/" ], "sources_attribution": [ "Not available" ] }, { "ID": 396, "name": "BGHH defaces pages", "description": "54 Israeli Sites Defaced by Bangladesh Grey Hat Hackers", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "396_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Bangladesh Grey Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 477, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Grey Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/54-Israeli-Sites-Defaced-by-Bangladesh-Grey-Hat-Hackers-303008.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 397, "name": "LolSec leak Nigerian National Assembly Data", "description": "Nigerian National Assembly Hacked, Huge Database Leaked by @LolSec", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2024-02-19", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "397_0", "receiver_name": null, "receiver_country": "Nigeria", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "LolSec" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 478, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LolSec" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/nigerian-national-assembly-hacked-huge-database-leaked-by-lolsec/", "https://securityaffairs.com/159273/breaking-news/security-affairs-newsletter-round-459-by-pierluigi-paganini-international-edition.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 398, "name": "Mike Mullen Hacked", "description": "US Ex-Military Head Mike Mullen Computers Hacked by Unknown hackers", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "398_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 479, "settled": true, "attribution_year": 2012, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2012" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/us-ex-military-head-mike-mullen-computers-hacked-by-unknown-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 399, "name": "US Media Outlets hacked by the Chinese", "description": "The networks of the WashingtonPost, NewYork Times, Wall Street Journal and Bloomberg have been attacked by Chinese hackers", "added_to_DB": "2022-08-15", "start_date": "2012-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "399_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 480, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?mtrref=undefined&gwh=7F43CD54F8B386F686DA4E46DE17163F&gwt=pay", "https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html" ], "sources_attribution": [ "https://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html" ] }, { "ID": 400, "name": "Op Israel 2012 Bangladeshi Part", "description": "Bangladeshi Hackers Deface 20 Israeli Websites in Support for the People of Palestine", "added_to_DB": "2022-08-15", "start_date": "2012-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "400_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Unknown" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Pakistan Grey Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 481, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pakistan Grey Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Bangladeshi-Hackers-Deface-20-Israeli-Websites-in-Support-for-the-People-of-Palestine-308272.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 401, "name": "Zcompany Hacking Crew hacks government pages in Israel", "description": "Hackers Breach Israeli Vice PM's Twitter, Facebook, YouTube and Blogger Accounts", "added_to_DB": "2022-08-15", "start_date": "2012-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "401_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Zcompany Hacking Crew" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 482, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Zcompany Hacking Crew" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Hackers-Breach-Israeli-Vice-PM-s-Twitter-Facebook-YouTube-and-Blogger-Accounts-308464.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 402, "name": "Muslim Liberation Army vs. Israel", "description": "Israel\u2019s Ministry of National Infrastructures Websites Hacked by Muslim Liberation Army", "added_to_DB": "2022-08-15", "start_date": "2012-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "402_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Muslim Liberation Army" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 483, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Muslim Liberation Army" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/israels-ministry-of-national-infrastructures-webites-hacked-by-muslim-liberation-army/" ], "sources_attribution": [ "Not available" ] }, { "ID": 403, "name": "Yourikan counter attack OP Israel", "description": "Pro-Israel Hacker Disrupts Palestinian Hamas Websites", "added_to_DB": "2022-08-15", "start_date": "2012-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "403_0", "receiver_name": null, "receiver_country": "Palestine", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "Yourikan" ], "initiator_country": [ "Israel" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 484, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Yourikan" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Pro-Israel-Hacker-Disrupts-Palestinian-Hamas-Websites-308821.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 404, "name": "Op Syria", "description": "Anonymous Leak Confidential Emails from Syrian Ministry of Foreign Affairs for #Op Syria", "added_to_DB": "2022-08-15", "start_date": "2012-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "404_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 485, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonymous-leak-emails-from-syrian-government/" ], "sources_attribution": [ "Not available" ] }, { "ID": 405, "name": "Anonymous Cyberwar vs. Israel", "description": "Anonymous declares 'cyberwar' on Israel", "added_to_DB": "2022-08-15", "start_date": "2012-11-12", "end_date": "2012-11-20", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "405_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Intelligence agencies", "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 486, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.huffingtonpost.com/2012/11/17/anonymous-hacks-israel-all-your-base_n_2150881.html", "https://edition.cnn.com/2012/11/19/tech/web/cyber-attack-israel-anonymous/index.html", "https://www.hackread.com/anonymous-destroys-israel-by-hacking-websites-destroying-databases-leaking-emails-passwords-for-opisrael/" ], "sources_attribution": [ "Not available" ] }, { "ID": 406, "name": "Accidental Syrian Internet Blackout", "description": "The NSA accidentally took down the syrian internet in an attempt to infiltrate the syrian telecommunication provider.", "added_to_DB": "2022-08-15", "start_date": "2012-11-29", "end_date": "2012-11-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "406_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "NSA/Equation Group" ], "initiator_country": [ "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 487, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 488, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "NSA/Equation Group" ], "attributed_initiator_country": [ "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war#maincontent" ], "sources_attribution": [ "Not available" ] }, { "ID": 407, "name": "Pakistan CyberArmy vs. Bangladesh", "description": "Pakistan CyberArmy declares war on Chinese, Bangladeshi sites", "added_to_DB": "2022-08-15", "start_date": "2012-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "407_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "407_1", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 489, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theregister.co.uk/2012/12/10/pakistan_cyber_army_hack_bangladesh_china/" ], "sources_attribution": [ "Not available" ] }, { "ID": 408, "name": "MoroccanGhosts attack South Africa", "description": "100 South African Websites hacked by MoroccanGhosts", "added_to_DB": "2022-08-15", "start_date": "2012-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "408_0", "receiver_name": null, "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Moroccan Ghosts" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 490, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moroccan Ghosts" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/100-south-african-websites-hacked-by-moroccan-ghosts/" ], "sources_attribution": [ "Not available" ] }, { "ID": 409, "name": "BGHH vs. Sri Lanka", "description": "22 Sri Lankan Ministry Websites Hacked by Bangladesh Gray Hat Hackers", "added_to_DB": "2022-08-15", "start_date": "2012-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "409_0", "receiver_name": null, "receiver_country": "Sri Lanka", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Bangladesh Grey Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 491, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Grey Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/22-srilankan-ministry-websites-hacked-by-bangladesh-gray-hat-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 410, "name": "BGHH vs. Pakistan", "description": "Bangladeshi Hackers Fight Back, Hack Pakistani Government Sites", "added_to_DB": "2022-08-15", "start_date": "2012-12-01", "end_date": "2012-12-10", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "410_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Judiciary", "Military", "Government / ministries", "Not available" ] } ], "initiator_name": [ "Bangladesh Grey Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 492, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Grey Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Bangladeshi-Hackers-Fight-Back-Hack-Pakistani-Government-Sites-313309.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 411, "name": "H4ksniper vs. SouthAfrica", "description": "Three SA government websites hacked", "added_to_DB": "2022-08-15", "start_date": "2012-12-09", "end_date": "2012-12-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "411_0", "receiver_name": null, "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "H4ksniper" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 493, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "H4ksniper" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Subnational predominance" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://mg.co.za/article/2012-12-09-three-government-websites-hacked" ], "sources_attribution": [ "Not available" ] }, { "ID": 412, "name": "OP India", "description": "#Op India: BSNL Server Hacked, Database Leaked by Anonymous India", "added_to_DB": "2022-08-15", "start_date": "2012-12-13", "end_date": "2012-12-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "412_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 494, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/op_india-bsnl-server-hacked-database-leaked-by-anonymous-india/" ], "sources_attribution": [ "Not available" ] }, { "ID": 413, "name": "Brazil HackTeam vs. Interpol", "description": "Interpol Indonesia Hacked and Defaced by HighTech Brazil HackTeam", "added_to_DB": "2022-08-15", "start_date": "2012-12-25", "end_date": "2012-12-25", "updated_at": "2023-11-23", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "413_0", "receiver_name": null, "receiver_country": "Indonesia", "receiver_region": "SEA", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Brazil Hack Team" ], "initiator_country": [ "Brazil" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 495, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Brazil Hack Team" ], "attributed_initiator_country": [ "Brazil" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/interpol-indonesia-hacked-and-defaced-by-hightech-brazil-hackteam/" ], "sources_attribution": [ "Not available" ] }, { "ID": 414, "name": "Guatemala state surveillance", "description": "The Guatemalan government purchased surveillance tools (Pegasus, Circles) in order to monitor political opponents, activists and journalists.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2024-02-06", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "414_0", "receiver_name": null, "receiver_country": "Guatemala", "receiver_region": "CENTAM", "receiver_category": [ "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats", "Not available", "Not available" ] } ], "initiator_name": [ "General Directoral of Civil Intelligence (DIGICI)" ], "initiator_country": [ "Guatemala" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 496, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "General Directoral of Civil Intelligence (DIGICI)" ], "attributed_initiator_country": [ "Guatemala" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 497, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "General Directoral of Civil Intelligence (DIGICI)" ], "attributed_initiator_country": [ "Guatemala" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/", "https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F" ], "sources_attribution": [ "https://translate.google.com/translate?sl=auto&tl=de&u=https%3A%2F%2Fnomada.gt%2Fpais%2Fla-corrupcion-no-es-normal%2Fespionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i%2F" ] }, { "ID": 415, "name": "Moroccan government vs. Human rights organization", "description": "The Moroccan human rights activist Hisham Almiraat accuses the moroccan government of compromising his organization \"Mamfakinch\" after it won the Google-Global Voices Breaking Border award for promoting dialogue and democratic values.", "added_to_DB": "2022-08-15", "start_date": "2012-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "415_0", "receiver_name": null, "receiver_country": "Morocco", "receiver_region": "MENA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 499, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 498, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/" ], "sources_attribution": [ "https://www.amnesty.org/en/latest/research/2016/12/how-a-hacking-campaign-helped-shut-down-an-award-winning-news-site/" ] }, { "ID": 416, "name": "North Korea espionage campaign", "description": "North Korean state-sponsored hacking group APT37 conducted a perennial espionage campaign on South Korea, Japan, Vietnam and the Middle East.", "added_to_DB": "2022-08-15", "start_date": "2012-01-01", "end_date": "Not available", "updated_at": "2023-03-06", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "416_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Transportation", "Health", "Telecommunications", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "416_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Transportation", "Health", "Telecommunications", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "416_2", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Transportation", "Health", "Telecommunications", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "416_3", "receiver_name": null, "receiver_country": "Middle East (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Transportation", "Health", "Telecommunications", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)", "Political opposition / dissidents / expats", "Not available" ] } ], "initiator_name": [ "APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 500, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ], "sources_attribution": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ] }, { "ID": 417, "name": "ShiqiangGroup vs. Taiwan", "description": "Targeted Attack On Taiwanese Government & Tibetan Activists Open, allegedly by the Chinese Shiqianggang.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-03-28", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "417_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "417_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Shiqiang Group" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 501, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Shiqiang Group" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html", "https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html" ], "sources_attribution": [ "https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html", "https://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html" ] }, { "ID": 418, "name": "Operation WiltedTulip", "description": "Espionage Campaign by the allegedly Iranian APT Copykittens", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-07-31", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "418_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "418_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "418_2", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "418_3", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "418_4", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "418_5", "receiver_name": null, "receiver_country": "Jordan", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Not available", "Not available" ] } ], "initiator_name": [ "CopyKittens/Slayer Kitten/G0052" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 502, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "CopyKittens/Slayer Kitten/G0052" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.ibtimes.co.uk/copykittens-iran-linked-cyber-espionage-group-lacks-sophistication-still-successful-1632024", "https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" ], "sources_attribution": [ "https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" ] }, { "ID": 419, "name": "ThripGroup", "description": "A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2024-04-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "419_0", "receiver_name": null, "receiver_country": "Southeast Asia (region)", "receiver_region": "Not available", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] }, { "receiver_id": "419_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "Thrip" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 503, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Thrip" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-china-usa-cyber/china-based-campaign-breached-satellite-defense-companies-symantec-idUSKBN1JF2X0", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" ], "sources_attribution": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" ] }, { "ID": 420, "name": "Operation Iron Tiger Part2/Emissary Panda", "description": "In 2013, Iron Tiger\u2019s targets individuals in US defense-and technology-related fields like a erospace, energy, etc. It\u2019s important to note that research has not shown an explicit, state-sponsored connection but the case shows that attackers don\u2019t need to be connected to a state to engage in politically motivated activities.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-05-16", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "420_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Telecommunications", "Defence industry", "Not available" ] } ], "initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 504, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.erai.com/CustomUploads/ca/wp/2015_12_wp_operation_iron_tiger.pdf", "https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177", "https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states", "https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html" ], "sources_attribution": [ "https://www.cbc.ca/news/canada/montreal/emissary-panda-chinese-hackers-cyberattack-icao-1.5034177", "https://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states" ] }, { "ID": 421, "name": "Ajax Security Team aka Rocket Kitten 2013-2014", "description": "With the aim of cyber-espionage the at least state-encouraged Iranian hacking group \u00a0Ajax Security Team have attacked companies in the U.S. and domestic users of anti-censorship technology.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "421_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Defence industry", "Not available" ] }, { "receiver_id": "421_1", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Defence industry", "Not available" ] } ], "initiator_name": [ "Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130", "Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130" ], "initiator_country": [ "Iran, Islamic Republic of", "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 505, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130", "Flying Kitten/Ajax Security Team/Rocket Kitten/Saffron Rose/G0130" ], "attributed_initiator_country": [ "Iran, Islamic Republic of", "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power", "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf" ], "sources_attribution": [ "https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf" ] }, { "ID": 422, "name": "Operation SnowMan-->DeputyDog aka APT 17", "description": "Hackers from APT 17, an alleged Chinese state-proxy, according to Proofpoint and Intrusion Truth years later, are using a zero day vulnerability in Microsoft's Internet Explorer webbrowser and targeting US military personnels in an active attack campaign via the US Veterans of Foreign Wars website.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "422_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Military", "Not available" ] } ], "initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 507, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 506, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Axiom/APT17/Tailgater Team/Group 72/Dogfish/G0001 (MSS, Jinan Bureau) <\u00a0Winnti Umbrella/G0044\u00a0" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html", "https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/", "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures" ], "sources_attribution": [ "https://intrusiontruth.wordpress.com/2019/07/24/APT 17-is-run-by-the-jinan-bureau-of-the-chinese-ministry-of-state-security/", "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-APT -actors-use-fake-game-thrones-leaks-lures" ] }, { "ID": 423, "name": "Operation\u201cKimsuky\u201d", "description": "The Kimsuky cyberespionage campaign appears to be originated in NorthKorea and hit numerous organizations, eleven of which located in the South Korea and two in China. The attackers infected victims with a malware able to remote controls the PC, loggingkey strokes, stealing HWP documents.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "423_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Government / ministries", "Not available", "Not available" ] }, { "receiver_id": "423_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 508, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/" ], "sources_attribution": [ "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/" ] }, { "ID": 424, "name": "APT 41", "description": "FireEye Intelligence released a comprehensive report detailing APT 41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "424_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 509, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://content.fireeye.com/APT-41/website-APT41-blog", "https://content.fireeye.com/APT -41/website-APT 41-blog" ], "sources_attribution": [ "https://content.fireeye.com/APT -41/website-APT 41-blog" ] }, { "ID": 425, "name": "Attor Spyplatform", "description": "Unknown actors developed an spyplatform that managed to misuse various sites in the Russian language space, to force an targeted espionage campaign", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "425_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available" ] }, { "receiver_id": "425_1", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available" ] }, { "receiver_id": "425_2", "receiver_name": null, "receiver_country": "Slovakia", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 510, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/" ], "sources_attribution": [ "Not available" ] }, { "ID": 426, "name": "Finnish MFA Hacked by Turla", "description": "Finnish Foreign Ministry hacked by Turla", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "426_0", "receiver_name": null, "receiver_country": "Finland", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 511, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 512, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.scmagazine.com/finlands-foreign-ministry-hacked-by-russian-or-chinese-spies/article/528907/", "https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548" ], "sources_attribution": [ "https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548" ] }, { "ID": 427, "name": "Anonymous vs. Azerbaijani Government", "description": "Anonymous leaked internal data of the Special State Protection Service of Azerbaijan", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "2013-01-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "427_0", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Police", "Intelligence agencies" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 513, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.databreaches.net/1-7gb-documents-leaked-from-special-state-protection-service-of-azerbaijan/" ], "sources_attribution": [ "Not available" ] }, { "ID": 428, "name": "Operation Toohash", "description": "Targeted attack campaign against various governments and companies in the Great Chinese Area, reported by German IT Company G data.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "428_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 514, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 429, "name": "Guccifer Affair Leak", "description": "The Romanian Hacker Guccifer leaked Emails between Colin Powell and MEP Corina Cretu", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2024-02-22", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "429_0", "receiver_name": " Diplomat Corina Cretu", "receiver_country": "Romania", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Legislative", "Not available" ] }, { "receiver_id": "429_1", "receiver_name": "Goverment officials", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Legislative", "Not available" ] } ], "initiator_name": [ "Guccifer" ], "initiator_country": [ "Romania" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 14720, "settled": false, "attribution_year": 2013, "attribution_month": 12, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Romania" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Guccifer" ], "attributed_initiator_country": [ "Romania" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013-12" ] }, { "attribution_id": 14721, "settled": true, "attribution_year": 2014, "attribution_month": 1, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Romania" ], "attributing_actor": [ "Romanian Directorate for Investigating Organized Crime and Terrorism" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Guccifer" ], "attributed_initiator_country": [ "Romania" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014-1" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.nbcnews.com/news/world/guccifer-hacker-who-leaked-bush-paintings-sentenced-jail-n124556", "https://www.ilpost.it/2024/02/21/julian-assange-storia-wikileaks/" ], "sources_attribution": [ "Not available" ] }, { "ID": 430, "name": "Cobalt Dickens (Mabna Institute)", "description": "US Department of Justice accuses Iranian hackers going by the handle \"Cobalt Dickens\"(Secure works) of stealing data from universities in the US, Germany and 20 other countries.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-10-26", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "430_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_1", "receiver_name": null, "receiver_country": "Denmark", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_2", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_3", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_4", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_5", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_6", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_7", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_8", "receiver_name": null, "receiver_country": "Italy", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] }, { "receiver_id": "430_9", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)", "Islamic Revolutionary Guard Corps (IRGC)" ], "initiator_country": [ "Iran, Islamic Republic of", "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 13889, "settled": false, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)", "Islamic Revolutionary Guard Corps (IRGC)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of", "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 13890, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "COBALT DICKENS/Silent Librarian/TA407/G0122 (Mabna Institute)", "Islamic Revolutionary Guard Corps (IRGC)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of", "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.heise.de/newsticker/meldung/US-Justizministerium-beschuldigt-Iraner-massiver-Hackerangriffe-4003100.html", "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities", "https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary" ], "sources_attribution": [ "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities", "https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary" ] }, { "ID": 431, "name": "OPM Hack", "description": "US Office of Personal Management is hacked twice by Chinese hackers. Personal information of about 21 million US government employees and former applicants is compromised, including fingerprints. The APT Group DeepPanda has been blamed for it, Fire Eye however, claimed that DeepPanda was not responsible for the OPM Hack, but another Chinese group, later be named as Turbine Panda. Hackers involved have been arrested by the FBI in 2017.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-01-26", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "431_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 521, "settled": null, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 519, "settled": null, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Not available" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 520, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT26/TURBINE PANDA/Hippo Team/JerseyMikes (MSS, Jiangsu Bureau)", "MSS/JSSD" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/", "https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html", "https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html", "https://www.c4isrnet.com/opinion/2023/08/08/why-the-china-cyber-threat-demands-an-airtight-public-private-response/", "https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/", "https://abcnews.go.com/US/exclusive-25-million-affected-opm-hack-sources/story?id=32332731#:~:text=The%20attack%20on%20OPM%20began%20in%20late%202013%2C,to%20two%20days%20of%20testimony%20on%20Capitol%20Hill.", "https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/", "https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack", "https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/", "https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html", "https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html", "https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances", "https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/", "https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/" ], "sources_attribution": [ "https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/", "https://freebeacon.com/national-security/fbi-alert-reveals-groups-behind-opm-hack/", "https://www.vox.com/2015/6/19/11563730/fireeye-identifies-chinese-group-behind-federal-hack", "https://australiancybersecuritymagazine.com.au/new-intelligence-report-from-crowdstrike-turbine-panda/", "https://securityaffairs.co/wordpress/92649/APT /turbine-panda-aerospace-espionage.html", "https://edition.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html" ] }, { "ID": 432, "name": "APT32/Ocean Lotus Group", "description": "Espionage-Hacks against Vietnamese Dissidents and Journalists, as well as foreign governments.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "432_0", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "432_1", "receiver_name": null, "receiver_country": "Southeast Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Political opposition / dissidents / expats", "Not available" ] }, { "receiver_id": "432_2", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Social groups", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Political opposition / dissidents / expats", "Not available" ] } ], "initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "initiator_country": [ "Vietnam" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 522, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 523, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal" ] }, { "ID": 433, "name": "National Inventory of Dams Hack", "description": "U.S. intelligence agencies traced a recent cyber intrusion into a sensitive infrastructure database on vulnerabilities of US Dams to the Chinese government or military cyberwarriors, according to U.S.officials.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "433_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 524, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtontimes.com/news/2013/may/1/sensitive-army-database-us-dams-compromised-chines/", "https://securityaffairs.co/wordpress/14089/security/us-army-corps-engineers-national-inventory-of-dams-nid-hacked.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 434, "name": "DOE breach", "description": "US Energy Department was breached, no sensitive data stolen.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "434_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 525, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.businessinsider.com/doe-attack-by-chinese-hackers-2013-2?IR=T" ], "sources_attribution": [ "Not available" ] }, { "ID": 435, "name": "Iron Tiger Attack(related to OPMhack)", "description": "Chinese HackerGroup IronTiger leakes sensitive data from several defence contractors", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-03-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "435_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 526, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Emissary Panda/APT27/Lucky Mouse/BRONZE UNION/TEMP.Hippo/Group 35/TG-3390/Iron Tiger/ZipToken/G0027" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/#28d21d12694f%C2%A0", "https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/" ], "sources_attribution": [ "https://threatpost.com/APT -group-gets-selective-about-data-it-steals/114103/" ] }, { "ID": 436, "name": "Bangladesh Cyber Army vs. India", "description": "The Bangladesh Cyber Army claims to have defaced over 1,000 Indian websites, including India's biggest telecommunications providers BSNL, as a form of protest against the country\u2019s Border Security Force (BSF).", "added_to_DB": "2022-08-15", "start_date": "2013-01-07", "end_date": "2013-01-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "436_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Bangladesh Cyber Army" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 527, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Cyber Army" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Subnational predominance", "Territory" ], "offline_conflict_issue": [ "Subnational predominance" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Bangladesh-Cyber-Army-Attacks-Indian-Sites-in-Memory-of-15-Year-Old-Girl-Video-319234.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 437, "name": "RedHack vs. Turkish Council of Higher Education", "description": "Turkish hackergroup RedHack gains access to a database of Turkey's Council of Higher Education. They publish data which they claim proves corruption incidents at several Turkish universities.", "added_to_DB": "2022-08-15", "start_date": "2013-01-10", "end_date": "2013-01-10", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "437_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "Science" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 528, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Turkey-s-Council-of-Higher-Education-Hacked-by-RedHack-60-000-Documents-Leaked-319958.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 438, "name": "LulzSec Peru vs. Chilean Army", "description": "Hackergroup LulzSec Peru hacks the website of the Chilean army.", "added_to_DB": "2022-08-15", "start_date": "2013-01-15", "end_date": "2013-01-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "438_0", "receiver_name": null, "receiver_country": "Chile", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 529, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Army-of-Chile-Website-Hacked-by-LulzSec-Peru-321097.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 439, "name": "DavyJones vs. Government of SriLanka", "description": "Website of Sri Lankan Minister of Sports hacked,website data published.", "added_to_DB": "2022-08-15", "start_date": "2013-01-26", "end_date": "2013-01-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "439_0", "receiver_name": null, "receiver_country": "Sri Lanka", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Davy Jones" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 530, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Davy Jones" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/sri-lankas-minister-of-sports-website-hacked-data-leaked-by-davy-jones/" ], "sources_attribution": [ "Not available" ] }, { "ID": 440, "name": "Japan MFA leak", "description": "Unidentified hackers steal non-confidential data from Japan's Ministry of Foreign Affairs.", "added_to_DB": "2022-08-15", "start_date": "2013-01-28", "end_date": "2013-01-28", "updated_at": "2022-12-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "440_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 531, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/20-Documents-Stolen-by-Hackers-from-Japan-s-Ministry-of-Foreign-Affairs-327205.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 441, "name": "Anonymous vs. Egypt government Part II", "description": "Hacker collective Anonymous takes down several Egyptian government websites with DDoS attacks to protest police violence against protesters.", "added_to_DB": "2022-08-15", "start_date": "2013-02-03", "end_date": "2013-02-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "441_0", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 532, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/02/opegypt-egyptian-government-websites.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 442, "name": "Anonymous leaks Data of Fed", "description": "The hacker collective Anonymous obtains and publishes personal data of 4000 employees of the US central bank 'Federal Reserve Bank'.", "added_to_DB": "2022-08-15", "start_date": "2013-02-03", "end_date": "2013-02-03", "updated_at": "2023-02-08", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "442_0", "receiver_name": "Federal Reserve Bank (United States)", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Finance" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6617, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/net-us-usa-fed-hackers/fed-says-internal-site-breached-by-hackers-no-critical-functions-affected-idUSBRE91501920130206" ], "sources_attribution": [ "Not available" ] }, { "ID": 443, "name": "Anonymous vs. Mongolian National Police", "description": "Anonymous-affiliated hacker defaces website of the Mongolian National Police.", "added_to_DB": "2022-08-15", "start_date": "2013-02-16", "end_date": "2013-02-16", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "443_0", "receiver_name": null, "receiver_country": "Mongolia", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 534, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Website-of-Mongolian-National-Police-Hacked-by-Viru-Noir-330201.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 444, "name": "Malaysia Deparment of Information attacked by Hacker", "description": "Hackers gain access to the Malaysian Department of Information and post a notice on the PM's resignation.", "added_to_DB": "2022-08-15", "start_date": "2013-02-18", "end_date": "2013-02-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "444_0", "receiver_name": null, "receiver_country": "Malaysia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 535, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Hackers-Publish-PM-Resignation-Notice-on-Malaysian-Government-Website-330327.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 445, "name": "Anonymous vs. US State Department", "description": "Anonymous hacks and publishes data from the US State Department's website, defaces the website of George K. Baum & Company, in anti-US offensive.", "added_to_DB": "2022-08-15", "start_date": "2013-02-19", "end_date": "2013-02-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "445_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 536, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.rt.com/usa/anonymous-hacks-state-department-617/" ], "sources_attribution": [ "Not available" ] }, { "ID": 446, "name": "Kuwaiti Hackers vs. Lebanese Parliaments", "description": "Hacking team KuwaitiHackers defaces webpage of the Lebanese parliament, accusing the government of supporting Assad in the Syrian civilwar.", "added_to_DB": "2022-08-15", "start_date": "2013-02-23", "end_date": "2013-02-23", "updated_at": "2023-01-30", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "446_0", "receiver_name": null, "receiver_country": "Lebanon", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Legislative" ] } ], "initiator_name": [ "Kuwaiti Hackers" ], "initiator_country": [ "Kuwait" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 537, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Kuwaiti Hackers" ], "attributed_initiator_country": [ "Kuwait" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.dailystar.com.lb/News/Local-News/2013/Feb-23/207634-lebanese-parliament-website-hacked.ashx", "https://www.hackread.com/lebanon-parliament-website-hacked-by-team-kuwaiti-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 447, "name": "Chinese Attack on DRDO", "description": "Indian Defence Research and Development Organization (DRDO,part of the Ministry of Defense) was hacked.Highly sensitive , strategic data was stolen and collected on a server in China.", "added_to_DB": "2022-08-15", "start_date": "2013-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "447_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 538, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.newindianexpress.com/nation/2013/mar/14/chinese-hack-drdo-computers-antony-seeks-report-458371.html", "https://www.hackread.com/indian-defence-organisation-drdo-servers-hacked-china-among-the-suspects/", "https://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms" ], "sources_attribution": [ "Not available" ] }, { "ID": 448, "name": "phr0zen myst pakistani dataleak", "description": "Hacker publishes databases and login data,after breaching the websites of the Bangladeshi Ministry of Agriculture and the Supreme Court, in protest against violence at demonstrations.", "added_to_DB": "2022-08-15", "start_date": "2013-03-06", "end_date": "2013-03-06", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "448_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Judiciary" ] } ], "initiator_name": [ "phr0zenmyst" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 539, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "phr0zenmyst" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Other" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/bangladeshi-supreme-court-ministry-of-agriculture-websites-breached-user-accounts-leaked-phr0zenmyst/" ], "sources_attribution": [ "Not available" ] }, { "ID": 449, "name": "OP BlackSummer", "description": "With support of Chinese hackers, hackers of the Tunisian CyberArmy and the Al-Qaeda ElectronicArmy steal data from the website of the Pentagon and other US-American government websites.", "added_to_DB": "2022-08-15", "start_date": "2013-03-10", "end_date": "2013-03-12", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "449_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Tunisian Cyber Army", "Al-Qaeda Electronic Army" ], "initiator_country": [ "China", "Tunisia", "China", "Tunisia" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 540, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Tunisian Cyber Army", "Al-Qaeda Electronic Army" ], "attributed_initiator_country": [ "China", "Tunisia", "China", "Tunisia" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/03/al-qaeda-electronic-army-hack-us-government.html", "http://www.ehackingnews.com/2013/03/hackers-infect-pentagon-admin-by.html", "https://blog.sensecy.com/tag/opblacksummer/" ], "sources_attribution": [ "https://blog.sensecy.com/tag/opblacksummer/" ] }, { "ID": 450, "name": "Godzilla vs. Pakistani Government", "description": "After gaining access to an important government server, an Indian hacker shuts down several Pakistani government websites. He later also publishes admin login data for several servers. He accuses Pakistan of supporting and executing terrorism.", "added_to_DB": "2022-08-15", "start_date": "2013-03-11", "end_date": "2013-03-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "450_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Godzilla" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 541, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Godzilla" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Indian-Hacker-Causes-Several-Pakistani-Government-Sites-to-Become-Inaccessible-336159.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 451, "name": "Anti-NK DDOS", "description": "North Korea has been hit by a massive cyber attack according the declaration of a South Korean government official that also added the government of Seoul is investigating on the event denying every responsibility. Russia\u2019s ITAR-TASS news agency, which has an office in Pyongyang, reported the events on Wednesday night, all web sites of the\u00a0country went offline until late Thursday afternoon.", "added_to_DB": "2022-08-15", "start_date": "2013-03-13", "end_date": "2013-03-14", "updated_at": "2023-03-11", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "451_0", "receiver_name": null, "receiver_country": "Korea, Democratic People's Republic of", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure", "Media" ], "receiver_category_subcode": [ "Telecommunications", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Republic of", "United States" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 542, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Republic of", "United States" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://securityaffairs.co/wordpress/13005/security/n-korea-hit-by-large-scale-cyber-attackrepercussions-in-cyberspace.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 452, "name": "Anonymous vs. Iranian Parliament", "description": "Hacker affiliated with Anonymous takes down Iranian websites of parliament, Economic Research Institute and Aerospace Industries Organization.", "added_to_DB": "2022-08-15", "start_date": "2013-03-14", "end_date": "2013-03-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "452_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Legislative", "Not available", "Not available" ] } ], "initiator_name": [ "Cyper (Anonymous)" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 543, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyper (Anonymous)" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/OpIran-Hacktivists-Launch-DDOS-Attacks-Against-Major-Iranian-Sites-337585.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 453, "name": "Going Greyhat", "description": "German hacker publishes login data of Turkish Ministry of Economy and Central Finance and Contracts Unit's websites to show their vulnerabilities.", "added_to_DB": "2022-08-15", "start_date": "2013-03-18", "end_date": "2013-03-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "453_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "D35m0nd142" ], "initiator_country": [ "Germany" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 544, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "D35m0nd142" ], "attributed_initiator_country": [ "Germany" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Turkey-s-Ministry-of-Economy-and-Central-Finance-and-Contracts-Unit-Hacked-338107.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 454, "name": "Operation Dark Seoul 2013 part I", "description": "Two South Korean banks and television broadcasters experience disruption after \"logic bomb\" is (allegedly) placed by North Korea.", "added_to_DB": "2022-08-15", "start_date": "2013-03-20", "end_date": "2013-03-20", "updated_at": "2024-02-01", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "454_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 16705, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 16706, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://twitter.com/securityaffairs/status/1661438436912295936", "https://twitter.com/securityaffairs/status/1661671109014564864", "https://home.treasury.gov/news/press-releases/jy1498", "https://www.wired.com/2013/03/logic-bomb-south-korea-attack/", "https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219", "https://www.wsj.com/articles/SB10001424127887324136204578639540757695644", "https://www.theguardian.com/world/2013/mar/20/south-korea-under-cyber-attack", "https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/" ], "sources_attribution": [ "https://www.reuters.com/article/us-sony-cybersecurity-northkorea/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids-idUSKBN0JX0JW20141219", "https://www.wsj.com/articles/SB10001424127887324136204578639540757695644" ] }, { "ID": 455, "name": "Syrian Electronic Army vs. BBCs Twitter", "description": "Hackers from 'Syrian Electronic Army' post tweets on BBC account apparently backing Basharal-Assad", "added_to_DB": "2022-08-15", "start_date": "2013-03-21", "end_date": "2013-03-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "455_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 547, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 548, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/media/2013/mar/21/bbc-weather-twitter-syrian-regime", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ] }, { "ID": 456, "name": "Sector404 vs. Mossad", "description": "The hacktivist group \"Sector404\" has launched a distributed denial-of-service (DDOS) attack against mossad.gov.il, the official website of the Israeli Secret Intelligence Service.", "added_to_DB": "2022-08-15", "start_date": "2013-03-23", "end_date": "2013-03-23", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "456_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] } ], "initiator_name": [ "Sector 404" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 549, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sector 404" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Hackers-Take-Down-Official-Mossad-Website-Details-of-30-000-Israeli-Officials-Leaked-339742.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 457, "name": "Anonymous and RedHack Leak", "description": "Hackers of Anonymous and RedHack published the personal details of more than 30,000 people, including politicians, government employees, military and police officials.", "added_to_DB": "2022-08-15", "start_date": "2013-03-23", "end_date": "2013-03-23", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "457_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Police" ] } ], "initiator_name": [ "RedHack", "Anonymous" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 550, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack", "Anonymous" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 458, "name": "Shutdown of Pakistan Electoral Commission", "description": "Website of Pakistan's Electoral Commission Website is attacked, probably by\"Russian and Asianhackers\", and inaccessable.", "added_to_DB": "2022-08-15", "start_date": "2013-03-29", "end_date": "2013-03-30", "updated_at": "2023-03-23", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "458_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "India", "Russia", "Asia (region)" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 8551, "settled": false, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "India", "Russia", "Asia (region)" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 8552, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "India", "Russia", "Asia (region)" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 8553, "settled": false, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "India", "Russia", "Asia (region)" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/massive-cyber-attack-on-election-commission-of-pakistan-servers-by-asian-russian-hackers/", "https://advox.globalvoices.org/2013/04/01/cyber-attack-on-pakistans-electoral-commission-website/" ], "sources_attribution": [ "Not available" ] }, { "ID": 459, "name": "Anonymous vs. North Korea", "description": "Hacker collective Anonymous repeatedly hacks into North Korean propaganda websites and online accounts, posts pictures that mock Kim Jong Un.", "added_to_DB": "2022-08-15", "start_date": "2013-04-04", "end_date": "2013-04-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "459_0", "receiver_name": null, "receiver_country": "Korea, Democratic People's Republic of", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 554, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.cnet.com/news/anonymous-again-hacks-into-north-korean-web-sites/", "https://arstechnica.com/information-technology/2013/04/anonymous-hackers-take-control-of-north-korean-propaganda-sites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 460, "name": "Anonymous attack on Israel (Holocaust Remebrance Day)", "description": "Anonymous attacks Israeli websites, twitter and bank accounts on Holocaust memorial day, to protest its policy towards Palestine. Israeli officials say that not much damage has been done.", "added_to_DB": "2022-08-15", "start_date": "2013-04-07", "end_date": "2013-04-07", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "460_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 555, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theatlantic.com/international/archive/2013/04/anonymous-hits-israel-massive-cyber-attack-israel-attacks-back/316538/" ], "sources_attribution": [ "Not available" ] }, { "ID": 461, "name": "Anonymous vs. Gabon Part II", "description": "Hacker collective Anonymous takes down webpages of Gabonese government to protest ritual killings.", "added_to_DB": "2022-08-15", "start_date": "2013-04-19", "end_date": "2013-04-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "461_0", "receiver_name": null, "receiver_country": "Gabon", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 556, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/OpGabon-Gabon-Ministry-of-Justice-Other-Government-Sites-Attacked-by-Anonymous-346887.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 462, "name": "AP Twitter Hack SEA", "description": "Hackers of the Syrian Electronic Army prompt a 143-point fall in the Dow Jones industrial average after sending a message from the Twitter feed of the Associated Press, saying the White House had been hit by two explosions and that Barack Obama was injured. The fake tweet, which was immediately corrected by Associated Press employees, caused a sensation on Twitter and in the stock market. Later on, three Members of the SEA have been indicted for the attack by the US.", "added_to_DB": "2022-08-15", "start_date": "2013-04-23", "end_date": "2013-04-23", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "462_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 558, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 557, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/syrian-electronic-army-members-face-hacking-charges", "https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/?noredirect=on&utm_term=.b4388c4184ad", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html", "https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking", "https://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall" ], "sources_attribution": [ "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html", "https://www.ap.org/ap-in-the-news/2016/us-indicts-3-it-ties-to-syrian-electronic-army-for-hacking" ] }, { "ID": 463, "name": "Syrian Electronic Army vs. Guardian", "description": "Syrian Electronic Army hackers capture twitteraccounts of the Guardian ,post pro-Assad messages.", "added_to_DB": "2022-08-15", "start_date": "2013-04-30", "end_date": "2013-04-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "463_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 559, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.independent.co.uk/news/media/press/syrian-electronic-army-hackers-attack-guardian-twitter-accounts-8597629.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ], "sources_attribution": [ "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ] }, { "ID": 464, "name": "Australia Theft of Spy Headquarters", "description": "Chinese hackers have stolen the blueprints of a new multi-million-dollar Australian spy headquarters and other confidential information\u00a0from the Australian Secret Intelligence Service.", "added_to_DB": "2022-08-15", "start_date": "2013-05-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "464_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 560, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-australia-hacking-idUSBRE94R02A20130528?feedType=RSS", "https://www.theguardian.com/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims" ], "sources_attribution": [ "Not available" ] }, { "ID": 465, "name": "RedHack vs. Government of Istanbul", "description": "Turkish hackergroup RedHack defaces webpage of the Government of Istanbul, leaves anti-government messages.", "added_to_DB": "2022-08-15", "start_date": "2013-05-06", "end_date": "2013-05-06", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "465_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 561, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/05/istanbul-government-website-hacked-by.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 466, "name": "Anonymous attacks Romanias Authority for Qualifications", "description": "The website of Romania's National Authority for Qualifications is hacked and user and admin passwords are leaked. The website is later defaced by hackers of the hacker collective Anonymous.", "added_to_DB": "2022-08-15", "start_date": "2013-05-11", "end_date": "2013-05-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "466_0", "receiver_name": null, "receiver_country": "Romania", "receiver_region": "EU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 562, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Romania-s-National-Authority-for-Qualifications-Hacked-User-Data-Leaked-352508.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 467, "name": "DDOS vs. Phillipines", "description": "Taiwanese hackers launch DDoS attacks and deface Philippino websites, leak government data, in response to the Philippino coast guard opening fire on a Taiwanese vessel.", "added_to_DB": "2022-08-15", "start_date": "2013-05-13", "end_date": "2013-05-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "467_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Taiwan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 563, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Taiwan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Filipino-Government-Sites-Attacked-After-Philippines-Refuses-to-Apologize-to-Taiwan-352522.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 468, "name": "Counter DDOS against Taiwan", "description": "Phillipino hackers launch DDoS attacks against Taiwanese government websites in response to Taiwanese hacking attacks.", "added_to_DB": "2022-08-15", "start_date": "2013-05-13", "end_date": "2013-05-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "468_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 564, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/DDOS-Attacks-Launched-by-Filipino-Hackers-Disrupt-Several-Taiwan-Government-Sites-352676.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 469, "name": "Anonymous vs. Phillipine National Telecommunication", "description": "Filipino hackers, affiliated with Anonymous, deface the website of the Philippines National Telecommunications Commission, urging the government to \"defend it s sovereignity against Malaysian airstrikes in Sabah.", "added_to_DB": "2022-08-15", "start_date": "2013-05-18", "end_date": "2013-05-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "469_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 565, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Philippines-National-Telecommunications-Commission-Defaced-by-Anonymous-Hackers-338062.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 470, "name": "Syrian Electronic Army vs. Saudi Arabian Ministry of Defense", "description": "Hackers from Syrian Electronic Army known for their hard core support for Syrian President Bashar Ul Assad have claimed to have breached the Saudi Arabian Ministry of Defense Email system and as a result number of secret emails correspondence have been leaked online.", "added_to_DB": "2022-08-15", "start_date": "2013-05-19", "end_date": "2013-05-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "470_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 566, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/", "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.hackread.com/saudi-arabian-defense-ministry-mail-system-breached-secret-emails-leaked-by-syrian-electronic-army/", "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 471, "name": "Op Saudi", "description": "Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites, the operation has been named as \"#Op Saudi\".", "added_to_DB": "2022-08-15", "start_date": "2013-05-25", "end_date": "2013-05-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "471_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Civil service / administration" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 567, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/05/opsaudi-anonymous-launched-cyber-attack.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 472, "name": "HpHack vs. Syrian Ministry of Legal Affairs", "description": "Saudi hackergroup Hp-Hack defaces website of Syrian Ministry of Legal Affairs in support of anti-government protests.", "added_to_DB": "2022-08-15", "start_date": "2013-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "472_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "HpHack" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 568, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "HpHack" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Saudi-Arabian-Hackers-Breach-Syrian-Ministry-of-Legal-Affairs-Website-357738.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 473, "name": "Iran vs. USNavy", "description": "Iranian hackers enter non-classified navy computer systems.", "added_to_DB": "2022-08-15", "start_date": "2013-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "473_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 569, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theverge.com/2014/2/18/5421636/us-navy-hack-by-iran-lasted-for-four-months-say-officials", "https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers" ], "sources_attribution": [ "https://www.theverge.com/2013/9/27/4778400/us-officials-say-iranian-hackers-compromised-navy-computers" ] }, { "ID": 474, "name": "Op Turkey", "description": "Turkish hackers take down two government websites in solidarity with anti-government protests.", "added_to_DB": "2022-08-15", "start_date": "2013-06-05", "end_date": "2013-06-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "474_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Turk Hack Team" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 570, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turk Hack Team" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/turkish-govt-hacked-by-turk-hack-team/" ], "sources_attribution": [ "Not available" ] }, { "ID": 475, "name": "SEA vs. Turkish Government", "description": "Hackergroup Syrian Electronic Army downs Turkish government websites and allegedly obtains personal information on PM staffers. Private e-mail addresses are leaked.", "added_to_DB": "2022-08-15", "start_date": "2013-06-05", "end_date": "2013-06-05", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "475_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 571, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 572, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Turkish-Ministry-of-Interior-358599.shtml", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ], "sources_attribution": [ "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0", "https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html" ] }, { "ID": 476, "name": "Anonymous vs. Zimbabwe 2013", "description": "Hacker collective Anonymous Africa attacks Zimbabwean Ministry of Defence, media outlets and South Africa's ANC to protest Robert Mugabe.", "added_to_DB": "2022-08-15", "start_date": "2013-06-14", "end_date": "2013-06-14", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "476_0", "receiver_name": null, "receiver_country": "Zimbabwe", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Political parties", "Not available" ] }, { "receiver_id": "476_1", "receiver_name": null, "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Political parties", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 573, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Africa-Attacks-African-National-Congress-Website-361073.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 477, "name": "Anonymous vs. Phillipine President", "description": "Hacker collective Anonymous Philippines publishes unverified phone numbers of the Philippino President.", "added_to_DB": "2022-08-15", "start_date": "2013-06-15", "end_date": "2013-06-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "477_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 574, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Hacker-Leaks-Philippine-President-s-Phone-Numbers-361189.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 478, "name": "Anonymous vs. Swaziland", "description": "Hacker collective Anonymous Africa takes down government websites of Swaziland and Zimbabwe for alleged crimes against democracy.", "added_to_DB": "2022-08-15", "start_date": "2013-06-24", "end_date": "2013-06-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "478_0", "receiver_name": null, "receiver_country": "Swaziland", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "478_1", "receiver_name": null, "receiver_country": "Zimbabwe", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 575, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Africa-Attacks-Swaziland-Government-Zimbabwe-Ministry-of-Defence-363029.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 479, "name": "Operation Dark Seoul 2013 part II", "description": "North Korea launches DDoS attacks against South Korea, hitting the websites of the president\u2019s office, National Intelligence Service, the ruling party's website and local newspapers. Data of over 40000 US troops and two million workers of South Korea's ruling party are leaked.", "added_to_DB": "2022-08-15", "start_date": "2013-06-25", "end_date": "2013-06-25", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "479_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Political parties", "Not available" ] }, { "receiver_id": "479_1", "receiver_name": "Saenuri Party", "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Political parties", "Not available" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 16707, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 16709, "settled": false, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Korea, Republic of" ], "attributing_actor": [ "Korea Internet & Security Agency" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 16708, "settled": true, "attribution_year": 2013, "attribution_month": 8, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Korea, Republic of" ], "attributing_actor": [ "National Intelligence Service (South Korea)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2013-8" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://twitter.com/securityaffairs/status/1661438436912295936", "https://twitter.com/securityaffairs/status/1661671109014564864", "https://home.treasury.gov/news/press-releases/jy1498", "https://thediplomat.com/2013/08/cyber-security-in-south-korea-the-threat-within/", "https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution)", "https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/" ], "sources_attribution": [ "https://www.bbc.com/news/world-asia-23324172(falseflagVersuchdurchAnonymous-Attribution)" ] }, { "ID": 480, "name": "Operation Armageddon by GamaredonGroup", "description": "\u201cOperation Armageddon,\u201d active since at least mid-2013, exposes a cyberespionage campaign devised to provide a military advantage to Russian leadership by targeting Ukrainian government, law enforcement, and military officials. The Group has been later dubbed \"Gamaredon\" and seems to be sponsored by or the same as the 16th and 18th center of the FSB.", "added_to_DB": "2022-08-15", "start_date": "2013-06-26", "end_date": "Not available", "updated_at": "2022-12-12", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "480_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Police", "Political parties" ] } ], "initiator_name": [ "Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)", "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia", "Russia" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 579, "settled": null, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)", "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia", "Russia" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 580, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Gamaredon/Shuckworm/BlueAlpha/Aqua Blizzard fka ACTINIUM, DEV-0157/Primitive Bear/Armageddon/UNC530/G0047 (FSB Centre 18, Crimea)", "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia", "Russia" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf", "https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/", "https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf", "https://securityaffairs.co/wordpress/129859/apt/armageddon-apt-targets-ukrainian-state-orgs.html", "https://tarnkappe.info/artikel/hacking/ukraine-warnt-vor-cyber-angriffen-auf-den-telegram-messenger-219440.html", "https://www.bleepingcomputer.com/news/security/russian-state-hackers-hit-ukraine-with-new-malware-variants/", "https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government" ], "sources_attribution": [ "https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf", "https://lookingglasscyber.com/blog/threat-intelligence-insights/operation-armageddon-cyber-espionage-as-a-strategic-component-of-russian-modern-warfare/" ] }, { "ID": 481, "name": "RedHack vs. Istanbul Part II", "description": "Turkish hackergroup RedHack hacks into the Istanbul Administration website, claims to have erased citizens' utility debts to government.", "added_to_DB": "2022-08-15", "start_date": "2013-06-28", "end_date": "2013-06-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "481_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 581, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/RedHack-Breaches-Istanbul-Administration-Site-Hackers-Claim-to-Have-Erased-Debts-364000.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 482, "name": "SEA vs. Israel", "description": "Israeli Defense Forces official Blog Hacked by Syrian Electronic Army", "added_to_DB": "2022-08-15", "start_date": "2013-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "482_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 582, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 583, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "Resources" ], "offline_conflict_issue": [ "System/ideology", "Territory", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/syrian-electronic-army-hacks-israeli-defense-forces-blog/", "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 483, "name": "Turkish Ajan attack on US Air Force Culture Center", "description": "Turkish hackers deface the webpage of the US Air Force Culture and Language Center and leak personal data of soldiers.", "added_to_DB": "2022-08-15", "start_date": "2013-07-02", "end_date": "2013-07-02", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "483_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Turkish Ajan" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 584, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turkish Ajan" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/us-air-force-culture-language-hacked-leaked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 484, "name": "RedHack vs. Turkish Directorate of religous affairs", "description": "Turkish hackergroup RedHack defaces webpage of the Turkish Directorate of Religious Affairs to protest the government's religion policies.", "added_to_DB": "2022-08-15", "start_date": "2013-07-03", "end_date": "2013-07-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "484_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 585, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Turkey-s-Ministry-of-Religious-Affairs-Hacked-by-RedHack-365149.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 485, "name": "Turkish Hackers Uyghur Support", "description": "Turkish hackers deface 33 Chinese government websites to protest the killing of Uyghur Muslims in China.", "added_to_DB": "2022-08-15", "start_date": "2013-07-04", "end_date": "2013-07-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "485_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Bozkurt", "De4THBLoW" ], "initiator_country": [ "Turkey", "Turkey" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Religious actors", "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 586, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bozkurt", "De4THBLoW" ], "attributed_initiator_country": [ "Turkey", "Turkey" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors", "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/33-chinese-govt-sites-hacked-turkish-hacker/" ], "sources_attribution": [ "Not available" ] }, { "ID": 486, "name": "Anonymous Jordan vs. Egyptian Government", "description": "Egyptian government websites are defaced by Anonymous Jordan in solidarity with anti-government protesters.", "added_to_DB": "2022-08-15", "start_date": "2013-07-07", "end_date": "2013-07-07", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "486_0", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Jordan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 587, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Jordan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/egyptian-ministry-sites-hacked-anonymous-jordan/" ], "sources_attribution": [ "Not available" ] }, { "ID": 487, "name": "H4x0rHuSsy vs. Government of Goan", "description": "The Indian government makes Pakistani hackers responsible for the defacement of several regional government websites.", "added_to_DB": "2022-08-15", "start_date": "2013-07-10", "end_date": "2013-07-10", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "487_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "H4x0rHuSsy" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 588, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "H4x0rHuSsy" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.zdnet.com/article/india-pins-cyberattacks-on-pakistani-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 488, "name": "Afghan Cyber Army attack on Pakistan", "description": "Afghan hackers deface six Pakistani government websites, leaving messages that accuse Pakistan of having orchestrated a suicide bombing in Kabul.", "added_to_DB": "2022-08-15", "start_date": "2013-07-11", "end_date": "2013-07-11", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "488_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Afghan Cyber Army" ], "initiator_country": [ "Afghanistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 589, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Afghan Cyber Army" ], "attributed_initiator_country": [ "Afghanistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Territory", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/afghan-cyber-army-hacks-pakistani-ministry-sites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 489, "name": "LulzSecPeru vs. Peruvian Government 2013", "description": "LulzSec Peru defaces me in Peruvian government portal and dumps personal and login data in response to the NSA scandal.", "added_to_DB": "2022-08-15", "start_date": "2013-07-15", "end_date": "2013-07-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "489_0", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 590, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/lulzsecperu-hacks-leaks-portal-nsa/" ], "sources_attribution": [ "Not available" ] }, { "ID": 490, "name": "SyrianElectronicArmy vs. Truecaller, Tango & Viber", "description": "SEA hacked the Swedish site Truecaller, home to the world's largest online telephone directory, with over a billion phone numbers in over 100 countries. SEA claimed this attack also gave it accesscodes to more than a million Facebook, Twitter, LinkedIn, and Gmailaccounts. Other targets of this campaign were the free online calling application Viber as well as the textmessaging service Tango.", "added_to_DB": "2022-08-15", "start_date": "2013-07-16", "end_date": "2013-07-16", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "490_0", "receiver_name": null, "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 591, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 592, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 491, "name": "Anonymous vs. FEMA", "description": "Hacker collective Anonymous hacks into the database of the Federal Emergency Management Agency (FEMA) and allegedly obtains login data of government employees.", "added_to_DB": "2022-08-15", "start_date": "2013-07-17", "end_date": "2013-07-17", "updated_at": "2022-12-29", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "491_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 593, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.pri.org/stories/2013-07-17/fema-hacked-anonymous-hacks-us-server-defense-snowden-and-government-transparency" ], "sources_attribution": [ "Not available" ] }, { "ID": 492, "name": "Defacement of Transport Authority", "description": "Saudi hackers deface the page of the United Arab Emirate's National Transport Authority and leave a message accusing the ARE and Qatar of cooperating with Iran and the USA.", "added_to_DB": "2022-08-15", "start_date": "2013-07-20", "end_date": "2013-07-20", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "492_0", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 594, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/national-transport-authority-uae-hacked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 493, "name": "Anonymous vs. Nauru", "description": "Hacker group Anonymous brings down Nauruan government websites and main internet provider in solidarity with a riot at an Australian refugee camp on the island. Government has to be \"shut down\" for over four hours.", "added_to_DB": "2022-08-15", "start_date": "2013-07-22", "end_date": "2013-07-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "493_0", "receiver_name": null, "receiver_country": "Nauru", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 595, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/world/2013/jul/22/anonymous-responsibility-nauruan-government-attack" ], "sources_attribution": [ "Not available" ] }, { "ID": 494, "name": "Reuters Hack-Syrian Electronic Army", "description": "The Reuters Twitter Account was hacked by the Syrian Electronic Army and broadcasted false tweets for a few hours", "added_to_DB": "2022-08-15", "start_date": "2013-07-29", "end_date": "2013-07-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "494_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 596, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/" ], "sources_attribution": [ "https://www.theatlantic.com/technology/archive/2013/07/thomson-reuters-apparently-latest-pro-assad-twitter-hack-victim/312749/" ] }, { "ID": 495, "name": "SEA vs. White House", "description": "Syrian hackers gain access to three White House E-Mail accounts, send phishing mails to other employees.", "added_to_DB": "2022-08-15", "start_date": "2013-07-29", "end_date": "2013-07-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "495_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 598, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 597, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "http://www.ehackingnews.com/2013/07/whitehouse-email-hacked.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 496, "name": "Cyber Jihad in Indonesia", "description": "Bangladeshi hackers deface Indonesian commercial and public webpages, in retaliation against small attacks from Indonesia against Bangladeshi sites.", "added_to_DB": "2022-08-15", "start_date": "2013-07-30", "end_date": "2013-07-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "496_0", "receiver_name": null, "receiver_country": "Indonesia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Bangladesh Grey Hat Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 599, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh Grey Hat Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.theregister.co.uk/2013/07/30/cyber_war_erupts_between_indonesia_and_bangladesh/" ], "sources_attribution": [ "Not available" ] }, { "ID": 497, "name": "Making the Dalai Lama a Watering hole", "description": "A prominent computer security firm warned that the Dalai Lama\u2019s Chinese-language website has been hacked and is infecting visitors\u2019 computers with viruses in what may to be an effort to spy on human rights activists who frequently visit the site.", "added_to_DB": "2022-08-15", "start_date": "2013-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "497_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Ethnic" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 600, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Autonomy", "Territory", "Subnational predominance" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/net-us-tibet-cyberattack/dalai-lamas-china-site-hacked-infects-others-expert-idUSBRE97B0QU20130812?feedType=RSS&feedName=worldNews", "http://www.bbc.com/news/technology-23680686" ], "sources_attribution": [ "http://www.bbc.com/news/technology-23680686" ] }, { "ID": 498, "name": "Op Myanmar", "description": "Website of Myanmar's president experiences DDoS attack.", "added_to_DB": "2022-08-15", "start_date": "2013-08-02", "end_date": "2013-08-02", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "498_0", "receiver_name": null, "receiver_country": "Myanmar", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 601, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Official-Website-of-Myanmar-President-s-Office-Disrupted-by-Anonymous-Hackers-372683.shtml", "https://twitter.com/780thC/status/1621464181152141312", "https://twitter.com/Cyber_O51NT/status/1621313406367309825" ], "sources_attribution": [ "Not available" ] }, { "ID": 499, "name": "Afghan Cyber Army attack on Pakistan Part II", "description": "Afghan hackers hack the webpage of the Pakistani National Database and Registration Authority in retaliation against airstrikes in Kunar and Jalalabad.", "added_to_DB": "2022-08-15", "start_date": "2013-08-03", "end_date": "2013-08-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "499_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Afghan Cyber Army" ], "initiator_country": [ "Afghanistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 602, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Afghan Cyber Army" ], "attributed_initiator_country": [ "Afghanistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Territory", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/08/nadra-pk-hacked-by-afghan-hackers.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 500, "name": "Hack of TwitterAccount of AEC", "description": "Twitter account of the Australian Electoral Commission hacked, phishing messages sent.", "added_to_DB": "2022-08-15", "start_date": "2013-08-06", "end_date": "2013-08-06", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "500_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 603, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Twitter-Account-of-Australian-Electoral-Commission-Hacked-373292.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 501, "name": "Anonymous vs. Gabon", "description": "All government websites of Gabon are disrupted by hacktivists, as part of an offensive against the government.", "added_to_DB": "2022-08-15", "start_date": "2013-08-08", "end_date": "2013-08-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "501_0", "receiver_name": null, "receiver_country": "Gabon", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 604, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "National power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/All-Gabon-Government-Websites-Disrupted-by-Anonymous-374149.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 502, "name": "DDOS against Egypt", "description": "Several Egyptian government websites were hit by DDoS attacks, with the attackers showing solidarity with anti-government protesters.\nTheir targets were the websites of the National Bank of Egypt, the State Information Service, the Ministry of Foreign Affairs, the Supreme Constitutional Court of Egypt, the Ministry of Information, the Cabinet Information and Decision Support Centre and the Egyptian Armed Forces.", "added_to_DB": "2022-08-15", "start_date": "2013-07-14", "end_date": "2013-08-14", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "502_0", "receiver_name": "National Bank (Egypt)", "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Finance" ] } ], "initiator_name": [ null ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6610, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Several-Egyptian-Government-Sites-Disrupted-by-Hackers-as-Violence-Continues-375441.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 503, "name": "Hacker disrupt AlQaida Forums", "description": "Three Al-Qaida forums are disrupted by DDoS attacks from anonymous attackers.", "added_to_DB": "2022-08-15", "start_date": "2013-08-16", "end_date": "2013-08-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "503_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 606, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Three-Major-Al-Qaida-Forums-Disrupted-by-DDOS-Attack-376443.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 504, "name": "Azerbaijan vs. Armenia August", "description": "An organization ran by Azerbaijani hackers known as ANTI-ARMENIA.ORG has hacked and defaced high profile Armenian government ministries websites.", "added_to_DB": "2022-08-15", "start_date": "2013-08-23", "end_date": "2013-08-23", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "504_0", "receiver_name": null, "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anti-Armenia Team" ], "initiator_country": [ "Azerbaijan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 607, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anti-Armenia Team" ], "attributed_initiator_country": [ "Azerbaijan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Territory" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/aateam-hacks-armenian-ministries-websites/" ], "sources_attribution": [ "https://www.hackread.com/aateam-hacks-armenian-ministries-websites/" ] }, { "ID": 505, "name": "DDOS vs. Pirate Party", "description": "Website of the German party Piratenpartei becomes victim of DDoS attack.", "added_to_DB": "2022-08-15", "start_date": "2013-08-25", "end_date": "2013-08-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "505_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 608, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Pirate-Party-of-Germany-Targeted-with-DDOS-Attack-378080.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 506, "name": "China-DNS-Attack", "description": "The CINIC confirmed that China suffered a DDoS attack over the weekend causing the Internet inaccessibility for hours.", "added_to_DB": "2022-08-15", "start_date": "2013-08-25", "end_date": "2013-08-25", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "506_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Telecommunications" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 609, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securityaffairs.co/wordpress/17327/cyber-crime/chinas-hit-ddos-attack.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 507, "name": "Anonymous Support of Farmen Protest", "description": "Hackers deface page of Colombian regional government in support of farmers' protests.", "added_to_DB": "2022-08-15", "start_date": "2013-08-26", "end_date": "2013-08-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "507_0", "receiver_name": null, "receiver_country": "Colombia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 610, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Resources" ], "offline_conflict_issue": [ "System/ideology", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Colombian-Government-Website-Hacked-in-Support-of-Boyaca-Protests-378237.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 508, "name": "Anonymous attack austrian MPS", "description": "Hacker group Anonymous Salzburg hacks the websites of four Austrian members of parliament.", "added_to_DB": "2022-08-15", "start_date": "2013-08-27", "end_date": "2013-08-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "508_0", "receiver_name": null, "receiver_country": "Austria", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Political parties" ] } ], "initiator_name": [ "Anonymous Salzburg" ], "initiator_country": [ "Austria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 611, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous Salzburg" ], "attributed_initiator_country": [ "Austria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.vienna.at/anonymous-salzburg-hackte-abgeordneten-websites-verfassungsschutz-ermittelt/3682537" ], "sources_attribution": [ "Not available" ] }, { "ID": 509, "name": "Operation Ghost-->The Dukes aka CozyBear aka APT29 - 2019", "description": "ESET discovered an espionage-campaign conducted by APT 29 against European ministries of foreign affairs from 2013 until at least october 2019. This rejects the\u00a0hither to existing notion of them being in active since their intervention into the US elections 2016.", "added_to_DB": "2022-08-15", "start_date": "2013-09-01", "end_date": "Not available", "updated_at": "2024-01-17", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "509_0", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 4802, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/" ], "sources_attribution": [ "https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/" ] }, { "ID": 510, "name": "Kimsuky vs. SouthKorea", "description": "North Korean hackers are suspected of launching a covert cyber-espionage campaign against the South Korean government in an attempt to steal highly classified intelligence on defence and security.", "added_to_DB": "2022-08-15", "start_date": "2013-09-01", "end_date": "Not available", "updated_at": "2023-04-26", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "510_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Government / ministries", "Not available" ] } ], "initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 613, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2013/sep/11/north-korean-hackers-cyber-espionage", "https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 511, "name": "Anonymous attack on Mexican House of representatives", "description": "Anonymous hackers have interrupted service of the Mexican House of Representatives' website and doxed personal data allegedly stolen from the Mexican state-owned petroleum company, in protest of privatization.", "added_to_DB": "2022-08-15", "start_date": "2013-09-02", "end_date": "2013-09-02", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "511_0", "receiver_name": null, "receiver_country": "Mexico", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Legislative", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 614, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "National power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Mexico-s-House-of-Representatives-Attacked-by-Anonymous-Hackers-379826.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 512, "name": "\u20acWagn3r leaks data of US Intelligence Officer", "description": "Hacker publishes e-mail correspondence of US Intelligence Colonel, which shows that Syrian chemical weapon attack was staged.", "added_to_DB": "2022-08-15", "start_date": "2013-09-03", "end_date": "2013-09-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "512_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "\u20acWagn3r" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 615, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "\u20acWagn3r" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/hacked-email-us-chemical-attack/" ], "sources_attribution": [ "Not available" ] }, { "ID": 513, "name": "Anonymous vs. Brazilian Airforce", "description": "Hacker group Anonymous Brazil defaces website of Brazilian air force, calling for protest against the government.", "added_to_DB": "2022-08-15", "start_date": "2013-09-03", "end_date": "2013-09-03", "updated_at": "2023-11-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "513_0", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Brazil" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 616, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Brazil" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Brazilian-Air-Force-Website-Hacked-and-Defaced-by-Anonymous-380015.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 514, "name": "Shutdown of TollSystem", "description": "Tollsystem of a tunnel in Haifa is shutdown by TrojanHorse, attackers unidentified.", "added_to_DB": "2022-08-15", "start_date": "2013-09-08", "end_date": "2013-10-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "514_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 617, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.haaretz.com/expert-haifa-tunnel-hit-by-cyberattack-1.5280642", "https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/" ], "sources_attribution": [ "https://www.infosecurity-magazine.com/news/cyber-terrorism-shut-down-israels-carmel-tunnel/" ] }, { "ID": 515, "name": "Anonymous DDOS vs. Cambodia", "description": "Over the past days, hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against several local government websites in protest against the recent elections, which they call unfair.", "added_to_DB": "2022-08-15", "start_date": "2013-09-10", "end_date": "2013-09-13", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "515_0", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Political parties" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Cambodia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 618, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Cambodia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Cambodia-Attacks-Government-Websites-Video-382780.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 516, "name": "Bangladesh Black HAT Hackers vs. India", "description": "Private Indian websites are hacked, message against Indian border brutality against Bengalis is left.", "added_to_DB": "2022-08-15", "start_date": "2013-09-18", "end_date": "2013-09-18", "updated_at": "2023-01-04", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "516_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Bangladesh BlackHAT Hackers" ], "initiator_country": [ "Bangladesh" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Ethnic actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 619, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bangladesh BlackHAT Hackers" ], "attributed_initiator_country": [ "Bangladesh" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Ethnic actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Subnational predominance", "Territory" ], "offline_conflict_issue": [ "Subnational predominance" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/india-bangladesh-cyber-war-hacked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 517, "name": "Anonymous Cambodia vs. Cambodia Government", "description": "Anonymous Cambodia hacks government websites and publishes state anti-corruption unit data and credit card details to protest against the government. The list of targets includes the Press and Quick Reaction Unit, the Ministry of Foreign Affairs, the Ministry of Economy and Finance, and the National Bank of Cambodia.", "added_to_DB": "2022-08-15", "start_date": "2013-09-27", "end_date": "2013-09-27", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "517_0", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Finance", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Cambodia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6608, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Cambodia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Cambodia-Continues-Operations-Against-Government-386745.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 518, "name": "Free Kashmir Defacement", "description": "Pakistani hackers deface over 20000 Indian websites, leaving messages that call for a free Kashmir.", "added_to_DB": "2022-08-15", "start_date": "2013-09-29", "end_date": "2013-09-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "518_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Dr@cul@", "Muhammad Bilal" ], "initiator_country": [ "Pakistan", "Pakistan" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 621, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Dr@cul@", "Muhammad Bilal" ], "attributed_initiator_country": [ "Pakistan", "Pakistan" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/pakistani-hackers-hack-20k-indian-sites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 519, "name": "OnionDog", "description": "The HeliosTeam at 360 SkyEyeLabs recently revealed that a hackergroup named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correlation analysis, OnionDog's first activity can be traced back to October, 2013 and in the following two years it was only active between late July and early September.", "added_to_DB": "2022-08-15", "start_date": "2013-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "519_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "OnionDog" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 622, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "OnionDog" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html", "https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml" ], "sources_attribution": [ "https://news.softpedia.com/news/korean-energy-and-transportation-targets-attacked-by-oniondog-apt-501534.shtml" ] }, { "ID": 520, "name": "LulzSecPeru Data leake age", "description": "Hackinggroup LulzSec Peru gains root access to Venezuelan army computer, leaks confidential documents.", "added_to_DB": "2022-08-15", "start_date": "2013-10-09", "end_date": "2013-10-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "520_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 623, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Files-Allegedly-Stolen-from-Venezuelan-Army-389574.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 521, "name": "Op GoldenDawn", "description": "Anonymous hacks Greek Ministry of Foreign Affairs and OSCE.", "added_to_DB": "2022-08-15", "start_date": "2013-10-14", "end_date": "2013-10-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "521_0", "receiver_name": null, "receiver_country": "Greece", "receiver_region": "BALKANS", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "521_1", "receiver_name": null, "receiver_country": "Organization for Security and Cooperation in Europe", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "International / supranational organization" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 624, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Leaks-3-700-Documents-Stolen-From-Greek-Government-and-OSCE-390752.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 522, "name": "RedHack attack on Turkish Enterprises Website", "description": "Hackergroup Red Hack defaced the Union of Public Turkish Enterprises' website, in protest against the Turkish government and police violence.", "added_to_DB": "2022-08-15", "start_date": "2013-10-15", "end_date": "2013-10-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "522_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 625, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Union-of-Turkish-Public-Enterprises-Hacked-by-RedHack-391160.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 523, "name": "Anonymus attack on various Venezuelean Government Pages", "description": "Anonymous Venezuela hacks and defaces websites of police, military and leaves anti-government remarks.", "added_to_DB": "2022-08-15", "start_date": "2013-10-16", "end_date": "2013-10-16", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "523_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Military", "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Venezuela" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 626, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Venezuela" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonymous-defaces-venezuela-army-sites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 524, "name": "Pak Mad Hunters deface Pakistani government Data", "description": "Hackergroup PakMad Hunters defaces 18 Pakistani government websites to \"send a message\"to the government.", "added_to_DB": "2022-08-15", "start_date": "2013-10-19", "end_date": "2013-10-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "524_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Pak Mad Hunters" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 627, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pak Mad Hunters" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/18-Pakistani-Government-Sites-Taken-Offline-After-Being-Hacked-392680.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 525, "name": "Over-X vs. Algerian ministry of housing", "description": "Algerian hacker Over-X hacks and defaces Algerian ministry of housing and urban planning over corruption and lack of housing, jobs.", "added_to_DB": "2022-08-15", "start_date": "2013-10-21", "end_date": "2013-10-21", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "525_0", "receiver_name": null, "receiver_country": "Algeria", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Over-X" ], "initiator_country": [ "Algeria" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 628, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Over-X" ], "attributed_initiator_country": [ "Algeria" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Algeria-s-Ministry-of-Housing-and-Urban-Development-Hacked-392910.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 526, "name": "Dbuzz attacking Blog of US Embassy", "description": "Indonesian hacker hacks website of the US State Department.", "added_to_DB": "2022-08-15", "start_date": "2013-10-22", "end_date": "2013-10-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "526_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Dbuzz" ], "initiator_country": [ "Indonesia" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 629, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Dbuzz" ], "attributed_initiator_country": [ "Indonesia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/dbuzz-hacks-us-embassy-website-blog/" ], "sources_attribution": [ "Not available" ] }, { "ID": 527, "name": "TuNoVaTo attack on Paraguay National Police", "description": "HackeTuNoVaTo defaces the website of Paraguay's National police, leaving revolutionary, anti-government remarks.", "added_to_DB": "2022-08-15", "start_date": "2013-10-22", "end_date": "2013-10-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "527_0", "receiver_name": null, "receiver_country": "Paraguay", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "TuNoVaTo" ], "initiator_country": [ "Paraguay" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 630, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "TuNoVaTo" ], "attributed_initiator_country": [ "Paraguay" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Paraguay-s-National-Police-Hacked-and-Defaced-393322.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 528, "name": "Anonymous vs. Ukrainian Ministry of Foreign Affaris", "description": "Hacker collective leaks sensible data from the Ukranian Ministry of Foreign Affairs.", "added_to_DB": "2022-08-15", "start_date": "2013-10-23", "end_date": "2013-10-23", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "528_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 631, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Anonymous-Hacks-Ukraine-s-Ministry-of-Foreign-Affairs-Documents-Leaked-393521.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 529, "name": "Team HackingArgentino defaces Website of Argentinian Opposition Leader", "description": "Hacktivists of Team HackingArgentino have breached and defaced the official website of Sergio Massa, the leader of the opposition in Argentina, leaving a message that he should keep his promises.", "added_to_DB": "2022-08-15", "start_date": "2013-10-27", "end_date": "2013-10-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "529_0", "receiver_name": null, "receiver_country": "Argentina", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "Social groups" ], "receiver_category_subcode": [ "Political parties", "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "Team Hacking Argentino" ], "initiator_country": [ "Argentina" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 632, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team Hacking Argentino" ], "attributed_initiator_country": [ "Argentina" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Argentinian-Opposition-Leader-Sergio-Massa-Hacked-394772.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 530, "name": "Syrian Electronic Army vs. Obama Campaign", "description": "The Syrian ElectronicArmy announced that it had compromised the emailaccounts of several staffmembers of\u00a0Organizing For Action\u00a0(OFA), a non-profit organization that also maintains the US President\u2019s website. They also compromised the URL shortening service account that the President used to share links through socialmedia and redirected users to a videocalled \u201cSyria Facing Terrorism\u201d.", "added_to_DB": "2022-08-15", "start_date": "2013-10-27", "end_date": "2013-10-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "530_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 634, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] }, { "attribution_id": 633, "settled": null, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 531, "name": "Anonymous vs. Honduras 2013", "description": "The official website of the Ministry of Industry and Trade in Honduras (sic.gob.hn) has been hacked by Anonymous hacktivists, who left anti-government statements.", "added_to_DB": "2022-08-15", "start_date": "2013-10-28", "end_date": "2013-10-28", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "531_0", "receiver_name": null, "receiver_country": "Honduras", "receiver_region": "CENTAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 635, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Honduras-Ministry-of-Industry-and-Trade-Hacked-394713.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 532, "name": "MoroccanGhosts vs. Nigerian Ministry of Defense", "description": "Hackers of the MoroccanGhosts collective have breached and defaced the official website of Nigeria\u2019s Ministry of Defense (mod.gov.ng). The attack seems to be related to a territorial dispute over Western Sahara.", "added_to_DB": "2022-08-15", "start_date": "2013-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "532_0", "receiver_name": null, "receiver_country": "Nigeria", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Moroccan Ghosts" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 636, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moroccan Ghosts" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Nigeria-s-Ministry-of-Defense-Hacked-by-Moroccan-Ghosts-396205.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 533, "name": "Blue Termite APT", "description": "In October 2014, Kaspersky Lab began investigating the APT \"Blue Termite\", which mainly targets Japan. It has been active since at least November 2013 and has targeted hundreds of organisations, from government agencies to banks.", "added_to_DB": "2022-08-15", "start_date": "2013-11-01", "end_date": "Not available", "updated_at": "2023-02-08", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "533_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Media", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Not available", "Transportation", "Health", "Chemicals", "Telecommunications", "Food", "Finance" ] } ], "initiator_name": [ "Blue Termite/Cloudy Omega" ], "initiator_country": [ "China" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6605, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Blue Termite/Cloudy Omega" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/blue-termite-APT-targets-japanese-organizations", "https://securelist.com/new-activity-of-the-blue-termite-APT /71876/" ], "sources_attribution": [ "https://securelist.com/new-activity-of-the-blue-termite-APT /71876/" ] }, { "ID": 534, "name": "Bitten by Rats", "description": "Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign", "added_to_DB": "2022-08-15", "start_date": "2013-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "534_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 638, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/pakistan-government-officials-targeted-with-rats-in-cyber-espionage-campaign-509529.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 535, "name": "Anonymous Ukraine vs. Estonia", "description": "The official website of Estonia\u2019s Ministry of Defense (kaitseministeerium.ee) has been disrupted by hackers of Anonymous Ukraine in support of Ukrainian independence.", "added_to_DB": "2022-08-15", "start_date": "2013-11-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "535_0", "receiver_name": null, "receiver_country": "Estonia", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Ukraine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 639, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Ukraine-Disrupts-Website-of-Estonia-s-Ministry-of-Defense-396183.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 536, "name": "RBG Homs and Silent Injector vs. Syrian government", "description": "A group of hackers allegedly based in Syria have breached and defaced three Syrian government websites and a few hundred commercial websites. On the defaced pages, the hackers posted a Syrian flag, a video that depicts violence in Syria, and an anti-government message.", "added_to_DB": "2022-08-15", "start_date": "2013-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "536_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "RBG Homs", "Silent Injector" ], "initiator_country": [ "Syria", "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 640, "settled": true, "attribution_year": 2013, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RBG Homs", "Silent Injector" ], "attributed_initiator_country": [ "Syria", "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2013" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Three-Government-Websites-from-Syria-Hacked-and-Defaced-396126.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 537, "name": "Anonymous vs. Cambodia", "description": "The official website of the Cambodia Tribunal, or the Extraordinary Chambers in the Courts of Cambodia (ECCC.gov.kh), has been disrupted by hackers of Anonymous Cambodia. The hackers say they\u2019ve targeted the ECCC because it has tried to silence victims of crimes against humanity.", "added_to_DB": "2022-08-15", "start_date": "2013-11-02", "end_date": "2013-11-02", "updated_at": "2023-02-08", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "537_0", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Judiciary" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 641, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Cambodia-Tribunal-Website-Disrupted-by-Anonymous-Hackers-396496.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 538, "name": "Anonymous Defaces Phillipine Pages", "description": "A group of hackers claiming ties with international activist group Anonymous defaced Philippine government websites on Sunday, calling for support for a planned anti-corruption protest in congress this week.", "added_to_DB": "2022-08-15", "start_date": "2013-11-03", "end_date": "2013-11-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "538_0", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 642, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://uk.reuters.com/article/uk-philippines-hacking/hackers-deface-philippine-websites-back-anti-corruption-protest-idUKBRE9A204P20131103" ], "sources_attribution": [ "Not available" ] }, { "ID": 539, "name": "OP Syria", "description": "Anonymous hackers have leaked several files allegedly taken from the systems of the Syrian Customs, as part of Op Syria.", "added_to_DB": "2022-08-15", "start_date": "2013-11-04", "end_date": "2013-11-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "539_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 643, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Hackers-Leak-Data-Stolen-from-Syrian-Customs-Website-396729.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 540, "name": "Fake NATO Defacement", "description": "Four Ukranian government websites are defaced, showing a message that they were hacked by the NATO's CCDCOE, while the NATO denies having executed the attack.", "added_to_DB": "2022-08-15", "start_date": "2013-11-04", "end_date": "2013-11-04", "updated_at": "2023-02-01", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "540_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Legislative" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 644, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Ukrainian-Government-Websites-Apparently-Hacked-by-NATO-396784.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 541, "name": "Anonymous vs. NATO CCDC", "description": "Anonymous Ukraine has disrupted the official website of NATO\u2019s Cooperative Cyber Defence\u00a0Centre of Excellence (CCDCOE). The hackers kept the website offline for close to two hours in response to\u00a0NATO hacking\u00a0a number of Ukrainian government websites.", "added_to_DB": "2022-08-15", "start_date": "2013-11-07", "end_date": "2013-11-07", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "541_0", "receiver_name": null, "receiver_country": "NATO (institutions)", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous Ukraine" ], "initiator_country": [ "Ukraine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 645, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous Ukraine" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Ukraine-Launches-DDOS-Attack-on-NATO-s-CCDCOE-Website-398063.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 542, "name": "BMPoC vs. Brazilian Military", "description": "Hacker group BMPoC hacks and defaces 21 sub-domains of the Brazilian military, leaving anti-government statements.", "added_to_DB": "2022-08-15", "start_date": "2013-11-10", "end_date": "2013-11-10", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "542_0", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "BMPoC" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 646, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "BMPoC" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/bmpoc-hacks-brazilian-military-domains/" ], "sources_attribution": [ "Not available" ] }, { "ID": 543, "name": "Op Killing Bay", "description": "Anonymous continues\u00a0 Op KillingBay, the campaign launched by hacktivists in protest against the Japanese government, particularly against the killing of dolphins in the town of Taiji. They disrupted service of government websites with DDoS attacks and published information on the alleged government program\"DevoX\", in which dolphin meat is exported as tuna.", "added_to_DB": "2022-08-15", "start_date": "2013-11-15", "end_date": "2013-11-15", "updated_at": "2023-06-16", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "543_0", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 647, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/OpKillingBay-Hackers-Expose-Details-of-Japanese-Tuna-Exports-Program-400499.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 544, "name": "LulzSec Peru vs. President of Peru", "description": "Hackers of\u00a0LulzSecPeru\u00a0have breached and defaced the official website of Peru\u2019s President, being unhappy about how Peru is governed.", "added_to_DB": "2022-08-15", "start_date": "2013-11-17", "end_date": "2013-11-17", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "544_0", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 648, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Peru-s-President-Hacked-and-Defaced-by-LulzSec-Peru-401074.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 545, "name": "Op GreenRights", "description": "Anonymous hackers have launched distributed denial-of-service (DDOS) attacks against a number of Russian website in protest against the\u00a0arrests of 30 Greenpeace activists, known as the Arctic 30. The attacks are part of Op GreenRights.", "added_to_DB": "2022-08-15", "start_date": "2013-11-18", "end_date": "2013-11-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "545_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Civil service / administration", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 649, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Attacks-Russian-Websites-for-the-Arrests-of-Greenpeace-Activists-Video-401262.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 546, "name": "LulzSecPeru vs. Peruvian Police Force", "description": "Peruvian hackergroup LuzSec hacks and defaces Peruvion policeforces 'webseite, accusing law enforcement authorities of being corrupt and inefficient and condemning police officials for taking money without \u201cthe slightest sense of shame.\u201d", "added_to_DB": "2022-08-15", "start_date": "2013-11-19", "end_date": "2013-11-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "546_0", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 650, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Peru-s-National-Police-Hacked-by-LulzSec-Peru-401451.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 547, "name": "Code-Newbie Defacement of Chinese Agriculture Pages", "description": "A group of\u00a0Indonesian\u00a0and\u00a0Malaysian\u00a0hacker going with the handle of Code-Newbie has hacked and defaced 44 Chinese government sub-domains belonging to\u00a0Fifth Agriculture Division of the country.", "added_to_DB": "2022-08-15", "start_date": "2013-11-21", "end_date": "2013-11-21", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "547_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Code-Newbie" ], "initiator_country": [ "Indonesia", "Malaysia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 651, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Code-Newbie" ], "attributed_initiator_country": [ "Indonesia", "Malaysia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/code-newbie-hacks-44-chinese-govt-sites/" ], "sources_attribution": [ "Not available" ] }, { "ID": 548, "name": "Pakistan Hax or Crew vs. India Armed Force", "description": "The official website o f\u00a0India\u2018s Armed Forces Tribunal (Regional Bench Jaipur) has been hacked and defaced by a\u00a0Pakistani\u00a0hacker going with the handle of\u00a0Hunter\u00a0from\u00a0Pakistani Haxors Crew.", "added_to_DB": "2022-08-15", "start_date": "2013-11-22", "end_date": "2013-11-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "548_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Pakistan Haxor Crew" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 652, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pakistan Haxor Crew" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/indias-armed-forces-tribunal-website-hacked/" ], "sources_attribution": [ "Not available" ] }, { "ID": 549, "name": "Wifi of EP copied", "description": "The European Parliament has shut down ist public Wi-Fi network in Strasbourg after a hacker was found to have \"captured the communication\" between smartphones and tablets.", "added_to_DB": "2022-08-15", "start_date": "2013-11-28", "end_date": "2013-11-28", "updated_at": "2023-05-07", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "549_0", "receiver_name": null, "receiver_country": "EU (institutions)", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 653, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.zdnet.com/article/european-parliaments-network-hacked-public-wi-fi-shutdown/", "https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html" ], "sources_attribution": [ "https://www.spiegel.de/netzwelt/netzpolitik/sicherheitsluecke-im-europaparlament-e-mails-von-abgeordneten-gehackt-a-934947.html" ] }, { "ID": 550, "name": "Hack Argentino team vs. Venezuela Government", "description": "A hacker with twitter handle \"Libero america Mu\" from HackArgentinoteam, has gained access to multiple Venezuela Government websites and defaced them, leaving anti-government slogans.", "added_to_DB": "2022-08-15", "start_date": "2013-11-30", "end_date": "2013-11-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "550_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Hack Argentino Team" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 654, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Hack Argentino Team" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.ehackingnews.com/2013/12/venezuela-government-site-hacked-anonymous.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 551, "name": "Moroccan Islamic Union-Mail vs. Embassy of Angola", "description": "The online hacktivist group \u2018Moroccan Islamic Union-Mail\u2019(MIUM) have hacked and defaced the official website of Republic of Angola Embassy in Abu Dhabi\u2013U.A.E against alleged decision from the government of Angola to ban religion of Islam and shutdown all the mosques in the country.", "added_to_DB": "2022-08-15", "start_date": "2013-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "551_0", "receiver_name": null, "receiver_country": "Angola", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Moroccan Islamic Union-Mail" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 655, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moroccan Islamic Union-Mail" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/opangola-angolan-embassy-hacked-by-mium/" ], "sources_attribution": [ "Not available" ] }, { "ID": 552, "name": "Anonymous vs. Angola", "description": "Over the past couple of days, hacktivists have been launching distribute denial-of-service attacks against all Angola government websites, coinciding with nation-wide anti-government protests.", "added_to_DB": "2022-08-15", "start_date": "2013-12-01", "end_date": "2013-12-04", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "552_0", "receiver_name": null, "receiver_country": "Angola", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 656, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "National power" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Hackers-Take-Down-Angola-Government-Websites-Amid-Protests-406000.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 553, "name": "DRDO attacked by unknown forces", "description": "In a major security breach, around 50 computers belonging to the armed forces and the DRDO were hacked sometime back and classified files could have been compromised. Readmoreat: //economictimes.indiatimes.com/articleshow/31550861.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst", "added_to_DB": "2022-08-15", "start_date": "2013-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "553_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 657, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://economictimes.indiatimes.com/tech/internet/computers-of-armed-forces-and-drdo-hacked/articleshow/31550861.cms" ], "sources_attribution": [ "Not available" ] }, { "ID": 554, "name": "Anonymous vs. Ukrainian Government - Kiev Protest", "description": "Hackers of Anonymous Disrupt Ukrainian Government Websites During Kiev Protests", "added_to_DB": "2022-08-15", "start_date": "2013-12-02", "end_date": "2013-12-02", "updated_at": "2023-02-06", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "554_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 658, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Hackers-Disrupt-Ukrainian-Government-Websites-During-Kiev-Protests-405132.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 555, "name": "Anonymous vs. Honduras 2013 Part II", "description": "Several high-profile websites from Honduras have been breached and defaced by Anonymous hackers in protest against the alleged election fraud that took place during the November 24 presidential vote.", "added_to_DB": "2022-08-15", "start_date": "2013-12-03", "end_date": "2013-12-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "555_0", "receiver_name": null, "receiver_country": "Honduras", "receiver_region": "CENTAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Police", "Political parties", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 659, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Honduras-Protests-Against-Election-Fraud-by-Hacking-Government-Sites-405379.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 556, "name": "MoroccanGhosts vs. Nigerian Ministry of Finance", "description": "Hackers of the MoroccanGhosts group have breached and defaced the official website of the Federal Ministry of Finance in Nigeria, leaving messages that \"the Sahara is Moroccan\":", "added_to_DB": "2022-08-15", "start_date": "2013-12-14", "end_date": "2013-12-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "556_0", "receiver_name": null, "receiver_country": "Nigeria", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Moroccan Ghosts" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 660, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moroccan Ghosts" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Moroccan-Hackers-Deface-Site-of-Nigeria-s-Federal-Ministry-of-Finance-409243.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 557, "name": "Islamic Cyber Resistance Group attack concerning assasination", "description": "A hacker collective calling itself the Islamic Cyber Resistance Group has leaked information on Israeli and Saudi military officials in response to the assassination of Hezbollah commander Hassan Lakkisin Beirut.", "added_to_DB": "2022-08-15", "start_date": "2013-12-16", "end_date": "2013-12-16", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "557_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] }, { "receiver_id": "557_1", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Islamic Cyber Resistance Group" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Religious actors" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 661, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Islamic Cyber Resistance Group" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Religious actors" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "System/ideology" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Hackers-Avenge-Death-of-Hezbollah-Commander-by-Leaking-Al-Qaeda-Files-409520.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 558, "name": "Anonymous vs. Cambodia DDOS", "description": "Hackers of Anonymous Cambodia have launched distributed denial-of-service (DDOS) attacks against over two dozen government and government-related websites.", "added_to_DB": "2022-08-15", "start_date": "2013-12-23", "end_date": "2013-12-23", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "558_0", "receiver_name": null, "receiver_country": "Cambodia", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 662, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power", "Cyber-specific" ], "offline_conflict_issue": [ "System/ideology", "National power", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Attacks-Cambodian-Government-Sites-During-Massive-Street-Protests-411788.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 559, "name": "LulzSec Peru Leak of Peruvian Data", "description": "Hacktivists of the LulzSec Peru group published various files, including documents, emails and screenshots, many of the which appear to be classified, to prove the government's vulnerability to cyberattacks.", "added_to_DB": "2022-08-15", "start_date": "2013-12-27", "end_date": "2013-12-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "559_0", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "LulzSec Peru" ], "initiator_country": [ "Peru" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 663, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "LulzSec Peru" ], "attributed_initiator_country": [ "Peru" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Hackers-of-LulzSec-Peru-Leak-Data-from-Peru-s-Ministry-of-Interior-412052.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 560, "name": "Moroccan Islamic Union-Mail vs. South African Department of Health", "description": "The official website of South Africa\u2019s Department of Health (doh.gov.za) has been breached and its homepage defaced by hackers of a group called Moroccan Islamic Union-Mail, who left a message accusing South Africa of supporting the Polisario Front and stating that\"the Sahara is Moroccan\".", "added_to_DB": "2022-08-15", "start_date": "2013-12-27", "end_date": "2013-12-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "560_0", "receiver_name": null, "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Moroccan Islamic Union-Mail" ], "initiator_country": [ "Morocco" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 664, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Moroccan Islamic Union-Mail" ], "attributed_initiator_country": [ "Morocco" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "National power" ], "offline_conflict_issue": [ "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Moroccan-Hackers-Deface-Website-of-South-Africa-s-Department-of-Health-412121.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 561, "name": "OP Bangladesh", "description": "Hackers of Anonymous have launched distributed denial-of-service (DDOS) attacks against the websites of the Prime Minister\u2019s Office (pmo.gov.bd), the Election Commission Bangladesh (ecs.gov.bd), and the country\u2019s government portal (Bangladesh.gov.bd) in \"Op Bangladesh\".", "added_to_DB": "2022-08-15", "start_date": "2013-12-30", "end_date": "2013-12-30", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "561_0", "receiver_name": null, "receiver_country": "Bangladesh", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 665, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Hackers-Target-Website-of-Prime-Minister-in-Operation-Bangladesh-412749.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 562, "name": "BITTER vs. Pakistan", "description": "BITTER is a hacking campaign against pakistani nationals.", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2023-03-27", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "562_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Ethnic" ] } ], "initiator_name": [ "BITTER" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 666, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "BITTER" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan" ], "sources_attribution": [ "Not available" ] }, { "ID": 563, "name": "Android spyware tools used by undefined Chinese APT against Uyghurs and Tibetans since at least 2015", "description": "Four new Android spyware tools (SilkBean, DoubleAgent, CarbonSteal and GoldenEagle) have been used in a widespread APT campaign to spy on the Uyghurs, Tibetans and possibly wider Muslim communities since at least 2015, according to IT-company Lookout. ", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2022-11-14", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "563_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Ethnic" ] } ], "initiator_name": [ "Unknown" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 4296, "settled": true, "attribution_year": 2020, "attribution_month": 6, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "Lookout" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Unknown" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020-6" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "Subnational predominance", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html", "https://threatpost.com/four-android-spyware-tools-surveillance-campaign/157063/", "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf" ], "sources_attribution": [ "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf" ] }, { "ID": 564, "name": "Desert Falcons MEA Campaigns", "description": "The Arab hacking group \"Desert Falcons\" compromised the network systems of a variety of victims, especially in the Middle East. In 2018, the group was attributed to the terrorist group \"Hamas\".", "added_to_DB": "2022-08-15", "start_date": "2013-01-01", "end_date": "Not available", "updated_at": "2024-02-15", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "564_0", "receiver_name": null, "receiver_country": "Palestine", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Religious", "Not available", "Military", "Transportation", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "564_1", "receiver_name": null, "receiver_country": "Jordan", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Religious", "Not available", "Military", "Transportation", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "564_2", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Religious", "Not available", "Military", "Transportation", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "564_3", "receiver_name": null, "receiver_country": "Egypt", "receiver_region": "NAF", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Social groups", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Energy", "Religious", "Not available", "Military", "Transportation", "Finance", "Defence industry", "Advocacy / activists (e.g. human rights organizations)" ] } ], "initiator_name": [ "Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang" ], "initiator_country": [ "Middle East (region)" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17154, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang" ], "attributed_initiator_country": [ "Middle East (region)" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf", "https://socradar.io/threat-actor-profile-aridviper/" ], "sources_attribution": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064309/The-Desert-Falcons-targeted-attacks.pdf" ] }, { "ID": 565, "name": "CyberBerkut NATO DDOS", "description": "Ukrainian hacktivists hit NATO websites with DDoS attack", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "565_0", "receiver_name": null, "receiver_country": "NATO (institutions)", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Cyber Berkut" ], "initiator_country": [ "Ukraine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 669, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession", "Cyber-specific" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://securityaffairs.co/wordpress/23097/cyber-warfare-2/nato-websites-hit-ddos-attack.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 566, "name": "Cozy Bear State Department Hack", "description": "Cozybear hacked into the US State Department 2014, according to US officials. In 2018, it was revealed that they had their attribution information by the Dutch Intelligence Service AIVD, which had hacked into CozyBears server and linked it to Russian SVR.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "566_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)", "SVR" ], "initiator_country": [ "Russia", "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 670, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cozy Bear/APT29/Dukes/Group 100/IRON HEMLOCK/Midnight Blizzard fka NOBELIUM/UNC2452/Cozy Duke/YTTRIUM/G0016 (SVR)", "SVR" ], "attributed_initiator_country": [ "Russia", "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.washingtonpost.com/world/national-security/new-details-emerge-about-2014-russian-hack-of-the-state-department-it-was-hand-to-hand-combat/2017/04/03/d89168e0-124c-11e7-833c-503e1f6394c9_story.html", "https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html" ], "sources_attribution": [ "https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html" ] }, { "ID": 567, "name": "Molerats vs Israeli Ministry of Defense", "description": "Hackers broke into a Defense Ministry computer via an email attachment tainted with malicious software", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "567_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 671, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.jpost.com/Defense/Cyber-hackers-breach-Defense-Ministry-computer-339439" ], "sources_attribution": [ "Not available" ] }, { "ID": 568, "name": "Anti-Armenia Team vs. Armenia", "description": "The total number of targeted websites is 64, which includes high profile Armenian government ministries such as Ministry of Education, police, city districts, Artsakh State University, Youth For Achievements\u201d Educational NGO, Football Federation of Armenia and several other Armenian website.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-06-18", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized", "Attack on critical infrastructure target(s)" ], "inclusion_criteria_subcode": [ "Not available", "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "568_0", "receiver_name": "Ministry of Education (Armenia)", "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "568_1", "receiver_name": "Youth For Achievements ", "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "568_2", "receiver_name": "Artsakh State University", "receiver_country": "Not available", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Education" ], "receiver_category_subcode": [ "Civil service / administration", "Research", "Not available" ] }, { "receiver_id": "568_3", "receiver_name": "Football Federation of Armenia", "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "Other" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "568_4", "receiver_name": null, "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system", "Science", "Other", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Not available", "Police" ] } ], "initiator_name": [ "Anti-Armenia Team" ], "initiator_country": [ "Azerbaijan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 10759, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anti-Armenia Team" ], "attributed_initiator_country": [ "Azerbaijan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Territory" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/armenian-govt-websites-hacked-by-azerbaijan-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 569, "name": "Svobod a defacement of Ukrainian Website", "description": "Hacktivists from Ukrainian neo-fascist \u2018Svoboda\u2019 party hacked and defaced more than 30 Ukrainian government and mediawebsites.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "569_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Svoboda" ], "initiator_country": [ "Ukraine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 673, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Svoboda" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Other" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 4" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/ukrainian-government-websites-hacked-by-new-nazi-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 570, "name": "North korea prepare to attack against SK", "description": "Northkorea hacks several targets in SouthKorea in order to prepare larger strike. Sensitive defense data stolen and systems hijacked without being misused until recovery.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "2014-01-02", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "570_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Defence industry" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 674, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.reuters.com/article/us-northkorea-southkorea-cyber/north-korea-mounts-long-running-hack-of-south-korea-computers-says-seoul-idUSKCN0YZ0BE?mod=djemCIO_h" ], "sources_attribution": [ "Not available" ] }, { "ID": 571, "name": "US Postal Breach", "description": "U.S. Postal Service hacked, allegedly by China.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "571_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 676, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 675, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.usatoday.com/story/tech/2014/11/10/us-postal-service-post-office-hacked/18795289/", "https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/" ], "sources_attribution": [ "https://arstechnica.com/information-technology/2014/11/all-us-postal-service-employees-personal-data-exposed-by-hackers/" ] }, { "ID": 572, "name": "Duqu 2.0", "description": "Kaspersky, as well as Hotels where the P5 + 1 Nuclear Talks with the Iran took place, got hacked by a Malware called Duqu-2.0, which is assumed to be the work of the Israeli Unit 8200.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "2015-06-01", "updated_at": "2023-06-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim", "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "572_0", "receiver_name": null, "receiver_country": "Europe (region)", "receiver_region": "Not available", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "572_1", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Unit 8200" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 677, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Unit 8200" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref", "https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks", "https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/", "https://www.wired.com/story/kaspersky-apple-ios-zero-day-intrusion/" ], "sources_attribution": [ "https://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/#gref", "https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks", "https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/" ] }, { "ID": 573, "name": "IRS Hack", "description": "Cyberhack got access to over 700,000 IRS accounts. The assumed Russian cyberthieves gained access to taxpayer accounts between January 2014, the launch for the GetTranscriptfunction, and May 2015, the IRS said.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "573_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 678, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://eu.usatoday.com/story/money/2016/02/26/cyber-hack-gained-access-more-than-700000-irs-accounts/80992822/", "https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/" ], "sources_attribution": [ "https://www.cnet.com/news/russian-hackers-behind-50-million-irs-hack-report-says/" ] }, { "ID": 574, "name": "Yahoo Hack I", "description": "Yahoo says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor.\u00a0In 2017, the us indicted Russian agents for the hack.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2024-03-04", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "574_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "FSB", "Not available" ], "initiator_country": [ "Russia", "Canada" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 8558, "settled": false, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "FSB", "Not available" ], "attributed_initiator_country": [ "Russia", "Canada" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2017" ] }, { "attribution_id": 8559, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "FSB", "Not available" ], "attributed_initiator_country": [ "Russia", "Canada" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749", "https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html", "https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions", "https://techcrunch.com/2017/02/27/yahoo-offers-new-details-on-breaches-to-senate-committee/", "https://www.rferl.org/a/32472306.html", "https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177", "https://www.elperiodico.com/es/tecnologia/20240301/millones-datos-robados-ciberataque-inteligencia-artificial-98862177" ], "sources_attribution": [ "https://techcrunch.com/2016/09/22/yahoo-confirms-state-sponsored-attacker-stole-personal-data-of-at-least-500-million-users/?_ga=2.215474910.832030079.1550578062-1170144247.1549987749", "https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html", "https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions" ] }, { "ID": 575, "name": "RedHack Defacement of Turkish Parliament", "description": "First, the hackers exploited across-site scripting (XSS) vulnerability on the Parliament\u2019s website (tbmm.gov.tr) to send a message to the government", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "575_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Legislative", "Political parties" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 681, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/RedHack-Hacks-Turkish-Contractors-Association-and-State-Railways-415876.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 576, "name": "Redhack Disturbance of various Turkish government institutions", "description": "The Redhack group disrupted the official website of the Turkish Central Bank to protest the fact that the central bank has allowed the Turkish lira to lose its value against foreign currencies.\nThe Ministry of Family and Social Policy was also targeted by the hacktivists to protest against \"child marriages and the death of women\".", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-02-08", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "576_0", "receiver_name": "Central Bank (Turkey) ", "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Finance", "Other (e.g., embassies)" ] }, { "receiver_id": "576_1", "receiver_name": "Ministry of Family and Social Policy (Turkey) ", "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ null ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6606, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Turkey-s-Central-Bank-Disrupted-by-RedHack-417821.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 577, "name": "OP Fullerton", "description": "#Op Fullerton: Anonymous takes down Fullerton police website against protesters arrest and Kelly Thomas tribute", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "577_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 683, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonymous-takes-down-fullerton-police-website-against-arrest/" ], "sources_attribution": [ "Not available" ] }, { "ID": 578, "name": "Chinese hacking group APT suspected of MSP Theft Campaign Operation Cloud Hopper between 2014-2018", "description": "The Chinese hacking group APT 10 is believed to be responsible for the 2014-2018 cyber espionage campaign Operation Cloud Hopper, which affected management service providers (MSPs) and MSP customers worldwide. The targeted MSPs, including IBM and Hewlett Packard Enterprise, that managed the victims' application, network and system infrastructure were compromised in order to infiltrate the MSPs' customers. The affected companies operate in the technology, industrial manufacturing, retail, energy, pharmaceutical and telecoms sectors. The attack also hit government agencies, including the US Navy and NASA. The attack was technically skilful. In 2018, the US Department of Justice issued an arrest warrant for two Chinese nationals and publicly attributed the attack to APT 10 aka MenuPass, POTASSIUM, Stone Panda, Red Apollo or CVNX. The Five Eyes, Japan and Germany publicly endorsed this attribution. In October 2020, the EU imposed sanctions against two Chinese citizens and the company Huaying Haitai, which were held responsible for the \"Cloud Hopper\" operation. In July 2020, the Council of the European Union decided to sanction Chinese nationals Gao Qiang and Zhang Shilong and the Chinse company Huaying Haitai for the Operation Cloud Hopper within the framework of the EU Cyber Diplomacy Toolbox. ", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2024-04-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "578_0", "receiver_name": "Dimension Data", "receiver_country": "South Africa", "receiver_region": "SSA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_1", "receiver_name": "IBM", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Digital Provider" ] }, { "receiver_id": "578_2", "receiver_name": null, "receiver_country": "Brazil", "receiver_region": "SOUTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_3", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_4", "receiver_name": "CGI", "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_5", "receiver_name": "NTT Data", "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Digital Provider" ] }, { "receiver_id": "578_6", "receiver_name": "Fujitsu", "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_7", "receiver_name": null, "receiver_country": "United Arab Emirates", "receiver_region": "GULFC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_8", "receiver_name": "Ericsson", "receiver_country": "Sweden", "receiver_region": "NORTHEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Digital Provider" ] }, { "receiver_id": "578_9", "receiver_name": "Hewlett Packard Enterprise", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Digital Provider" ] }, { "receiver_id": "578_10", "receiver_name": "Tata Consultancy Services ", "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_11", "receiver_name": "Valmet", "receiver_country": "Finland", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "578_12", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 16210, "settled": false, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "BAE Systems" ], "attribution_it_company": [ "BAE Systems" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017" ] }, { "attribution_id": 16211, "settled": true, "attribution_year": 2018, "attribution_month": 12, "attribution_day": 20, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "United States" ], "attributing_actor": [ "US Department of Justice (DoJ)" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT10/Stone Panda/MenuPass Team/Cloud Hopper/Red Apollo/Cicada/POTASSIUM/BRONZE RIVERSIDE/CVNX/HOGFISH/G0045 (MSS, Tianjin State Security Bureau)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018-12-20" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.msspalert.com/cybersecurity-breaches-and-attacks/APT%2010-attacked-msp-visma/", "https://www.recordedfuture.com/APT%2010-cyberespionage-campaign/", "https://baesystemsai.blogspot.com/2017/04/APT%2010-operation-cloud-hopper_3.html", "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion", "https://therecord.media/uk-cyberattack-msp-cts-law-firms", "https://www.trendmicro.com/vinfo/pl/security/news/cyber-attacks/operation-cloud-hopper-what-you-need-to-know", "https://www.gov.uk/government/news/uk-and-allies-reveal-global-scale-of-chinese-cyber-campaign", "https://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html" ], "sources_attribution": [ "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion" ] }, { "ID": 579, "name": "Marriott Hack", "description": "The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2024-02-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "579_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "MSS" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 686, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MSS" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 687, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MSS" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Temporal attribution sequence unclear", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://english.elpais.com/international/2023-06-15/chinese-spies-breached-hundreds-of-public-private-networks-us-security-firm-says.html", "https://www.eff.org/deeplinks/2023/08/fourth-circuit-decision-marriott-data-breach-case-kicks-can-down-road", "https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/", "https://www.wired.com/story/marriott-hack-china-2014-opm-anthem/", "https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html", "https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D", "https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/", "https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html" ], "sources_attribution": [ "https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html" ] }, { "ID": 580, "name": "Pacifier APT aka Turla", "description": "Bitdefender detected an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets. The attacks started in 2014, with the latest reported occurrences in May of 2016. Later on, the campaign has been tied to the Russian state-sponsored group Turla.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "580_0", "receiver_name": null, "receiver_country": "Romania", "receiver_region": "EU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "580_1", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] }, { "receiver_id": "580_2", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 688, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf", "https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/" ], "sources_attribution": [ "https://labs.bitdefender.com/2017/09/three-new-pacifier-apt-components-point-to-russian-linked-turla-group/" ] }, { "ID": 581, "name": "Leviathan aka APT 40", "description": "Espionage efforts against US, western europe and south Chinese sea located targets, especially in the naval industry sector, but also research institutions and government entities.\u00a0APT 40 is allegedly a Chinese state-proxy, according to Fire eye and the mysterious group Intrustion Truth.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-05-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "581_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "581_1", "receiver_name": null, "receiver_country": "Western Europe", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] }, { "receiver_id": "581_2", "receiver_name": null, "receiver_country": "South China Sea (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Science" ], "receiver_category_subcode": [ "Government / ministries", "Defence industry", "Not available", "Not available" ] } ], "initiator_name": [ "APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 689, "settled": true, "attribution_year": 2017, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT40/Leviathan/TEMP.Periscope/TEMP.Jumper/Gingham Typhoon fka GADOLINIUM/BRONZE MOHAWK/MUDCARP/KRYPTONITE PANDA/TA423/G0065 (Hainan Xiandun Technology Company, MSS Hainan State Security Department)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2017" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" ], "sources_attribution": [ "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" ] }, { "ID": 582, "name": "Dutch agency hacked CozyBear", "description": "Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. For years, AIVD had access to the infamous Russian hacker group CozyBear.That's what de Volkskrant and Nieuwsuur have uncovered in their investigation.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "582_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] } ], "initiator_name": [ "AVID" ], "initiator_country": [ "Netherlands" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 690, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "AVID" ], "attributed_initiator_country": [ "Netherlands" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F", "https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014" ], "sources_attribution": [ "https://www.volkskrant.nl/wetenschap/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~b4f8111b/?referer=https%3A%2F%2Fwww.google.com%2F", "https://www.irishtimes.com/news/world/europe/the-spies-who-beat-russian-hackers-at-their-own-game-1.3455014" ] }, { "ID": 583, "name": "TajMahal", "description": "In the fall of 2018, Kaspersky detected an attack on a diplomatic organization belonging to a Central Asian country. The spyware called Taj Mahal has been in operation for the past five years and allows for all kinds of attack scenarios using various tools. The framework cannot be linked to any known threatactor.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "583_0", "receiver_name": null, "receiver_country": "Central Asia (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 691, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.heise.de/security/meldung/Nach-fuenf-Jahren-unter-dem-Radar-Spionage-Malware-TajMahal-aufgetaucht-4370966.html", "https://securelist.com/project-tajmahal/90240/" ], "sources_attribution": [ "https://securelist.com/project-tajmahal/90240/" ] }, { "ID": 584, "name": "RUAG-Hack", "description": "The Swiss government says that hackers used \"Turla\" malware to steal data from a state-owned defense firm RUAG, based in Bern, since 2014. In addition to the defense sector, state-owned RUAG operates in aerospace, aviation and other sectors. Where as the Swiss report does not attribute the hack to a specific actor, other actors have analyzed the used malware.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-07-06", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "584_0", "receiver_name": null, "receiver_country": "Switzerland", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 692, "settled": null, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] }, { "attribution_id": 693, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Turla/Waterbug/Venomous Bear/Snake/Uroburos/Group 88/Secret Blizzard fka KRYPTON/G0010/UAC-0003 (FSB Centre 16, Unit 71330)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html", "https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128", "https://www.swissinfo.ch/eng/parliament-committee_defence-ministry-criticised-over-cyberattack/44106062", "https://socradar.io/apt-profile-turla/", "https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/" ], "sources_attribution": [ "https://www.bankinfosecurity.com/swiss-government-ruag-hack-ties-to-turla-malware-a-9128" ] }, { "ID": 585, "name": "ISIS vs. Russia", "description": "The hacking division associated with ISIS (Islamic State of Iraq and Syria) extremist rebels CyberCaliphate has been hammering Russian online resources since autumn 2014, posting messages related to their cause.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "585_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Other" ], "receiver_category_subcode": [ "Not available", "Not available", "Not available" ] } ], "initiator_name": [ "Cyber Caliphate" ], "initiator_country": [ "ISIS" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Terrorist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 694, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Caliphate" ], "attributed_initiator_country": [ "ISIS" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Terrorist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml" ], "sources_attribution": [ "https://news.softpedia.com/news/Cyber-Caliphate-Hackers-Deface-600-Russian-Internet-Resources-476718.shtml" ] }, { "ID": 586, "name": "Fancy Bear Ukraine Military App", "description": "Fancy Bear which is linked to the Russian government and high-profile cyberattacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a report by Crowd strike.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "586_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 695, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-cyber-ukraine-idUSKBN14B0CU", "https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/" ], "sources_attribution": [ "https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/" ] }, { "ID": 587, "name": "ELMachete-PartII", "description": "Unidentified hackers, attributed to be of Brazilian origin attacked various high-profile targets - mostly in Latin America - with phishing attacks. Unlike the first phase of ElMachete, their targets also were Energy system providers.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-11-23", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "587_0", "receiver_name": null, "receiver_country": "Ecuador", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_1", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_2", "receiver_name": null, "receiver_country": "Peru", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_3", "receiver_name": null, "receiver_country": "Argentina", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_4", "receiver_name": null, "receiver_country": "Colombia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_5", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_6", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_7", "receiver_name": null, "receiver_country": "Bolivia", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_8", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] }, { "receiver_id": "587_9", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Intelligence agencies", "Not available", "Energy", "Chemicals", "Not available" ] } ], "initiator_name": [ "El Machete" ], "initiator_country": [ "Brazil" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 696, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "El Machete" ], "attributed_initiator_country": [ "Brazil" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html", "https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html" ], "sources_attribution": [ "https://securityaffairs.co/wordpress/57369/apt/machete-espionage-campaign.html" ] }, { "ID": 588, "name": "Chinese state-sponsored group APT3 (aka Gothic Panda) spied on the Siemens AG in the US from May 2014 until August 2015", "description": "Chinese state-sponsored group APT3 (aka Gothic Panda), spied on the German company Siemens from May until August 2015, according to an US Department of Justice Indictment from September 2016 against three members of APT3 which were employees of the Chinese IT-company Boyusec, a front for the Ministry of State Security (MSS). APT3 stole at least 407 gigabytes of data from the company in the Western District of Pennsylvania and elsewhere, which included files from Siemens' energy, technology, and transportation businesses. APT3`s usual initial access vector as described in the indictment was spear phishing. The same indictment also detailed APT3 attacks on Trimble Inc. and Moody`s. Notably, the US DoJ indictment did only name the indicted individuals and their official positions within Boyusec, but neither their membership with APT3, nor Boyusec`s reported affiliation with the MSS, which was already publicly known at that time, especially due to the blog posts by the anonymous threat intelligence collective Intrusion Truth. ", "added_to_DB": "2022-08-15", "start_date": "2014-05-01", "end_date": "Not available", "updated_at": "2024-02-23", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "588_0", "receiver_name": "Siemens AG", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Energy", "Transportation" ] } ], "initiator_name": [ "APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 11677, "settled": false, "attribution_year": 2017, "attribution_month": 9, "attribution_day": 13, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Indictment" ], "attributing_country": [ "United States" ], "attributing_actor": [ "US Department of Justice (DoJ)", "Ministry of Foreign Affairs" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Cyber espionage" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Wu Yingzhuo (Boyusec)", "Dong Hao (Boyusec)", "Xia Lei (Boyusec)" ], "attributed_initiator_country": [ "China", "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group", "Non-state actor, state-affiliation suggested", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Private technology companies / hacking for hire groups without state affiliation / research entities" ], "attribution_full_date": [ "2017-9-13" ] }, { "attribution_id": 11678, "settled": true, "attribution_year": 2017, "attribution_month": 5, "attribution_day": 9, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Intrusion Truth" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Cyber espionage" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT3/Gothic Panda/Buckeye/UPS Team/Group 6/TG-0110/G0022 (MSS, Boyusec)" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2017-5-9" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "International power" ], "offline_conflict_issue_subcode": [ "China \u2013 USA" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "Not available" ], "political_response_type_sub": [ "Not available" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/", "https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.justice.gov/opa/press-release/file/1013866/download" ], "sources_attribution": [ "https://intrusiontruth.wordpress.com/2017/05/09/APT 3-is-boyusec-a-chinese-intelligence-contractor/", "https://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=92a4528c-2bdb-498f-85c8-4273bfdc66aa&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.justice.gov/opa/press-release/file/1013866/download" ] }, { "ID": 589, "name": "APT32/Ocean Lotus Group", "description": "Espionage-Hacks against private companies in the US, China, Germany, the Philippines and Vietnam.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-08-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "589_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "589_1", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "589_2", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "589_3", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "589_4", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "initiator_country": [ "Vietnam" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 698, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 699, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT32/Ocean Lotus/Sea Lotus/Canvas Cyclone fka BISMUTH" ], "attributed_initiator_country": [ "Vietnam" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal" ] }, { "ID": 590, "name": "Bridging the AirGap with USBFerry", "description": "An APT, believed to be linked to the Chinese government, developed a malware specifically designed to access airborne networks and deployed it against Taiwanese and Philippine military networks.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "590_0", "receiver_name": null, "receiver_country": "Taiwan", "receiver_region": "SCS", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Finance", "Military" ] }, { "receiver_id": "590_1", "receiver_name": null, "receiver_country": "Philippines", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Finance", "Military" ] } ], "initiator_name": [ "Tropic Trooper/Key Boy" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6593, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Tropic Trooper/Key Boy" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/", "https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 591, "name": "Rampant Kitten", "description": "A new threatactor-Rampant Kitten-was identified with an longterm espionage campaign against iranian regime critics", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "591_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Social groups", "Social groups" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats", "Other social groups" ] }, { "receiver_id": "591_1", "receiver_name": null, "receiver_country": "Azerbaijan", "receiver_region": "CENTAS", "receiver_category": [ "Social groups", "Social groups" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats", "Other social groups" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 701, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/" ], "sources_attribution": [ "Not available" ] }, { "ID": 592, "name": "Community Health Systems Breach", "description": "Dynamite Panda breached the US-American health provider Community Health, and exfiltrated 4.5 Millions of confidential patient data. The attribution of Dynamite Panda is at that point unclear ,some seeing them as cyber-criminals, others seeing the operation as an independent action of a state-sponsored operator without the backing of their superiors.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "592_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Health" ] } ], "initiator_name": [ "APT 18/Dynamite Panda/Wekby" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 703, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Media report (e.g., Reuters makes an attribution statement, without naming further sources)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT 18/Dynamite Panda/Wekby" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 702, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT 18/Dynamite Panda/Wekby" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls", "https://threatpost.com/APT%20-gang-branches-out-to-medical-espionage-in-community-health-breach/107828/", "https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/" ], "sources_attribution": [ "https://www.venafi.com/blog/infographic-how-an-attack-by-a-cyber-espionage-operator-bypassed-security-controls", "https://www.pri.org/stories/2014-08-21/even-your-medical-records-arent-safe-chinese-group-hacks-hospitals-patienthttps://threatpost.com/APT -gang-branches-out-to-medical-espionage-in-community-health-breach/107828/" ] }, { "ID": 593, "name": "Nemesis Gemina", "description": "The APT Miniduke continued their campaign, broadening the focus to further countries and new sectors, starting data-theft attacks against governments, militaries and energy companies", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "593_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_1", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_2", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_3", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_4", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_5", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_6", "receiver_name": null, "receiver_country": "Spain", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_7", "receiver_name": null, "receiver_country": "Hungary", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] }, { "receiver_id": "593_8", "receiver_name": null, "receiver_country": "Netherlands", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Not available", "Government / ministries", "Civil service / administration", "Military", "Energy", "Telecommunications" ] } ], "initiator_name": [ "Miniduke" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 704, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Miniduke" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/64107/" ], "sources_attribution": [ "Not available" ] }, { "ID": 594, "name": "Reaper/APT37 vs. South Korean Targets", "description": "APT37 focuses on targeting the public and private sectors primarily in South Korea, but also North Korean Dissidents with Espionage. Wiper Malware was found,but at the time of writing not executed.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-12-05", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "594_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats" ] }, { "receiver_id": "594_1", "receiver_name": null, "receiver_country": "Korea, Democratic People's Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Social groups" ], "receiver_category_subcode": [ "Government / ministries", "Military", "Defence industry", "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067", "Group123" ], "initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 705, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT37/Richochet Chollima/Red Eyes/InkySquid/ScarCruft/Reaper/Group123/TEMP.Reaper/Venus 121/G0067", "Group123" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "One" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://twitter.com/cybersecboardrm/status/1626663903995256836", "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf", "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf", "https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/" ], "sources_attribution": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ] }, { "ID": 595, "name": "MSS 2020 Indictment Case 2015", "description": "MSS supported hackers have stolen sensitive data by different companies and research entities in the US, Europe and Korea in 2015, according to a 2020 indictment.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "595_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Energy", "Defence industry", "Not available" ] } ], "initiator_name": [ "MSS supported Hackers" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 706, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "MSS supported Hackers" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/press-release/file/1295981/download" ], "sources_attribution": [ "Not available" ] }, { "ID": 596, "name": "OP Fun Kill", "description": "Anonymous hackers launched Op Fun Kill, a campaign that aims to protest against the killing of animals. The operation was initiated after Dallas Safari Club announced that\u2019s it was auctioning the chance to kill a black rhino in Namibia.", "added_to_DB": "2022-08-15", "start_date": "2014-01-08", "end_date": "2014-01-08", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "596_0", "receiver_name": null, "receiver_country": "Namibia", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system", "Media" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 707, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Hackers-Launch-DDOS-Attack-on-Namibian-Government-Portal-in-OpFunKill-414769.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 597, "name": "SEA vs. Saudi Websites", "description": "16 Saudi Arabian Government Websites Hacked by Syrian ElectronicArmy", "added_to_DB": "2022-08-15", "start_date": "2014-01-16", "end_date": "2014-01-16", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "597_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 708, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "http://news.softpedia.com/news/16-Saudi-Arabian-Government-Websites-Hacked-by-Syrian-Electronic-Army-417751.shtml", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 598, "name": "Block of Court System", "description": "Unidentified hackers temporarily blocked access to the federal court system\u2019s public website on Friday, preventing lawyers from filing legal documents", "added_to_DB": "2022-08-15", "start_date": "2014-01-24", "end_date": "2014-01-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "598_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Judiciary" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 709, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-usa-courts-hack/u-s-court-system-targeted-in-cyber-attack-report-idUSBREA0O03W20140125", "https://news.softpedia.com/news/Websites-of-the-US-Federal-Court-System-Disrupted-by-Cyberattacks-420595.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 599, "name": "Nigerian CyberArmy attack on the Nigerian Ministry of Police Affairs", "description": "The official website of Nigeria\u2019s Ministry of Police Affairs (police affairs .gov.ng) has been breached and defaced by hackers of the Nigerian CyberArmy", "added_to_DB": "2022-08-15", "start_date": "2014-01-26", "end_date": "2014-01-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "599_0", "receiver_name": null, "receiver_country": "Nigeria", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Nigerian Cyber Army" ], "initiator_country": [ "Nigeria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 710, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Nigerian Cyber Army" ], "attributed_initiator_country": [ "Nigeria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Nigeria-s-Ministry-of-Police-Affairs-Hacked-and-Defaced-422104.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 600, "name": "Pakistan Haxor Crew vs. West Bengal Area", "description": "Indian Public Health Engineering Department Targeted by Pakistani Hackers", "added_to_DB": "2022-08-15", "start_date": "2014-02-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "600_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Pakistan Haxor Crew" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 711, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Pakistan Haxor Crew" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Indian-Public-Health-Engineering-Department-Targeted-by-Pakistani-Hackers-423623.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 601, "name": "Sands-Casino-Hack", "description": "Las Vegas Casino Hacked by Iranians in 2014 , according to intelligence chief Clapper in 2015.", "added_to_DB": "2022-08-15", "start_date": "2014-02-01", "end_date": "Not available", "updated_at": "2023-07-17", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Disruption" ], "receivers": [ { "receiver_id": "601_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ null ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 3, "attributions": [ { "attribution_id": 11663, "settled": false, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 11665, "settled": false, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] }, { "attribution_id": 11664, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "Not available" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml", "https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2", "https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html" ], "sources_attribution": [ "https://news.softpedia.com/news/Las-Vegas-Casino-Hacked-By-Iranians-in-2014-Bloomberg-474440.shtml", "https://www.bloomberg.com/news/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=technology#p2", "https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html" ] }, { "ID": 602, "name": "RedHack Police Dataleak", "description": "RedHack leaked data of police men and hacked several websites of different organizations including gov-websites to protest against a new internetlaw", "added_to_DB": "2022-08-15", "start_date": "2014-02-01", "end_date": "Not available", "updated_at": "2023-11-21", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "602_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Police" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 715, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/RedHack-Begins-Hack-Attacks-in-Protest-Against-Turkey-s-New-Internet-Law-425418.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 603, "name": "DDOS vs. British Ministry of Justice", "description": "Website of British Ministry of Justice and GCHQ disrupted by DDOS Attack", "added_to_DB": "2022-08-15", "start_date": "2014-02-12", "end_date": "2014-02-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "603_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Police" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 716, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-British-Ministry-of-Justice-Disrupted-by-DDOS-Attack-426652.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 604, "name": "Falling Dominos", "description": "Several Hacker Groups defaced and hacked websites of venezuelan Gov. and military Websites to support opposition during protests", "added_to_DB": "2022-08-15", "start_date": "2014-02-15", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "604_0", "receiver_name": null, "receiver_country": "Venezuela", "receiver_region": "SOUTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Military" ] } ], "initiator_name": [ "Anonymous", "LulzSec Peru" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 717, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "LulzSec Peru" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 718, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous", "LulzSec Peru" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.pri.org/stories/2014-02-17/global-hackers-hit-venezuelan-government-servers-falling-dominoes" ], "sources_attribution": [ "Not available" ] }, { "ID": 605, "name": "Rucyborg vs. Russian Investment Fond", "description": "Hacktivists of the Russian Cyber Command (Rucyborg) group have announced another dataleak. This time, they\u2019ve targeted the Russian Industrial Investment Fund, a semi-governmental investment company established by a decree of the president of Russia.", "added_to_DB": "2022-08-15", "start_date": "2014-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "605_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Rucyborg" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 719, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Rucyborg" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Hacktivists-Leak-Data-from-Personal-PC-of-Russian-Industrial-Investment-Fund-President-432552.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 606, "name": "Kuwait Defacement", "description": "Website of Kuwait\u2019s Ministry of Interior Hacked and Defaced", "added_to_DB": "2022-08-15", "start_date": "2014-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "606_0", "receiver_name": null, "receiver_country": "Kuwait", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Shmook Amer", "Dr.Hjd." ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 720, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Shmook Amer", "Dr.Hjd." ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Website-of-Kuwait-s-Ministry-of-Interior-Hacked-and-Defaced-435068.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 607, "name": "SEA vs. Opposition", "description": "The Syrian Electronic Army has breached and defaced the official website of the NationalCoalition for Syrian Revolutionary and Opposition Forces (etilaf.org). A number of other sites related to the organization have also been targeted.", "added_to_DB": "2022-08-15", "start_date": "2014-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "607_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 721, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-Syrian-National-Coalition-432473.shtml", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 608, "name": "CyberBerkut vs. NATO", "description": "On the eve of a crucial vote ove rCrimea\u2019s would-be succession from the Ukraine, a group of purported pro-Russian Ukrainians launched three successful denial-of-service attacks against NATO websites.", "added_to_DB": "2022-08-15", "start_date": "2014-03-01", "end_date": "Not available", "updated_at": "2023-11-01", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "608_0", "receiver_name": null, "receiver_country": "NATO (institutions)", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Cyber Berkut" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 722, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 723, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.vice.com/en_us/article/jp5mxd/pro-russia-ukranians-hack-nato-websites", "https://www.recordedfuture.com/cyber-berkut-analysis/", "https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine" ], "sources_attribution": [ "https://www.recordedfuture.com/cyber-berkut-analysis/", "https://www.zeit.de/politik/ausland/2014-03/hacker-nato-websites-ukraine" ] }, { "ID": 609, "name": "Seoul Subway Hack", "description": "According to the Government of Seoul, the NorthKorea is the mainsuspect for a cyberattack that 2014 hit the South Korean capital\u2019s subwaysystem. The attack, staged between March and August 2014, affected several servers of Seoul Metro.", "added_to_DB": "2022-08-15", "start_date": "2014-03-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "609_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Transportation" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 724, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp", "https://www.vice.com/en_us/article/vb8bp8/cyber-attack-on-south-korean-subway-system-could-be-a-sign-of-nastier-things-to-come", "https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html" ], "sources_attribution": [ "https://securityaffairs.co/wordpress/40764/hacking/is-the-north-korea-behind-the-attack-on-the-seoul-subway-operator.html" ] }, { "ID": 610, "name": "Anonymous DDOS on Kremlin", "description": "Kremlin gets DDoS\u2019d by Anonymous Caucasus", "added_to_DB": "2022-08-15", "start_date": "2014-03-14", "end_date": "2014-03-24", "updated_at": "2022-11-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "610_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 725, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/tech-policy/2014/03/kremlin-gets-ddosd-by-anonymous-caucasus/", "https://twitter.com/twitter/status/1517983764458184704" ], "sources_attribution": [ "Not available" ] }, { "ID": 611, "name": "Anonymous DDOS on Kremlin Round 2", "description": "Anonymous Russia likely launched a powerful DDoS attack that temporarily knocked out websites belonging to the Kremlin, the Russian central bank, and Foreign Ministry. It is unknown if this is related to the war in Ukraine, but in their first round of DDoS attacks on the Kremlin, the attack was considered a response to Russian censorship.", "added_to_DB": "2022-08-15", "start_date": "2014-03-14", "end_date": "2014-03-14", "updated_at": "2022-11-10", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "611_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ null ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 2717, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.businessinsider.com/russia-cyberattack-ukraine-2014-3?IR=T", "https://twitter.com/twitter/status/1517983764458184704" ], "sources_attribution": [ "https://twitter.com/twitter/status/1517983764458184704" ] }, { "ID": 612, "name": "AnonGhost vs. Israeli ministry of Agriculture", "description": "Israeli Ministry of Agriculture and Rural Development Domain Hacked by AnonGhost", "added_to_DB": "2022-08-15", "start_date": "2014-03-29", "end_date": "2014-03-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "612_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "AnonGhost" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 727, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "AnonGhost" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonghost-hacks-israeli-ministry-website/" ], "sources_attribution": [ "Not available" ] }, { "ID": 613, "name": "CyberBerkut-US-PMC-Hack", "description": "CyberBerkut claimed responsibility for defacing the websites of several private military companies\u2013Greystone, TripleCanopy, and Academi\u2013that they claimed were operating on the ground in Ukraine.", "added_to_DB": "2022-08-15", "start_date": "2014-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "613_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Defence industry", "Not available" ] } ], "initiator_name": [ "Cyber Berkut" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 729, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 728, "settled": null, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Autonomy", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Autonomy", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf", "https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf" ], "sources_attribution": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf" ] }, { "ID": 614, "name": "Indian hackers retaliation for attack on BCP", "description": "The hacktivists have targeted the National Portal of Pakistan (Pakistan.gov.pk), and the websites of the Cabinet Ministry (cabinet.gov.pk), the Pakistan Manpower Institute (pmi.gov.pk), the Ministry of Defense (mod.gov.pk), the government\u2019s Establishment Division (establishment.gov.pk), and the Ministry of Railways (railways.gov.pk).", "added_to_DB": "2022-08-15", "start_date": "2014-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "614_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Bl@ckDr@gon", "HaxorT0du" ], "initiator_country": [ "India", "India" ], "initiator_category": [ "Non-state-group", "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 730, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Bl@ckDr@gon", "HaxorT0du" ], "attributed_initiator_country": [ "India", "India" ], "attributed_initiator_category": [ "Non-state-group", "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)", "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Pakistani-National-Portal-Cabinet-Ministry-and-Ministry-of-Defense-Hacked-439248.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 615, "name": "Suckfly vs. India", "description": "A cyber-espionage group called Suckfly is targeting governments and big enterprises, mainly located in India", "added_to_DB": "2022-08-15", "start_date": "2014-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "615_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] }, { "receiver_id": "615_1", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Suckfly" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 731, "settled": true, "attribution_year": 2016, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Suckfly" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2016" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://news.softpedia.com/news/suckfly-cyber-espionage-group-targets-indian-government-and-private-companies-504183.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 616, "name": "OP Israel Counterattack", "description": "In a counter-attack against Op Israel, local hackers hijacked the webcams of attackers of Israeli sites", "added_to_DB": "2022-08-15", "start_date": "2014-04-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "616_0", "receiver_name": null, "receiver_country": "Unknown", "receiver_region": "Not available", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Hacktivist" ] } ], "initiator_name": [ "Israeli Elite Force" ], "initiator_country": [ "Israel" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 732, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Israeli Elite Force" ], "attributed_initiator_country": [ "Israel" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.timesofisrael.com/israeli-group-posts-photos-of-not-so-anonymous-hackers/" ], "sources_attribution": [ "Not available" ] }, { "ID": 617, "name": "Anonymous attack on Israel", "description": "Anonymous hacktivists from several countries have launched a new campaign against Israel. Hundreds of websites were attacked as part of the pro-Palestinian campaign called Operation Israel (OpIsrael). Various types of cyberattacks were launched, from DDoS attacks to defacements. ", "added_to_DB": "2022-08-15", "start_date": "2014-04-07", "end_date": "2014-04-07", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "617_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Finance" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 6592, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "Resources", "Secession", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/OpIsrael-Anonymous-Hackers-Target-Websites-of-Israeli-Banks-and-Government-436235.shtml", "http://www.timesofisrael.com/israeli-sites-shuttered-in-advance-of-cyber-attack/" ], "sources_attribution": [ "Not available" ] }, { "ID": 618, "name": "Redhack Blame Muncipality", "description": "On Tuesday, around 700 workers were trapped in a lignite mine in Soma, at own in Turkey\u2019s Manisa Province, following an explosion. Hacktivists blame authorities for the incident, so they\u2019ve defaced the official website of the Soma Municipality.", "added_to_DB": "2022-08-15", "start_date": "2014-05-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "618_0", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "RedHack" ], "initiator_country": [ "Turkey" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 734, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "RedHack" ], "attributed_initiator_country": [ "Turkey" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/RedHack-Hacks-Website-of-Soma-Municipality-Following-Death-of-Hundreds-of-Miners-442076.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 619, "name": "Belgium Data Leak", "description": "Hackers stole data related to the Ukraine crisis from Belgian foreign ministry servers, prompting a security crackdown which has left diplomats without Internet or email, the ministry said.", "added_to_DB": "2022-08-15", "start_date": "2014-05-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "619_0", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 735, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Resources", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-belgium-cybercrime-ukraine/hackers-steal-ukraine-crisis-data-from-belgian-foreign-ministry-idUSBREA4B0EB20140512" ], "sources_attribution": [ "Not available" ] }, { "ID": 620, "name": "Red October aka Inception Framework: Cloud Atlas", "description": "The APT Red October reemerged with new attacks, closely based on their attacks in 2012. With office vulnerabilities, they managed to access confident data, across various countries.", "added_to_DB": "2022-08-15", "start_date": "2014-05-01", "end_date": "Not available", "updated_at": "2023-03-13", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized", "Attack on (inter alia) political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "620_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_1", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_2", "receiver_name": null, "receiver_country": "Moldova, Republic of", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_3", "receiver_name": null, "receiver_country": "Belgium", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_4", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_5", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_6", "receiver_name": null, "receiver_country": "Bulgaria", "receiver_region": "EU", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_7", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_8", "receiver_name": null, "receiver_country": "Turkey", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] }, { "receiver_id": "620_9", "receiver_name": null, "receiver_country": "Georgia", "receiver_region": "CENTAS", "receiver_category": [ "State institutions / political system", "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available", "Energy", "Telecommunications", "Finance", "Defence industry", "Not available" ] } ], "initiator_name": [ "Inception Framework/Cloud Atlas/Blue Odin/G0100", "Red October" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 736, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Inception Framework/Cloud Atlas/Blue Odin/G0100", "Red October" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/", "https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies" ], "sources_attribution": [ "Not available" ] }, { "ID": 621, "name": "Premera Blue Cross Hack", "description": "Health insurer Premera Blue Cross said it was a victim of a cyberattack that that began in May 2014 and may have exposed medical data and financial information of 11 million customers. Media reveals that there are indications that this operation may be the work of a state-sponsored Chinese espionage group.", "added_to_DB": "2022-08-15", "start_date": "2014-05-05", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "621_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Health" ] } ], "initiator_name": [ "APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)", "PLA" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 737, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)", "PLA" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Resources" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-cyberattack-premera-idUSKBN0MD2FF20150317", "https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/" ], "sources_attribution": [ "https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/" ] }, { "ID": 622, "name": "Pro Taliban Group vs. Pakistan Police", "description": "The official website of the Rawalpindi police in Pakistan(rawalpindi police.gov.pk) was hacked and defaced on Thursday by a group that appears to support the Taliban.", "added_to_DB": "2022-08-15", "start_date": "2014-05-15", "end_date": "2014-05-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "622_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Pakistan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 738, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Pakistan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "System/ideology", "Unknown" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Pakistani-Police-Website-Hacked-By-Supporters-of-the-Taliban-442482.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 623, "name": "Anonymous Fighting in the Phillipinian Sea", "description": "Anonymous Philippines claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West Philippine Sea", "added_to_DB": "2022-08-15", "start_date": "2014-05-19", "end_date": "2014-05-19", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "623_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Anonymous Philippines" ], "initiator_country": [ "Philippines" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 739, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous Philippines" ], "attributed_initiator_country": [ "Philippines" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "Resources" ], "offline_conflict_issue": [ "System/ideology", "Territory", "Resources", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2014/05/anonymous-philippines-hacks-hundreds-of.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 624, "name": "Vietnam Ministry Hack", "description": "Malware has been specifically crafted for the systems used by the employees at the Vietnamese Ministry of Natural Resources and Environment", "added_to_DB": "2022-08-15", "start_date": "2014-06-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Hijacking without Misuse" ], "receivers": [ { "receiver_id": "624_0", "receiver_name": null, "receiver_country": "Vietnam", "receiver_region": "SEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 740, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "none" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, not used - empowerment (incident scores 1 point in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Government-Employees-Targeted-by-Phishing-Campaign-447692.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 625, "name": "DDOS vs. Hong Kong Voting Site", "description": "Largest DDoS attack hit PopVote, Hong Kong Democracy voting site", "added_to_DB": "2022-08-15", "start_date": "2014-06-14", "end_date": "2014-06-15", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "625_0", "receiver_name": null, "receiver_country": "Hong Kong", "receiver_region": "ASIA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 741, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "Autonomy" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://securityaffairs.co/wordpress/26030/cyber-crime/popvote-largest-ddos-attack.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 626, "name": "SEA vs. mediasites", "description": "Syrian ElectronicArmy attacked several Media websites", "added_to_DB": "2022-08-15", "start_date": "2014-06-22", "end_date": "2014-06-22", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "626_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] }, { "receiver_id": "626_1", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 742, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://theconversation.com/syrian-electronic-armys-attack-on-reuters-makes-a-mockery-of-cyber-security-again-28415", "https://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/#62139039c522", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 627, "name": "Anti-Armenia Team vs. Armenian President", "description": "Azerbaijani hackers hack Armenian President and Ministry websites", "added_to_DB": "2022-08-15", "start_date": "2014-06-26", "end_date": "2014-06-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "627_0", "receiver_name": null, "receiver_country": "Armenia", "receiver_region": "CSTO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anti-Armenia Team" ], "initiator_country": [ "Azerbaijan" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 743, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anti-Armenia Team" ], "attributed_initiator_country": [ "Azerbaijan" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory" ], "offline_conflict_issue": [ "Territory" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/azerbaijani-hackers-hack-armenian-president-website/" ], "sources_attribution": [ "Not available" ] }, { "ID": 628, "name": "Background Investigations Firm Hack", "description": "A cyber attack at a firm that performs background checks for U.S. government employees compromised data of at least 25,000 workers, including some undercover investigators, and that number could rise, agency officials said.", "added_to_DB": "2022-08-15", "start_date": "2014-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "628_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 744, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-usa-security-contractor-cyberattack/u-s-undercover-investigators-among-those-exposed-in-data-breach-idUSKBN0GM1TZ20140822", "https://krebsonsecurity.com/2014/01/dhs-alerts-contractors-to-bank-data-theft/", "https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807", "https://edition.cnn.com/2014/08/06/tech/hackers-security-contractor-usis/index.html" ], "sources_attribution": [ "https://www.reuters.com/article/us-usa-security-contractor/u-s-homeland-security-contractor-reports-computer-breach-idUSKBN0G62N420140807" ] }, { "ID": 629, "name": "Tunesia-Election-Hack 2014", "description": "In July 2014, the electronic voter registration system for the then-upcoming Tunisian presidential election suffered a cyberattack, rendering registrations impossible for an unknown amount of time.", "added_to_DB": "2022-08-15", "start_date": "2014-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "629_0", "receiver_name": null, "receiver_country": "Tunisia", "receiver_region": "MENA", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 745, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf" ], "sources_attribution": [ "Not available" ] }, { "ID": 630, "name": "Twitter of Kenyan Defense Force Hacked", "description": "The Twitter accounts of the Kenyan defence forces and its spokesman have been hacked by activists protesting about corruption.", "added_to_DB": "2022-08-15", "start_date": "2014-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "630_0", "receiver_name": null, "receiver_country": "Kenya", "receiver_region": "SSA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 746, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.bbc.com/news/world-africa-28398976" ], "sources_attribution": [ "Not available" ] }, { "ID": 631, "name": "Chafer aka APT39 1.0", "description": "Chafer, an Iranian based Espionage group focusses heavily on the theft of personal information, via telecommunications companies and Airlines in the Middle East and also Individuals in Iran.", "added_to_DB": "2022-08-15", "start_date": "2014-07-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "631_0", "receiver_name": null, "receiver_country": "Iran, Islamic Republic of", "receiver_region": "MEA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "631_1", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "631_2", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)" ], "initiator_country": [ "Iran, Islamic Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 747, "settled": true, "attribution_year": 2015, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT39/Chafer/Remix Kitten/ITG07/G0087 (Rana Intelligence Computing Company)" ], "attributed_initiator_country": [ "Iran, Islamic Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2015" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html" ] }, { "ID": 632, "name": "SEA vs IDF", "description": "SEA hacks Israeli Defence Force Twitteraccount, posts bogus nuclear warning", "added_to_DB": "2022-08-15", "start_date": "2014-07-03", "end_date": "2014-07-03", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "632_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 748, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 749, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://nakedsecurity.sophos.com/2014/07/04/sea-hacks-israeli-defence-force-twitter-account-posts-bogus-nuclear-warning/", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 633, "name": "Godzilla vs. Pakistan", "description": "An Indian patriotic hacker targeted 43 major Pakistani Government official websites, including \u2018President of Pakistan\u2019, \u2018Government of Pakistan\u2019, 'Ministry of Defence\u2019, and whole Ministry of Pakistan.", "added_to_DB": "2022-08-15", "start_date": "2014-08-01", "end_date": "Not available", "updated_at": "2023-10-12", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "633_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Godzilla" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 13622, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Godzilla" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://thehackernews.com/2014/08/godzilla-hacker-takes-down-several_1.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 634, "name": "Anonymous leak of Pakistani Data", "description": "Anonymous Leaks Sensitive Data on Pakistani Government and Army in Solidarity With Protestors", "added_to_DB": "2022-08-15", "start_date": "2014-08-01", "end_date": "2014-08-01", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "634_0", "receiver_name": "Not available", "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 1787, "settled": true, "attribution_year": null, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": "Not available", "political_response_month": "Not available", "political_response_day": "Not available" } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": "Not available", "legal_response_month": "Not available", "legal_response_day": "Not available" } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.ibtimes.co.uk/anonymous-leaks-sensitive-data-pakistani-government-army-solidarity-protestors-1464015" ], "sources_attribution": [ "Not available" ] }, { "ID": 635, "name": "Monitoring of Exil-Bahraini Activists", "description": "Rightsgroup Privacy International files complaint that officials illegally monitored devices of pro-democracy trio in UK", "added_to_DB": "2022-08-15", "start_date": "2014-08-01", "end_date": "Not available", "updated_at": "2023-05-15", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)", "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "635_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] }, { "receiver_id": "635_1", "receiver_name": null, "receiver_country": "Bahrain", "receiver_region": "GULFC", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Bahrain" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 753, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Bahrain" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.theguardian.com/technology/2014/oct/13/uk-police-investigate-alleged-bahraini-hacking-exiles-computers" ], "sources_attribution": [ "Not available" ] }, { "ID": 636, "name": "Gamma International Hack 2014", "description": "A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data.", "added_to_DB": "2022-08-15", "start_date": "2014-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "636_0", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 754, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/" ], "sources_attribution": [ "Not available" ] }, { "ID": 637, "name": "Saudi Embassy Hack", "description": "An Saudi Embassy was hacked and threatened with an terrorist attack if they wouldn't pay 35 Million to the attacker. The attacker claimed to be associated with ISIS, but it was later on revelead that he was an insider.", "added_to_DB": "2022-08-15", "start_date": "2014-08-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "637_0", "receiver_name": null, "receiver_country": "Saudi Arabia", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Saudi Arabia" ], "initiator_category": [ "Individual hacker(s)" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 4, "attributions": [ { "attribution_id": 756, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Receiver attributes attacker" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 757, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 755, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 758, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Saudi Arabia" ], "attributed_initiator_category": [ "Individual hacker(s)" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html" ], "sources_attribution": [ "https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html" ] }, { "ID": 638, "name": "Anonymous vs. Mossad", "description": "Anonymous hackers take down Mossad website against Gaza attacks", "added_to_DB": "2022-08-15", "start_date": "2014-08-02", "end_date": "2014-08-02", "updated_at": "2023-11-14", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "638_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 759, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonymous-hackers-mossad-website/" ], "sources_attribution": [ "Not available" ] }, { "ID": 639, "name": "Hack of Russian Prime Ministers Twitter", "description": "Someone hacked the Twitter account of Russia's Prime Minister Dmitry Medvedev, posting a series of fake messages including are signation announcement.", "added_to_DB": "2022-08-15", "start_date": "2014-07-14", "end_date": "2014-08-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "639_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Shaltai Boltai" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 760, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Shaltai Boltai" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://mashable.com/2014/08/14/russias-prime-minister-twitter-account-gets-hacked/#14s8LOmTpgqH", "https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/" ], "sources_attribution": [ "https://www.washingtonpost.com/news/worldviews/wp/2017/03/16/the-fbi-just-indicted-a-russian-official-for-hacking-but-why-did-russia-charge-him-with-treason/" ] }, { "ID": 640, "name": "CyberBerkut vs. Poland", "description": "The hacker group CyberBerkut said it blocked the sites, both down on Thursday afternoon, in response to what it said were Poland's actions as\"sponsors off a scismin Ukraine\".", "added_to_DB": "2022-08-15", "start_date": "2014-07-14", "end_date": "2014-08-14", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "640_0", "receiver_name": null, "receiver_country": "Poland", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Government / ministries", "Not available" ] } ], "initiator_name": [ "Cyber Berkut" ], "initiator_country": [ "Ukraine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 761, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites" ], "sources_attribution": [ "https://www.securityweek.com/ukrainian-hackers-claim-attack-polish-websites" ] }, { "ID": 641, "name": "Anonymous Takedown of israeli pages part II", "description": "Hackers operating under the banners of Anonymous have taken offline important Israeli government websites as a reaction to the alleged shutdown of various social media accounts of the group.", "added_to_DB": "2022-08-15", "start_date": "2014-08-24", "end_date": "2014-08-24", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "641_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 762, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Cyber-specific" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Key-Israeli-Websites-Hacked-By-Anonymous-456302.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 642, "name": "Anonymous Data Leak Pakistan 2014", "description": "Anonymous Pakistan' take down government sites, leak bank records", "added_to_DB": "2022-08-15", "start_date": "2014-08-31", "end_date": "2014-09-01", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "642_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 763, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.dawn.com/news/1129212" ], "sources_attribution": [ "Not available" ] }, { "ID": 643, "name": "HongKong-Protest-Fake-App", "description": "Protesters in Hong Kong are being targeted by a social engineering campaign aiming to infect Android devices with an advanced surveillance mRAT.", "added_to_DB": "2022-08-15", "start_date": "2014-09-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "643_0", "receiver_name": null, "receiver_country": "Hong Kong", "receiver_region": "ASIA", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 764, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Autonomy" ], "offline_conflict_issue": [ "System/ideology", "Autonomy" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/" ], "sources_attribution": [ "https://blog.checkpoint.com/2014/09/30/chinese-government-targets-hong-kong-protesters-android-mrat-spyware/" ] }, { "ID": 644, "name": "The North Korean Threat Actor Lazarus Carried Out A Cyber Attack Against US Company Sony Pictures Entertainment And Leaked Stolen Personal Data In 2014", "description": "The American media and entertainment studio group Sony Pictures Entertainment fell victim to a large-scale cyber attack in mid to late 2014, carried out by a group called Guardians of Peace, more commonly known as the Lazarus Group, which has been linked to North Korea. The attack, a meticulously planned intrusion, targeted Sony's network and culminated in the theft of extensive confidential data. The hackers strategically disseminated parts of the stolen information, both directly and through the media. They also demanded to stop the release of \"The Interview\", a satirical film depicting the assassination of North Korean leader Kim Jong Un by two American characters.\nSony Pictures became aware of the hack on 24 November 2014. However, there are indications that the perpetrators had already gained access to Sony's networks months before the attack. The FBI's subsequent investigation led them to attribute the attack to the North Korean government, although they did not officially disclose their evidence. North Korea vehemently denied any involvement.\nThe main target of the cyber attack was Sony Pictures Entertainment in New York, with the attackers exploiting Microsoft Windows-based systems. The malware responsible for the intrusion, after physically infiltrating Sony's networks, spread as a Windows service and exploited Microsoft Windows' administrative and network file sharing features. This allowed the hackers to connect to the Sony network and enable the theft and destruction of data.\nThe cyber-attack was in retaliation for Sony's refusal to comply with an earlier request to stop the release of said film. The consequences included the leaking of unreleased films and scripts, the theft of employees' personal information such as national insurance numbers and medical records, and the publication of payrolls and sensitive email correspondence. Sony was forced to suspend all online activities and shut down its network for several days.\nAs a result, on 19 December 2014, President Obama promised \"appropriate action against the perpetrators\", particularly the North Korean government. This cyber attack not only caused harm to Sony employees and their families, but also undermined the economic and social well-being of American citizens. In response, the US government may have responded with cyber attacks on critical infrastructure in North Korea, resulting in temporary internet outages in the country. If confirmed, this was the first instance of the United States responding to a cyberattack on its soil with such measures.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "2014-11-24", "updated_at": "2024-02-26", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "644_0", "receiver_name": "Sony Pictures Entertainment", "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau", "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau", "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau", "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested", "State", "State", "State", "State", "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available", "Not available", "Not available", "Not available", "Not available", "Not available", "Not available" ], "number_of_attributions": 4, "attributions": [ { "attribution_id": 16701, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 16702, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 16703, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Contested attribution" ], "attribution_type": [ "Not available" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] }, { "attribution_id": 16704, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement/report and indictment / sanctions" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Lazarus Group/Labyrinth Chollima/HIDDEN COBRA/Guardians of Peace/Diamond Sleet fka ZINC/NICKEL ACADEMY/NewRomanic Cyber Army Team/Whois Hacking Team/Appleworm/Group 77/G0032 (Reconnaissance General Bureau, Bureau 121, Unit 180, Lab 110)", "Reconnaissance General Bureau" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of", "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power", "Other" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 5, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 5, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.govinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193", "https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/", "https://securitymea.com/2023/02/28/apt-group-lazarus-likely-using-winordll64-backdoor-to-exfiltrate-data/", "https://www.darkreading.com/vulnerabilities-threats/lazarus-group-deathnote-cluster-pivots-defense-sector", "https://www.govinfosecurity.com/north-korean-apt-group-now-deploying-linux-malware-variant-a-21737", "https://www.nytimes.com/2023/04/24/us/politics/justice-dept-cryptocurrency-north-korea.html", "https://therecord.media/nickelodeon-alleged-data-breach", "https://www.hackread.com/nickelodeon-data-leak-interview-with-ghostytongue/", "https://elpais.com/https:/elpais.com/economia/negocios/2023-07-22/codigo-rojo-nos-han-hackeado-asi-son-los-ciberataques-empresariales.html", "https://therecord.media/paramount-data-breach-cyberattack", "https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/", "https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace", "https://www.hackread.com/ransomedvc-ransomware-quit-sell-infrastructure/", "https://www.darkreading.com/vulnerabilities-threats/defending-against-attacks-on-vulnerable-iot-devices", "https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/", "https://www.forbes.com.mx/el-costo-oculto-de-los-ciberataques-cuando-la-tecnologia-amenaza-la-existencia-empresarial/", "https://www.ht4u.net/news/alarmstufe-rot-im-cyberspace-der-unaufhaltsame-anstieg-von-cyberangriffen-und-datenbruechen-erreicht-neue-hoehen/", "https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/", "https://thediplomat.com/2022/10/the-future-of-south-korea-us-cyber-cooperation/", "https://therecord.media/more-than-2000-cybersecurity-patent-applications-filed-since-2010-report/", "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", "https://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0", "https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/", "https://www.nytimes.com/roomfordebate/2014/12/23/when-does-a-cyberattack-warrant-a-military-response", "https://twitter.com/MischaHansel/status/1623012083854979083", "https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html", "https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/", "https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/" ], "sources_attribution": [ "https://www.theregister.co.uk/2017/05/30/nork_spy_agency_lazarus_group_attribution/", "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", "https://arstechnica.com/information-technology/2018/09/us-indicts-north-korean-agents-for-wannacry-sony-attacks/", "https://www.schneier.com/essays/archives/2014/12/did_north_korea_real.html" ] }, { "ID": 645, "name": "Anonymous vs. Romania", "description": "The home page of the General Inspectorate of Romanian Police was hacked by the local Anonymous group, who posted a message on the News Section.", "added_to_DB": "2022-08-15", "start_date": "2014-09-17", "end_date": "2014-09-17", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "645_0", "receiver_name": null, "receiver_country": "Romania", "receiver_region": "EU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Police" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 769, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://news.softpedia.com/news/Anonymous-Romania-Hacks-Local-Police-Website-459347.shtml" ], "sources_attribution": [ "Not available" ] }, { "ID": 646, "name": "German Website Defacement", "description": "Hackers post IS-messages on German websites.", "added_to_DB": "2022-08-15", "start_date": "2014-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker", "Incident disclosed by authorities of victim state" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "646_0", "receiver_name": null, "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Team System Dz" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 770, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Team System Dz" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.zeit.de/digital/2014-10/hacker-angriff-is-botschaften" ], "sources_attribution": [ "Not available" ] }, { "ID": 647, "name": "Op Orwah Hammad", "description": "Anonymous has taken down 43 top Israeli government websites against shooting and killing of a 14-year-old U.S. citizen Orwah Hammad by Israeli Defence Forces.", "added_to_DB": "2022-08-15", "start_date": "2014-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "647_0", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 771, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.hackread.com/anonymous-hackers-orwah-hammad-israel-idf/" ], "sources_attribution": [ "Not available" ] }, { "ID": 648, "name": "CyberBerkut Billboard Hack", "description": "CyberBerkut hacked billboards in the Ukrainian capital, Kiev, displaying anti-Ukrainian propaganda images of\u201cwar crimes.\u201d", "added_to_DB": "2022-08-15", "start_date": "2014-10-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "648_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Cyber Berkut" ], "initiator_country": [ "Russia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 773, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Russia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] }, { "attribution_id": 772, "settled": null, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Cyber Berkut" ], "attributed_initiator_country": [ "Ukraine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Secession" ], "offline_conflict_issue": [ "System/ideology", "Resources", "Secession" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.recordedfuture.com/cyber-berkut-analysis/" ], "sources_attribution": [ "https://www.recordedfuture.com/cyber-berkut-analysis/" ] }, { "ID": 649, "name": "SEA vs. UNICEF", "description": "Syrian Electronic Army hacked the Twitteraccount of the UNICEF to share the news of bomb blast in a Syrian school which killed 49 children", "added_to_DB": "2022-08-15", "start_date": "2014-10-02", "end_date": "2014-10-02", "updated_at": "2023-10-12", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "649_0", "receiver_name": null, "receiver_country": "UNICEF", "receiver_region": "Not available", "receiver_category": [ "International / supranational organization" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 13621, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Resources" ], "offline_conflict_issue": [ "System/ideology", "Resources" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 5" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.techworm.net/2014/10/unicef-twitter-account-hacked.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 650, "name": "MalluSoldiers vs. PakistanEnergy", "description": "Cyberattackers have hacked the websites of Pakistan People's Party", "added_to_DB": "2022-08-15", "start_date": "2014-10-09", "end_date": "2014-10-09", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "650_0", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies" ] } ], "initiator_name": [ "Mallu Cyber Soldiers" ], "initiator_country": [ "India" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 775, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Mallu Cyber Soldiers" ], "attributed_initiator_country": [ "India" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.ibtimes.co.in/mohanlal-fans-hack-pakistan-website-post-actors-picture-dialogue-610930" ], "sources_attribution": [ "Not available" ] }, { "ID": 651, "name": "OP HongKong", "description": "Anonymous Leaks Chinese Government Website Data Over HongKong Protests", "added_to_DB": "2022-08-15", "start_date": "2014-10-12", "end_date": "2014-10-12", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing", "Disruption" ], "receivers": [ { "receiver_id": "651_0", "receiver_name": null, "receiver_country": "China", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries", "Government / ministries" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 776, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Autonomy" ], "offline_conflict_issue": [ "System/ideology", "Autonomy", "Third-party intervention / third-party affection" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://gadgets.ndtv.com/internet/news/anonymous-leaks-chinese-government-website-data-over-hong-kong-protests-605910", "https://www.techworm.net/2014/10/operation-hong-kong-anonymous-hacks-chinese-government-website.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 652, "name": "Serbian Hackers vs. Albania", "description": "Serbian hackers deface the site of the Albanian state television and put the picture of Albanian flag on fire", "added_to_DB": "2022-08-15", "start_date": "2014-10-18", "end_date": "2014-10-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "652_0", "receiver_name": null, "receiver_country": "Albania", "receiver_region": "WBALKANS", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Serbia" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 777, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Serbia" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Secession" ], "offline_conflict_issue": [ "Secession" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.techworm.net/2014/10/serbian-hackers-deface-rtsh.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 653, "name": "Attack on Ukrainian Voting System", "description": "Hackers attacked Ukraine's election commission website", "added_to_DB": "2022-08-15", "start_date": "2014-10-25", "end_date": "2014-10-25", "updated_at": "2024-04-26", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "653_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration", "Not available" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 778, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.securityweek.com/hackers-target-ukraines-election-website", "https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html", "https://cyberscoop.com/campaigns-political-parties-crosshairs-of-election-meddlers/" ], "sources_attribution": [ "https://www.nytimes.com/2017/08/16/world/europe/russia-ukraine-malware-hacking-witness.html" ] }, { "ID": 654, "name": "Egypt Cyber Army vs. ISIS", "description": "Last week, less than 24 hours after ISIS socialmedia accounts posted a threatening message from the group's leader, the audio recording was replaced with a song and its transcript with a logo resembling that of the Egyptian military, accompanied by a writing in Arabic that read\"Egyptian Cyber Army.\"", "added_to_DB": "2022-08-15", "start_date": "2014-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "654_0", "receiver_name": null, "receiver_country": "Syria", "receiver_region": "MEA", "receiver_category": [ "Social groups" ], "receiver_category_subcode": [ "Terrorist" ] } ], "initiator_name": [ "Egypt Cyber Army" ], "initiator_country": [ "Egypt" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 779, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Egypt Cyber Army" ], "attributed_initiator_country": [ "Egypt" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://mashable.com/2014/11/23/egyptian-cyber-army-isis-baghdadi-hack/?europe=true#6rdxCB7jemqs" ], "sources_attribution": [ "Not available" ] }, { "ID": 655, "name": "DeepPanda G20 Attack", "description": "A Chinese hacking group believed to be affiliated with the Chinese government has penetrated Australian media organisations ahead of this weekend's G20 meeting", "added_to_DB": "2022-08-15", "start_date": "2014-11-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "655_0", "receiver_name": null, "receiver_country": "Australia", "receiver_region": "OC", "receiver_category": [ "Media" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)", "PLA" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 780, "settled": true, "attribution_year": 2014, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT19/Deep Panda/Shell Crew/WebMasters/KungFu Kittens/Group 13/Codoso/SunShop Group/Black Vine/PinkPanther/G0073 (PLA)", "PLA" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2014" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.abc.net.au/news/2014-11-13/g20-china-affliliated-hackers-breaches-australian-media/5889442" ], "sources_attribution": [ "Not available" ] }, { "ID": 656, "name": "Anonymous DDOS vs. Toronto", "description": "Hacker claiming ties to Anonymous targets Toronto, Ottawa Police with DDoS attack", "added_to_DB": "2022-08-15", "start_date": "2014-11-21", "end_date": "2014-11-23", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "656_0", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Military" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 781, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://globalnews.ca/news/1689115/hacker-claiming-ties-to-anonymous-targets-toronto-ottawa-police-with-ddos-attack/" ], "sources_attribution": [ "Not available" ] }, { "ID": 657, "name": "Anonymous KKK Data leak", "description": "Anonymous posts KKK leader\u2019s personal data online", "added_to_DB": "2022-08-15", "start_date": "2014-11-26", "end_date": "2014-11-26", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Data theft & Doxing" ], "receivers": [ { "receiver_id": "657_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "End user(s) / specially protected groups" ], "receiver_category_subcode": [ "Not available" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 782, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.rt.com/usa/209875-anonymous-kkk-leader-dox/" ], "sources_attribution": [ "Not available" ] }, { "ID": 658, "name": "US/GB/CAN-Media-HackSEA", "description": "Syrian Electronic Army hacks several websites, Forbes, Ferrari, Independent, Daily Telegraph and many other websites hijacked", "added_to_DB": "2022-08-15", "start_date": "2014-11-27", "end_date": "2014-11-27", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "658_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "658_1", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "658_2", "receiver_name": null, "receiver_country": "United Kingdom", "receiver_region": "NORTHEU", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] }, { "receiver_id": "658_3", "receiver_name": null, "receiver_country": "Canada", "receiver_region": "NORTHAM", "receiver_category": [ "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Media" ], "receiver_category_subcode": [ "Not available", "Not available" ] } ], "initiator_name": [ "Syrian Electronic Army" ], "initiator_country": [ "Syria" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 783, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attacker confirms" ], "attribution_type": [ "Self-attribution in the course of the attack (e.g., via defacement statements on websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Syrian Electronic Army" ], "attributed_initiator_country": [ "Syria" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.techworm.net/2014/11/syrian-electronic-army-hacks-several-websites-forbes-ferrari-independent-daily-telegraph-many-websites-hijacked.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ], "sources_attribution": [ "https://www.fireeye.com/blog/threat-research/2013/07/syrian-electronic-army-hacks-major-communications-websites.html", "https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0" ] }, { "ID": 659, "name": "UMPDDPS", "description": "Internet hackers have disrupted the ballot to elect a new leader of France's main opposition party, the UMP.", "added_to_DB": "2022-08-15", "start_date": "2014-11-28", "end_date": "2014-11-29", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "659_0", "receiver_name": null, "receiver_country": "France", "receiver_region": "WESTEU", "receiver_category": [ "State institutions / political system", "State institutions / political system" ], "receiver_category_subcode": [ "Intelligence agencies", "Election infrastructure / related systems" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 784, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Long-term disruption (> 24h; incident scores 2 points in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.connexionfrance.com/Archive/Hackers-slow-down-UMP-leader-ballot" ], "sources_attribution": [ "Not available" ] }, { "ID": 660, "name": "Kimsuky vs. SK nuclear authority", "description": "Hackers stole blueprints, employee data, and threatened \"destruction\" if demands not met. South Korea claims North hacked nuclear data", "added_to_DB": "2022-08-15", "start_date": "2014-12-01", "end_date": "Not available", "updated_at": "2023-08-21", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft & Doxing", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "660_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "initiator_country": [ "Korea, Democratic People's Republic of" ], "initiator_category": [ "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 785, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Kimsuky/Velvet Chollima/STOLEN PENCIL/Emerald Sleet fka THALLIUM/Black Banshee/G0094" ], "attributed_initiator_country": [ "Korea, Democratic People's Republic of" ], "attributed_initiator_category": [ "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "Territory", "International power" ], "offline_conflict_issue": [ "System/ideology", "Territory", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://arstechnica.com/information-technology/2015/03/south-korea-claims-north-hacked-nuclear-data/", "https://en.yna.co.kr/view/AEN20150326007300320?section=search", "https://en.yna.co.kr/view/AEN20150317005552315?section=search", "https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html", "https://securityaffairs.com/149698/apt/kimsuky-war-simulation-centre.html", "https://www.jpost.com/international/article-755426", "https://www.bleepingcomputer.com/news/security/us-govt-sanctions-north-koreas-kimsuky-hacking-group/" ], "sources_attribution": [ "https://en.yna.co.kr/view/AEN20150326007300320?section=search", "https://en.yna.co.kr/view/AEN20150317005552315?section=search" ] }, { "ID": 661, "name": "Takedown of Oakland Website", "description": "Several websites for the city of Oakland were knocked out in a likely cyberattack.", "added_to_DB": "2022-08-15", "start_date": "2014-12-10", "end_date": "2014-12-10", "updated_at": "2023-03-09", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by attacker" ], "incident_type": [ "Disruption" ], "receivers": [ { "receiver_id": "661_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Civil service / administration" ] } ], "initiator_name": [ "Anonymous" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Hacktivist(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 786, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Attribution given, type unclear" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Anonymous" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Hacktivist(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Other" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": true, "data_theft": [ "none" ], "disruption": [ "Short-term disruption (< 24h; incident scores 1 point in intensity)" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 1, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 1, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "http://www.latimes.com/local/crime/la-me-bay-area-protests-20141211-story.html" ], "sources_attribution": [ "Not available" ] }, { "ID": 662, "name": "Fancy Bear vs. Westinghouse", "description": "Fancy Bear accessed the internal networks of the company Westinghouse- a nuclear energy company- and stole sensitive data", "added_to_DB": "2022-08-15", "start_date": "2014-12-10", "end_date": "2015-11-18", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft" ], "receivers": [ { "receiver_id": "662_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)", "GRU" ], "initiator_country": [ "Russia", "Russia" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 787, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Domestic legal action" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Fancy Bear/APT28/Sofacy/Pawn Storm/Group 74/Sednit/Tsar Team/Forest Blizzard fka STRONTIUM/Grizzly Steppe/SNAKEMACKEREL/IRON TWILIGHT/TG-4127/Group G0007/ITG05/BlueDelta (GRU, 85th Main Special Service Center (GTsSS) Military Unit 26165)", "GRU" ], "attributed_initiator_country": [ "Russia", "Russia" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "none" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 2, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 2, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.justice.gov/opa/page/file/1098481/download" ], "sources_attribution": [ "Not available" ] }, { "ID": 663, "name": "Perennial espionage-campaign by Chinese Winnti/WickedPanda vs. Various German Companies in the Chemical, Pharma and Technology Sector.", "description": "Allegedly the Chinese statesponsored Group WickedPanda aka WinNTI stole technical trade secrets of the German steelmaker ThyssenKrupp in early 2016 and from other German industry targets during the period 2016-2019, according to the German Federal Office for the Protection of the Constitution (BfV).", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2023-12-04", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by victim" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "663_0", "receiver_name": "ThyssenKrupp", "receiver_country": "Germany", "receiver_region": "WESTEU", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Health", "Not available", "Chemicals" ] }, { "receiver_id": "663_1", "receiver_name": null, "receiver_country": "Japan", "receiver_region": "NEA", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)", "Critical infrastructure" ], "receiver_category_subcode": [ "Health", "Not available", "Chemicals" ] } ], "initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "initiator_country": [ "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 14749, "settled": false, "attribution_year": 2019, "attribution_month": 4, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Direct statement in media report (e.g., Reuters article cites the attribution statements by a person) / self-attribution via social media" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Germany" ], "attributing_actor": [ "DCSO" ], "attribution_it_company": [ "DCSO" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2019-4" ] }, { "attribution_id": 14750, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Statement in media report and political statement/technical report" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Germany" ], "attributing_actor": [ "Bundesamt f\u00fcr Verfassungsschutz" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "APT41/Brass Typhoon fka BARIUM/Wicked Panda/G0096 (Chengdu 404 Network Technology) <\u00a0Winnti Umbrella/G0044" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Political attribution before IT-security attribution", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://401trg.com/burning-umbrella/", "https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341", "https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004", "https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf", "https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019" ], "sources_attribution": [ "https://401trg.com/burning-umbrella/", "https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004", "https://www.verfassungsschutz.de/embed/vsbericht-2019.pdf", "https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte/vsbericht-2019" ] }, { "ID": 664, "name": "RedFoxtrot aka PLA Unit 69010 vs. Central Asian Countries", "description": "Recorded Future reported a wide espionage-campaign by the Chinese APT RedFoxtrot, aligned with PLA Unit 69010, against central asian government, defense and telecommunication entities.", "added_to_DB": "2022-08-15", "start_date": "2014-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals", "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated ", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "664_0", "receiver_name": null, "receiver_country": "India", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry" ] }, { "receiver_id": "664_1", "receiver_name": null, "receiver_country": "Pakistan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry" ] }, { "receiver_id": "664_2", "receiver_name": null, "receiver_country": "Afghanistan", "receiver_region": "SASIA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry" ] }, { "receiver_id": "664_3", "receiver_name": null, "receiver_country": "Kazakhstan", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Telecommunications", "Defence industry" ] } ], "initiator_name": [ "Red Foxtrot", "PLA Unit 69010" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 790, "settled": true, "attribution_year": 2021, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Red Foxtrot", "PLA Unit 69010" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2021" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "International power" ], "offline_conflict_issue": [ "Territory", "Resources", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 2" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/" ], "sources_attribution": [ "https://www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/" ] }, { "ID": 665, "name": "Chinese Ministry of State Security campaign 2014", "description": "Two Chinese hackers working with the Ministry of State Security (MSS) were indicted for unauthorized access and data theft from a variety of victims.", "added_to_DB": "2022-08-15", "start_date": "2014-12-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by authorities of victim state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "665_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Defence industry" ] } ], "initiator_name": [ "Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS))", "MSS" ], "initiator_country": [ "China", "China" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 791, "settled": true, "attribution_year": 2020, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement/report and indictment / sanctions" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Storm-0062 fka Dev-0062/DarkShadow/Oro01xy/Oro0lxy (Li Xiaoyu) < (Guangdong State Security Department (GSSD), MSS))", "MSS" ], "attributed_initiator_country": [ "China", "China" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2020" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: sensitive information (incident scores 2 points in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 4, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 4, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-258a" ], "sources_attribution": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-258a" ] }, { "ID": 666, "name": "Operation Manul", "description": "A probably state-sponsored espionage campaign by the Kazakh government against critical journalists,\u00a0disclosed by the Electronic Frontier Foundation (EFF) in a report in August 2016. After the EFF originally attributed the campaign to the Indian hacking-for-hire company Appin, a follow-up joint report by threat intelligence company Lookout and the EFF from 2018 indicated the responsibility of an actor that uses the same infrastructure like the threat actor dubbed Dark Caracal, believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2023-11-20", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by third-party-actor (e.g., Citizen Lab, Amnesty International, whistleblowers) or authorities of another state" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "666_0", "receiver_name": null, "receiver_country": "Kazakhstan", "receiver_region": "SCO", "receiver_category": [ "Social groups", "End user(s) / specially protected groups", "Media" ], "receiver_category_subcode": [ "Political opposition / dissidents / expats", "Not available", "Not available" ] } ], "initiator_name": [ "Appin Security Group" ], "initiator_country": [ "Kazakhstan" ], "initiator_category": [ "Non-state actor, state-affiliation suggested" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 14347, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by third-party" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Appin Security Group" ], "attributed_initiator_country": [ "Kazakhstan" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 14346, "settled": false, "attribution_year": 0, "attribution_month": 0, "attribution_day": 0, "attribution_basis": [ "Not available" ], "attribution_type": [ "Not available" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ null ], "attributed_initiator_country": [ "Not available" ], "attributed_initiator_category": [ "Not available" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.eff.org/files/2018/01/29/operation-manul.pdf" ], "sources_attribution": [ "https://www.eff.org/files/2018/01/29/operation-manul.pdf" ] }, { "ID": 667, "name": "Grey Energy", "description": "New malware discovered by ESET, possibly linked to Blackenergy and Russian-state-sponsored attributed Telebots. Espionage as\u00a0preparatory step for potential subsequent sabotage discovered.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2023-01-30", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (\u201ccyber-proxies\u201d) / a group that is generally attributed as state-affiliated " ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "667_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] }, { "receiver_id": "667_1", "receiver_name": null, "receiver_country": "Poland", "receiver_region": "EASTEU", "receiver_category": [ "Critical infrastructure" ], "receiver_category_subcode": [ "Energy" ] } ], "initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)", "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 2, "attributions": [ { "attribution_id": 793, "settled": null, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Media-based attribution" ], "attribution_type": [ "Anonymous statement in media report (e.g., Reuters article cites the attribution statements of unnamed officials, or persons with knowledge into the matter etc.)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)", "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "attributed_initiator_country": [ "Russia", "Russia" ], "attributed_initiator_category": [ "Non-state actor, state-affiliation suggested", "Non-state actor, state-affiliation suggested" ], "attributed_initiator_category_subcode": [ "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)", "Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)" ], "attribution_full_date": [ "2018" ] }, { "attribution_id": 794, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)", "Sandworm/VOODOO Bear/Quedagh/TeleBots/FROZENBARENTS/IRON VIKING/Black Energy/Seashell Blizzard fka IRIDIUM/ELECTRUM/G0034 (GRU, Main Centre for Special Technologies (GTsST) Military Unit 74455)" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/", "https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/", "https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/", "https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/", "https://thehackernews.com/2023/01/ukraine-hit-with-new-golang-based.html", "https://twitter.com/DarkReading/status/1620558295672012807" ], "sources_attribution": [ "https://www.zdnet.com/article/greyenergy-new-malware-campaign-targets-critical-infrastructure-companies/", "https://www.zdnet.com/article/russian-military-behind-notpetya-attacks-uk-officially-names-and-shames-kremlin/" ] }, { "ID": 668, "name": "Quasar, Sobaken and Vermin", "description": "Cybercriminals spied on Ukrainian government actors by using three different malwares, according to ESET.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "668_0", "receiver_name": null, "receiver_country": "Ukraine", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system" ], "receiver_category_subcode": [ "Government / ministries" ] } ], "initiator_name": [ "Not available" ], "initiator_country": [ "Unknown" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 795, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Not available" ], "attributed_initiator_country": [ "Unknown" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf" ], "sources_attribution": [ "https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf" ] }, { "ID": 669, "name": "\"The Big Hack\"", "description": "According to Bloomberg, a Chinese PLA unit managed to infiltrate the Chip production of the company SuperMicro, opening up entrance paths into the systems of important American companies, including Amazon and Google", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)", "Attack on non-political target(s), politicized" ], "inclusion_criteria_subcode": [ "Not available", "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by media (without further information on source)" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "669_0", "receiver_name": null, "receiver_country": "United States", "receiver_region": "NORTHAM", "receiver_category": [ "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Telecommunications", "Not available" ] } ], "initiator_name": [ "PLA" ], "initiator_country": [ "China" ], "initiator_category": [ "State" ], "initiator_category_subcode": [ "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 796, "settled": true, "attribution_year": 2018, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "Attribution by receiver government / state entity" ], "attribution_type": [ "Political statement / report (e.g., on government / state agency websites)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "PLA" ], "attributed_initiator_country": [ "China" ], "attributed_initiator_category": [ "State" ], "attributed_initiator_category_subcode": [ "Not available" ], "attribution_full_date": [ "2018" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "International power" ], "offline_conflict_issue": [ "System/ideology", "International power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 1" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 670, "name": "Arid Viper aka Desert Falcons", "description": "Arid Vipers hackers infected various computers via a infected video, Arid Viper aka Desert Falcons in 2018 attributed to Hamas.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2024-02-15", "inclusion_criteria": [ "Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "670_0", "receiver_name": null, "receiver_country": "Korea, Republic of", "receiver_region": "NEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Science", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Transportation", "Not available", "Military", "Telecommunications" ] }, { "receiver_id": "670_1", "receiver_name": null, "receiver_country": "Israel", "receiver_region": "MEA", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Science", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Transportation", "Not available", "Military", "Telecommunications" ] }, { "receiver_id": "670_2", "receiver_name": null, "receiver_country": "Kuwait", "receiver_region": "GULFC", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Science", "State institutions / political system", "Critical infrastructure" ], "receiver_category_subcode": [ "Government / ministries", "Transportation", "Not available", "Military", "Telecommunications" ] } ], "initiator_name": [ "Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang" ], "initiator_country": [ "Palestine" ], "initiator_category": [ "Non-state-group" ], "initiator_category_subcode": [ "Criminal(s)" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 17163, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Desert Falcons/Arid Viper/APT-C-23/Mantis/Grey Karkadann/UNC718/Renegade Jackal/Desertvarnish/Gaza Cybergang Group 2 < Gaza Cybergang" ], "attributed_initiator_country": [ "Palestine" ], "attributed_initiator_category": [ "Non-state-group" ], "attributed_initiator_category_subcode": [ "Criminal(s)" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ { "political_response_country": [ "Not available" ], "political_response_actor": [ "Not available" ], "political_response_type": [ "NA" ], "political_response_type_sub": [ "NA" ], "political_response_year": 0, "political_response_month": 0, "political_response_day": 0 } ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": 0, "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "0", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "0", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "0", "economic_impact": "Not available", "economic_impact_exact_value": "0", "economic_impact_currency": "euro", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ { "legal_response_country": [ "Not available" ], "legal_response_actor": [ "Not available" ], "legal_response_type": [ "Not available" ], "legal_response_type_sub": [ "Not available" ], "legal_response_year": 0, "legal_response_month": 0, "legal_response_day": 0 } ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=124258120", "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion" ], "sources_attribution": [ "https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one#conclusion" ] }, { "ID": 671, "name": "Inception aka RedOctober 2015", "description": "The APT Inception, allegedly the same actor as the RedOctober Group continued its attacks on various actors with a refined attack vector, after being exposed by an IT company in 2014.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2022-12-21", "inclusion_criteria": [ "Attack on (inter alia) political target(s), not politicized" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "671_0", "receiver_name": null, "receiver_country": "Russia", "receiver_region": "SCO", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Energy", "Defence industry", "Not available" ] }, { "receiver_id": "671_1", "receiver_name": null, "receiver_country": "Moldova, Republic of", "receiver_region": "EASTEU", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Energy", "Defence industry", "Not available" ] }, { "receiver_id": "671_2", "receiver_name": null, "receiver_country": "Global (region)", "receiver_region": "Not available", "receiver_category": [ "State institutions / political system", "Critical infrastructure", "Critical infrastructure", "Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)" ], "receiver_category_subcode": [ "Not available", "Energy", "Defence industry", "Not available" ] } ], "initiator_name": [ "Inception Framework/Cloud Atlas/Blue Odin/G0100", "Red October" ], "initiator_country": [ "Unknown", "Unknown" ], "initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 798, "settled": true, "attribution_year": 0, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Inception Framework/Cloud Atlas/Blue Odin/G0100", "Red October" ], "attributed_initiator_country": [ "Unknown", "Unknown" ], "attributed_initiator_category": [ "Unknown - not attributed", "Unknown - not attributed" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "Not available" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "Unknown" ], "offline_conflict_issue": [ "Unknown" ], "offline_conflict_issue_subcode": [ "Not available" ], "offline_conflict_intensity": [ "Unknown" ], "offline_conflict_intensity_subcode": [ "Not available" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "No" ], "zero_days_subcode": [ "Not available" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "Not available" ], "sources_attribution": [ "Not available" ] }, { "ID": 672, "name": "Uzbekistan attack on dissidents", "description": "Actors tied to the uzbek secret service used various zero-days to spy on different dissident groups in Uzbekistan, reportedly with the help of israeli based IT-company Candiru and its spyware.", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available", "updated_at": "2022-11-02", "inclusion_criteria": [ "Attack conducted by nation state (generic \u201cstate-attribution\u201d or direct attribution towards specific state-entities, e.g., intelligence agencies)" ], "inclusion_criteria_subcode": [ "Not available" ], "source_incident_detection_disclosure": [ "Incident disclosed by IT-security company" ], "incident_type": [ "Data theft", "Hijacking with Misuse" ], "receivers": [ { "receiver_id": "672_0", "receiver_name": null, "receiver_country": "Uzbekistan", "receiver_region": "SCO", "receiver_category": [ "Social groups", "Media" ], "receiver_category_subcode": [ "Advocacy / activists (e.g. human rights organizations)", "Not available" ] } ], "initiator_name": [ "Sand Cat", "Unit 02616\u00a0SSS" ], "initiator_country": [ "Uzbekistan", "Uzbekistan" ], "initiator_category": [ "State", "State" ], "initiator_category_subcode": [ "Not available", "Not available" ], "number_of_attributions": 1, "attributions": [ { "attribution_id": 799, "settled": true, "attribution_year": 2019, "attribution_month": null, "attribution_day": null, "attribution_basis": [ "IT-security community attributes attacker" ], "attribution_type": [ "Technical report (e.g., by IT-companies, Citizen Lab, EFF)" ], "attribution_type_subcode": [ "Not available" ], "attributing_country": [ "Not available" ], "attributing_actor": [ "Not available" ], "attribution_it_company": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "attributed_initiator_name": [ "Sand Cat", "Unit 02616\u00a0SSS" ], "attributed_initiator_country": [ "Uzbekistan", "Uzbekistan" ], "attributed_initiator_category": [ "State", "State" ], "attributed_initiator_category_subcode": [ "Not available", "Not available" ], "attribution_full_date": [ "2019" ] } ], "temporal_attribution_sequence": "Not available", "cyber_conflict_issue": [ "System / ideology", "National power" ], "offline_conflict_issue": [ "System/ideology", "National power" ], "offline_conflict_issue_subcode": [ "Not available", "Not available" ], "offline_conflict_intensity": [ "Yes / HIIK intensity" ], "offline_conflict_intensity_subcode": [ "HIIK 3" ], "number_of_political_responses": 0, "political_responses": [ "Not available" ], "zero_days": [ "Yes" ], "zero_days_subcode": [ "multiple" ], "MITRE_initial_access": [ "Not available" ], "MITRE_impact": [ "Not available" ], "user_interaction": [ "Not available" ], "has_disruption": false, "data_theft": [ "For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)" ], "disruption": [ "none" ], "hijacking": [ "Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)" ], "physical_effects_spatial": [ "none" ], "physical_effects_temporal": [ "none" ], "unweighted_cyber_intensity": 3, "target_multiplier": [ "Moderate - high political importance" ], "weighted_cyber_intensity": 3, "impact_indicator": "Not available", "impact_indicator_value": "Not available", "functional_impact": "Not available", "intelligence_impact": "Not available", "political_impact_affected_entities": "Not available", "political_impact_affected_entities_exact_value": "Not available", "political_impact_eu_countries": "Not available", "political_impact_eu_countries_exact_value": "Not available", "political_impact_third_countries": "Not available", "political_impact_third_countries_exact_value": "Not available", "economic_impact": "Not available", "economic_impact_exact_value": "Not available", "economic_impact_currency": "Not available", "state_responsibility_indicator": [ "Not available" ], "IL_breach_indicator": [ "Not available" ], "IL_breach_indicator_subcode": [ "Not available" ], "evidence_for_sanctions_indicator": [ "Not available" ], "number_of_legal_responses": 0, "legal_responses": [ "Not available" ], "legal_attribution_reference": [ "Not available" ], "legal_attribution_reference_subcode": [ "Not available" ], "legal_response_indicator": [ "Not available" ], "casualties": [ "Not available" ], "sources_url": [ "https://www.reuters.com/article/us-uzbekistan-cyber/uzbek-spies-attacked-dissidents-with-off-the-shelf-hacking-tools-idUSKBN1WI0YL", "https://www.kaspersky.com/about/press-releases/2019_kaspersky-lab-uncovers-windows-zero-day-exploited", "https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec", "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/", "https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39" ], "sources_attribution": [ "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/", "https://www.forbes.com/sites/thomasbrewster/2019/10/03/meet-candiru-the-super-stealth-cyber-mercenaries-hacking-apple-and-microsoft-pcs-for-profit/?sh=64766ae75a39" ] }, { "ID": 673, "name": "Russia vs. Lithuanian Government", "description": "Russia targets Lithuanian government computers", "added_to_DB": "2022-08-15", "start_date": "2015-01-01", "end_date": "Not available",